fveapibase[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

fveapibase.dll
Size

346KB
MD5

cdb23de8e59cd1855335c14e51cd6779
SHA1

9d542b777434bc6e549213930e0b57362b3bbabb
SHA256

8bc60d320cdf53e86ab3b57ef4cd2fdd084e4072ea32614c49f2414d55e2db90
SHA512

5fc4c5b6e0cc88b553d6b124244e48f5761a35b79cd6b1210ff9687912dca2835157bb67bfe3e2d6822e611c9616276f49a48fd10a5a7756e9084c8dd18262bc
SSDEEP

6144:dRWG+PzU8f/VZUJVUrC9GJ+u1FvBPnblMPrwX/OSTFId1Ke:XdcZUcWTKPnbSDwjWm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fveapibase.dll

Files

fveapibase.dll
.dll windows:10 windows x86 arch:x86

4748b39fa738d7b9b57a67f4e028791e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

fveapibase.pdb

Imports

msvcrt

wcschr
memcpy
memcmp
_vsnwprintf
_wcsicmp
_purecall
memcpy_s
toupper
__CxxFrameHandler3
??1type_info@@UAE@XZ
memmove_s
iswdigit
wcstoul
_strnicmp
memmove
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_initterm
_stricmp
free
_amsg_exit
_XcptFilter
_callnewh
malloc
memset

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister
EventProviderEnabled

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
SetThreadToken
OpenThreadToken
GetCurrentThread
GetCurrentThreadId
OpenProcessToken
TlsFree
TlsGetValue
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
TlsSetValue

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemTime
GetTickCount64
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

bcd

BcdOpenObject
BcdOpenSystemStore
BcdCloseStore
BcdCloseObject
BcdQueryObject
BcdGetElementData
SyspartGetSystemPartition

bcrypt

BCryptCreateHash
BCryptHashData
BCryptDecrypt
BCryptDestroyHash
BCryptFinishHash
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptGetProperty
BCryptDestroyKey
BCryptEncrypt
BCryptGetFipsAlgorithmMode
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider

tbs

Tbsi_GetDeviceInfo
Tbsi_Get_TCG_Log
Tbsi_Context_Create
Tbsip_Context_Close
Tbsip_Submit_Command_NonBlocking

fveapi

FveGetSecureBootBindingState

ntdll

NtPowerInformation
RtlCheckPortableOperatingSystem
NtQuerySystemEnvironmentValueEx
RtlInitUnicodeString
RtlCompareMemory
RtlSubscribeWnfStateChangeNotification
RtlPublishWnfStateData
NtQueryWnfStateData
RtlFreeUnicodeString
RtlStringFromGUID
NtClose
NtQueryValueKey
NtOpenKey
EtwEventWrite
EtwEventUnregister
EtwEventRegister
NtQueryVolumeInformationFile
NtQuerySystemInformation
RtlSetThreadErrorMode
RtlNtStatusToDosError
RtlUnsubscribeWnfStateChangeNotification

rpcrt4

UuidCreate

api-ms-win-core-registry-l1-1-0

RegLoadKeyW
RegUnLoadKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegGetValueW
RegEnumValueW
RegGetValueA
RegCloseKey

api-ms-win-security-base-l1-1-0

RevertToSelf
AdjustTokenPrivileges
DuplicateTokenEx

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

GetLogicalDrives
GetVolumeInformationW
SetFileAttributesW
FindNextVolumeW
CreateFileW
WriteFile
GetFileSizeEx
GetDriveTypeW
GetFileAttributesW
FindFirstFileW
GetDiskFreeSpaceW
FindFirstVolumeW
SetFilePointerEx
FlushFileBuffers
ReadFile
FindClose
DeleteFileW
FindVolumeClose

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockShared
OpenSemaphoreW
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockShared
SetEvent
CreateEventW
ReleaseSemaphore
ReleaseMutex
CreateSemaphoreExW
CreateMutexExW
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
StartTraceW
EnableTraceEx2

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-heap-l1-1-0

HeapSize
HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

ncrypt

NCryptUnprotectSecret
NCryptCloseProtectionDescriptor
NCryptProtectSecret
NCryptCreateProtectionDescriptor
NCryptGetProtectionDescriptorInfo

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

crypt32

CertVerifyCertificateChainPolicy
CertGetEnhancedKeyUsage
CryptDecodeObjectEx

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-com-l1-1-0

CLSIDFromString

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

Exports

Exports

FveAuthElementFromPassPhraseW
FveAuthElementFromPinW
FveAuthElementFromRecoveryPasswordW
FveAuthElementGetKeyFileNameW
FveAuthElementReadExternalKeyW
FveAuthElementToRecoveryPasswordW
FveAuthElementWriteExternalKeyW
FveCanPinExceptionPolicyBeApplied
FveClearUserFlags
FveCloseHandle
FveCloseVolume
FveCommitChanges
FveCommitChangesEx
FveConversionDecrypt
FveConversionDecryptEx
FveConversionPause
FveConversionResume
FveConversionStop
FveConversionStopEx
FveDiscardChanges
FveEnableRawAccess
FveEraseDrive
FveFindFirstVolume
FveFindNextVolume
FveGetAllowKeyExport
FveGetAuthMethodGuids
FveGetAuthMethodInformation
FveGetDataSet
FveGetFipsAllowDisabled
FveGetFveMethod
FveGetFveMethodEDrv
FveGetFveMethodEx
FveGetIdentity
FveGetKeyPackage
FveGetStatus
FveGetStatusW
FveGetUserFlags
FveGetVolumeNameW
FveIsHardwareReadyForConversion
FveIsRecoveryPasswordGroupValidW
FveIsRecoveryPasswordValidW
FveIsVolumeEncryptable
FveLockVolume
FveNotifyVolumeAfterFormat
FveOpenVolumeByHandle
FveOpenVolumeExW
FveOpenVolumeW
FveQuery
FveRevertVolume
FveSelectBestRecoveryPasswordByBackupInformation
FveSetAllowKeyExport
FveSetFipsAllowDisabled
FveSetFveMethod
FveSetRecoveryPasswordBackupInformation
FveSetUserFlags
FveUpgradeVolume
InternalFveIsVolumeEncrypted

Sections

.text
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4748b39fa738d7b9b57a67f4e028791e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

bcd

bcrypt

tbs

fveapi

ntdll

rpcrt4

api-ms-win-core-registry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-threadpool-l1-2-0

ncrypt

api-ms-win-core-file-l1-2-0

api-ms-win-core-memory-l1-1-0

crypt32

api-ms-win-core-heap-l2-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-processthreads-l1-1-1

Exports

Exports

Sections

.text Size: 319KB - Virtual size: 318KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 60B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 319KB - Virtual size: 318KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 60B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB