eapphost[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

eapphost.dll
Size

252KB
MD5

3e85443a7c0d4141bd7dcc0319c5b1d4
SHA1

188cdc7644ce207b21484a8994eb9ebdc4248d57
SHA256

5fab311128242efbc40204c83df53f6600cb3426458249750e343a84c506681e
SHA512

5707a74c41ab5d96ed86c90d0c68e003dc7a1ff82a42e8768ab7f00fdde458fa37162416b24d3e32799bd1836a7d8fb666f1956b0bc4fc4e24e676eb6924d3d6
SSDEEP

6144:JRpLYxcqt0YxJdr1h9NoAiOJlK0jvNT9xuRo4otg6bNZ:Jj0x1txn1TNoAiOJlJbwzoxH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eapphost.dll

Files

eapphost.dll
.dll regsvr32 windows:10 windows x86 arch:x86

4917847191f0f4ab3748f4642eecf616

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

eapphost.pdb

Imports

msvcrt

memcmp
_wsetlocale
__crtLCMapStringA
_wcsdup
realloc
abort
islower
isupper
memset
_ismbblead
___lc_codepage_func
___lc_handle_func
_errno
___mb_cur_max_func
_unlock
_XcptFilter
_lock
_amsg_exit
_initterm
setlocale
__uncaught_exception
?terminate@@YAXXZ
memmove
memcpy
__dllonexit
_onexit
??1type_info@@UAE@XZ
_CxxThrowException
_except_handler4_common
wcsrchr
__RTtypeid
?name@type_info@@QBEPBDXZ
strcspn
localeconv
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
sprintf_s
??0exception@@QAE@ABQBD@Z
_wcsicmp
??0exception@@QAE@ABQBDH@Z
?what@exception@@UBEPBDXZ
_wtol
_vsnwprintf
_vsnprintf
swprintf_s
memmove_s
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_vsnprintf_s
calloc
wcsncpy_s
__pctype_func
malloc
free
memcpy_s
wcscpy_s
_purecall
__CxxFrameHandler3

ntdll

EtwTraceMessage
DbgPrint
EtwEventEnabled
WinSqmSetDWORD
WinSqmAddToStream
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwEventSetInformation
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

DuplicateHandle
GetHandleInformation
CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-security-base-l1-1-0

RevertToSelf
ImpersonateLoggedOnUser

api-ms-win-security-credentials-l1-1-0

CredReadW
CredFree
CredProtectW
CredDeleteW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSection
DeleteCriticalSection
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
InitializeCriticalSectionEx
WaitForSingleObject
OpenSemaphoreW
CreateSemaphoreExW
CreateMutexExW

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
LoadResource
GetModuleFileNameA
GetModuleHandleW
GetModuleFileNameW
SizeofResource
GetModuleHandleExW
FreeLibrary
DisableThreadLibraryCalls
FindResourceExW
GetProcAddress

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegLoadMUIStringW
RegQueryValueExW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

rpcrt4

CStdStubBuffer_DebugServerQueryInterface
NdrDllGetClassObject
NdrCStdStubBuffer_Release
CStdStubBuffer_IsIIDSupported
NdrDllCanUnloadNow
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
NdrOleAllocate
CStdStubBuffer_Invoke
IUnknown_QueryInterface_Proxy
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
NdrDllRegisterProxy
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient9
ObjectStublessClient6
ObjectStublessClient11
ObjectStublessClient10
ObjectStublessClient5
ObjectStublessClient14
ObjectStublessClient12
ObjectStublessClient4
ObjectStublessClient13
ObjectStublessClient7
ObjectStublessClient15
ObjectStublessClient3
ObjectStublessClient8
ObjectStublessClient16

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSize
HeapFree
GetProcessHeap

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetTickCount
GetSystemDirectoryW
GetSystemInfo

ncrypt

NCryptSetProperty
NCryptFreeObject
NCryptOpenStorageProvider

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InitializeEapHost
OnSessionChange
StopServiceOnLowPower
UninitializeEapHost

Sections

.text
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4917847191f0f4ab3748f4642eecf616

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-credentials-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-heap-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-sysinfo-l1-1-0

ncrypt

api-ms-win-core-file-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

wkscli

netutils

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 219KB - Virtual size: 218KB

.data Size: 7KB - Virtual size: 10KB

.idata Size: 8KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 84B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 219KB - Virtual size: 218KB

.data
Size: 7KB - Virtual size: 10KB

.idata
Size: 8KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 84B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB