AppxSip[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

AppxSip.dll
Size

242KB
MD5

0632e0c9ca5b3e84433934280b939cb7
SHA1

baa77168aba975ea751c095471a0945c66eecd38
SHA256

9474aaeda9320c71ee99fd7f4cc147157e9dbb41b3f6d12ce18f56d461b64148
SHA512

1f1a9f2484bf39154bd811ab46c32b915e780179325934a712b46f9479a003973a380376cbeeeaec438109a24bc32a7173afd103d24a7f404617cdbaf26efb09
SSDEEP

6144:ifBG4+XIXXY5w2bZyHqy+Mt5jp3zQDsjMRM5mA4:UGrCIjcmM/jOsb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AppxSip.dll

Files

AppxSip.dll
.dll regsvr32 windows:10 windows x86 arch:x86

f499137b42506a385999f87abfbc5e1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AppxSip.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__strnicmp
_o__wcsicmp
_o_free
_o_malloc
_o_qsort
_o_wcscpy_s
__CxxFrameHandler3
_except_handler4_common
_CxxThrowException
wcschr
wcsstr
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
wcsrchr
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockShared
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
DeleteCriticalSection
CreateMutexExW

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenThreadToken
GetCurrentThread
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-1-0

LoadResource
SizeofResource
LockResource
LoadLibraryExA
FreeLibrary
GetProcAddress
LoadLibraryExW
FindStringOrdinal
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA

ntdll

RtlNtStatusToDosError
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlReportException
NtQuerySystemInformation
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlSetLastWin32Error
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvl
RtlInitUnicodeString
RtlCompareUnicodeString
RtlNumberGenericTableElementsAvl
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlLookupElementGenericTableAvl

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

GetFullPathNameW
GetFileAttributesW
DeleteFileW
DeleteFileA
CreateFileW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
CompareStringOrdinal
CompareStringEx

api-ms-win-core-url-l1-1-0

PathIsURLW

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

opcservices

ord8
ord15
ord16
ord12

api-ms-win-core-kernel32-legacy-l1-1-0

DosDateTimeToFileTime
FileTimeToDosDateTime
CopyFileW
FindResourceW

api-ms-win-core-file-l2-1-0

MoveFileExW
ReplaceFileW

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-security-base-l1-1-0

RevertToSelf
ImpersonateLoggedOnUser

Exports

Exports

AppxBundleSipCreateIndirectData
AppxBundleSipGetSignedDataMsg
AppxBundleSipIsFileSupportedName
AppxBundleSipPutSignedDataMsg
AppxBundleSipRemoveSignedDataMsg
AppxBundleSipVerifyIndirectData
AppxSipCreateIndirectData
AppxSipGetSignedDataMsg
AppxSipIsFileSupportedName
AppxSipPutSignedDataMsg
AppxSipRemoveSignedDataMsg
AppxSipVerifyIndirectData
DllCanUnloadNow
DllRegisterServer
DllUnregisterServer
EappxBundleSipCreateIndirectData
EappxBundleSipGetSignedDataMsg
EappxBundleSipIsFileSupportedName
EappxBundleSipPutSignedDataMsg
EappxBundleSipRemoveSignedDataMsg
EappxBundleSipVerifyIndirectData
EappxSipCreateIndirectData
EappxSipGetSignedDataMsg
EappxSipIsFileSupportedName
EappxSipPutSignedDataMsg
EappxSipRemoveSignedDataMsg
EappxSipVerifyIndirectData
P7xSipCreateIndirectData
P7xSipGetSignedDataMsg
P7xSipIsFileSupportedName
P7xSipPutSignedDataMsg
P7xSipRemoveSignedDataMsg
P7xSipVerifyIndirectData

Sections

.text
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f499137b42506a385999f87abfbc5e1f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

ntdll

api-ms-win-core-heap-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-delayload-l1-1-0

opcservices

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-security-base-l1-1-0

Exports

Exports

Sections

.text Size: 217KB - Virtual size: 217KB

.data Size: 512B - Virtual size: 2KB

.idata Size: 6KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 220B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 217KB - Virtual size: 217KB

.data
Size: 512B - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 220B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 9KB - Virtual size: 8KB