authsspi[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

authsspi.dll
Size

52KB
MD5

6ba39387c5455ae9b3d049e88f068127
SHA1

d551da5ebb78d4f8d3519d1dfe14ef3b28049efb
SHA256

5cf2a4bd8bc4fac40ff2d92c3bc104217f24e0aa08e6c4306db2bb9763593047
SHA512

d7b478e534e216d891019038340e05e4282fab8eb731b49e7eb9bb1ea5fbfd41591b4c28a386bf01550ef834b8044184f54b767f6250653303ae376b2fcd9d5a
SSDEEP

768:NcYpW3Va7nO+aMSBStkS4Lk/GkSFqW/exLu46uUuHQ:NvTO+lAM/u8W/eWuw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
authsspi.dll

Files

authsspi.dll
.dll windows:10 windows x64 arch:x64

74c2560479be0fa900458f7e947c19f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

authsspi.pdb

Imports

msvcrt

memcpy
memset
strcmp
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
wcschr
_wcsnicmp
strncmp
_stricmp
strchr
_wcsicmp
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

sspicli

QuerySecurityPackageInfoW
QueryContextAttributesA
ImportSecurityContextW
FreeContextBuffer
QueryContextAttributesW
CompleteAuthToken
FreeCredentialsHandle
DeleteSecurityContext
AcceptSecurityContext
GetUserNameExW
AcquireCredentialsHandleW
SeciFreeCallContext
EnumerateSecurityPackagesW
SspiExcludePackage
SspiFreeAuthIdentity
QuerySecurityContextToken
SeciAllocateAndSetIPAddress

api-ms-win-core-debug-l1-1-1

DebugBreak
OutputDebugStringA

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
LoadLibraryExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
OpenProcessToken

api-ms-win-security-base-l1-2-0

IsWellKnownSid
GetTokenInformation
DuplicateTokenEx

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

iisutil

?WriteUnlock@CReaderWriterLock3@@QEAAXXZ
?ReadLock@CReaderWriterLock3@@QEAAXXZ
?ConvertSharedToExclusive@CReaderWriterLock3@@QEAAXXZ
?ReadUnlock@CReaderWriterLock3@@QEAAXXZ
??0ALLOC_CACHE_HANDLER@@QEAA@PEBDPEBUALLOC_CACHE_CONFIGURATION@@H@Z
?WriteLock@CReaderWriterLock3@@QEAAXXZ
??1ALLOC_CACHE_HANDLER@@QEAA@XZ
?FindString@MULTISZ@@QEAAHPEBG@Z
?CopyA@STRU@@QEAAJPEBD@Z
PuCreateDebugPrintsObject
PuLoadDebugFlagsFromRegStr
IISGetPlatformType
??1STRU@@QEAA@XZ
??1BUFFER@@QEAA@XZ
PuDeleteDebugPrintsObject
?FindString@MULTISZA@@QEAAHPEBD@Z
??0STRA@@QEAA@PEADK@Z
??0BUFFER@@QEAA@PEAEK@Z
??1STRA@@QEAA@XZ
?Copy@STRA@@QEAAJPEBDK@Z
?Copy@STRA@@QEAAJPEBD@Z
??0STRU@@QEAA@XZ
??0BUFFER@@QEAA@XZ
??0STRA@@QEAA@XZ
??1MULTISZ@@QEAA@XZ
??0MULTISZ@@QEAA@XZ
??1MULTISZA@@QEAA@XZ
??0MULTISZA@@QEAA@XZ
?Resize@BUFFER@@QEAA_NK@Z
uuencode
?Append@STRA@@QEAAJPEBD@Z
?Equals@STRA@@QEBA_NPEBD@Z
?CopyW@STRA@@QEAAJPEBG@Z
?EqualsNoCase@STRA@@QEBA_NPEBD@Z
PuDbgPrint
?Alloc@ALLOC_CACHE_HANDLER@@QEAAPEAXXZ
?Free@ALLOC_CACHE_HANDLER@@QEAAHPEAX@Z
uudecode
?Append@STRA@@QEAAJPEBDK@Z
?Copy@STRU@@QEAAJPEBG@Z
?CopyWTruncate@STRA@@QEAAJPEBG@Z
DisableTokenBackupPrivilege
AdjustTokenIntegrityLevel
??0STRU_PATH@@QEAA@G@Z
??1STRU_PATH@@QEAA@XZ
?RetrieveSystemDir@STRU_PATH@@QEAAJXZ
?Append@STRU@@QEAAJPEBG@Z
?Resize@STRU@@QEAAJK@Z
?SyncWithBuffer@STRU@@QEAAXXZ
?Append@STRU@@QEAAJAEBV1@@Z
??0STRU@@QEAA@PEAGK@Z
?AppendA@STRU@@QEAAJPEBD@Z
?EqualsNoCase@STRU@@QEBA_NPEBG@Z
?Append@MULTISZ@@QEAAHPEBG@Z
?AppendW@MULTISZA@@QEAAHPEBG@Z
?Copy@STRU@@QEAAJPEBGK@Z
?Append@MULTISZ@@QEAAHAEAVSTRU@@@Z

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

RegisterModule

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74c2560479be0fa900458f7e947c19f3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

sspicli

api-ms-win-core-debug-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-security-base-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

iisutil

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 96B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 260B

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 96B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 260B