apircl[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

apircl.dll
Size

216KB
MD5

d53467bc936a14bcac37607228e695e8
SHA1

2bf5a2a13d369234f0821a16b3a53edea196aa89
SHA256

b485913971b314ee446473d7d4d63ca1d0d1a2d6aadcfeb8b592d678383b25f1
SHA512

124779de792c7f6f591a551943a64e474841e5fbccabc3d5f683bbb6db0972503fa3d1e7d5a5208a0c3583405888a52c499eba10a12ae5b76e9f3e5a960863f0
SSDEEP

6144:gdWWw4epgGYzP6D1sq+vmaZ21rjTyVx4KrWQaJp:g9ydD1sqE8LQrWQC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
apircl.dll

Files

apircl.dll
.dll regsvr32 windows:6 windows x86 arch:x86

e9bce653a38e88e3e5feb109e96591d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

apircl.pdb

Imports

msvcrt

isdigit
isspace
memcpy
_onexit
_lock
__dllonexit
_unlock
realloc
??1type_info@@UAE@XZ
_amsg_exit
_initterm
memmove
_XcptFilter
_callnewh
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
bsearch
qsort
_CIlog
_CIsqrt
??0exception@@QAE@ABQBD@Z
wcsstr
_CIlog10
_vsnwprintf
_errno
__CxxFrameHandler
malloc
free
memset
_purecall
_CxxThrowException

kernel32

GetWindowsDirectoryA
GetFileAttributesA
HeapValidate
UnmapViewOfFile
WriteFile
DeleteFileA
SetEvent
ResetEvent
GetTempPathA
CreateEventW
ExpandEnvironmentStringsW
CreateFileA
GetFileSize
CreateFileMappingW
CloseHandle
MapViewOfFile
GetTempFileNameA
ReadFile
SetFilePointer
WaitForSingleObject
GlobalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
OutputDebugStringA
Sleep
WideCharToMultiByte
InterlockedExchange
GetVersionExA
GetProcessHeap
HeapFree
HeapAlloc
LoadLibraryExA
InterlockedCompareExchange
DelayLoadFailureHook
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
RaiseException
GetLastError
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetLocaleInfoA
GetUserDefaultLCID
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
DisableThreadLibraryCalls
lstrcmpiW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GlobalLock
GlobalFree
GlobalUnlock
GlobalReAlloc
LCMapStringW
lstrlenA
GetACP
GetVersionExW
CompareStringA

user32

UnregisterClassA
GetSystemMetrics
LoadStringW
CharNextW

advapi32

RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ITUseDefaultObjectLookupOrder

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9bce653a38e88e3e5feb109e96591d1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 175KB - Virtual size: 175KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 175KB - Virtual size: 175KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 10KB - Virtual size: 10KB