hbaapi[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

hbaapi.dll
Size

66KB
MD5

d96dda0022cc1760c4947150a025f4a5
SHA1

d2116ab9101c4352f7662ce517f3001f1b60b8ef
SHA256

1640b3e5a73d09ac3f1fe4ea1b548475b895c6213d6ba41869f649157e0158df
SHA512

a756d2e58c177feacc177cb1d3141a6e9f6e8aa6e788c372c88322652dff5431ec982515aac4e50942fdd98f4164a02fba973cef90945bd08de1016cea11a05f
SSDEEP

1536:jAgjA/dER1w+OO1S8WvZRpVFz0hPx+6POJVjJVjDQ/oke:jAgjOG1WOdWv/EPx+vTVfIo9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
hbaapi.dll

Files

hbaapi.dll
.dll windows:10 windows x86 arch:x86

4f857022c910f93fcc049d42aaed2c29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

hbaapi.pdb

Imports

msvcrt

memcpy
_wcsicmp
_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnwprintf
_wcsnicmp
_vsnprintf
memset

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
CreateMutexW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA
lstrcmpiW

wmiclnt

WmiFileHandleToInstanceNameW
WmiCloseBlock
WmiQuerySingleInstanceW
WmiExecuteMethodW
WmiQueryAllDataW
WmiOpenBlock
WmiNotificationRegistrationW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

HBA_CloseAdapter
HBA_FreeLibrary
HBA_GetAdapterAttributes
HBA_GetAdapterName
HBA_GetAdapterPortAttributes
HBA_GetBindingCapability
HBA_GetBindingSupport
HBA_GetDiscoveredPortAttributes
HBA_GetEventBuffer
HBA_GetFC4Statistics
HBA_GetFCPStatistics
HBA_GetFcpPersistentBinding
HBA_GetFcpTargetMapping
HBA_GetFcpTargetMappingV2
HBA_GetNumberOfAdapters
HBA_GetPersistentBindingV2
HBA_GetPortAttributesByWWN
HBA_GetPortStatistics
HBA_GetRNIDMgmtInfo
HBA_GetVendorLibraryAttributes
HBA_GetVersion
HBA_GetWrapperLibraryAttributes
HBA_LoadLibrary
HBA_OpenAdapter
HBA_OpenAdapterByWWN
HBA_RefreshAdapterConfiguration
HBA_RefreshInformation
HBA_RegisterForAdapterAddEvents
HBA_RegisterForAdapterEvents
HBA_RegisterForAdapterPortEvents
HBA_RegisterForAdapterPortStatEvents
HBA_RegisterForLinkEvents
HBA_RegisterForTargetEvents
HBA_RegisterLibrary
HBA_RegisterLibraryV2
HBA_RemoveAllPersistentBindings
HBA_RemoveCallback
HBA_RemovePersistentBinding
HBA_ResetStatistics
HBA_ScsiInquiryV2
HBA_ScsiReadCapacityV2
HBA_ScsiReportLUNsV2
HBA_SendCTPassThru
HBA_SendCTPassThruV2
HBA_SendLIRR
HBA_SendRLS
HBA_SendRNID
HBA_SendRNIDV2
HBA_SendRPL
HBA_SendRPS
HBA_SendReadCapacity
HBA_SendReportLUNs
HBA_SendSRL
HBA_SendScsiInquiry
HBA_SetBindingSupport
HBA_SetPersistentBindingV2
HBA_SetRNIDMgmtInfo
HbaGetAdapterNameByDeviceInstanceId
SMHBA_GetAdapterAttributes
SMHBA_GetAdapterPortAttributes
SMHBA_GetBindingCapability
SMHBA_GetBindingSupport
SMHBA_GetDiscoveredPortAttributes
SMHBA_GetFCPhyAttributes
SMHBA_GetLUNStatistics
SMHBA_GetNumberOfPorts
SMHBA_GetPersistentBinding
SMHBA_GetPhyStatistics
SMHBA_GetPortAttributesByWWN
SMHBA_GetPortType
SMHBA_GetProtocolStatistics
SMHBA_GetSASPhyAttributes
SMHBA_GetTargetMapping
SMHBA_GetVendorLibraryAttributes
SMHBA_GetVersion
SMHBA_GetWrapperLibraryAttributes
SMHBA_RegisterForAdapterAddEvents
SMHBA_RegisterForAdapterEvents
SMHBA_RegisterForAdapterPhyStatEvents
SMHBA_RegisterForAdapterPortEvents
SMHBA_RegisterForAdapterPortStatEvents
SMHBA_RegisterForTargetEvents
SMHBA_RegisterLibrary
SMHBA_RemoveAllPersistentBindings
SMHBA_RemovePersistentBinding
SMHBA_ScsiInquiry
SMHBA_ScsiReadCapacity
SMHBA_ScsiReportLuns
SMHBA_SendECHO
SMHBA_SendSMPPassThru
SMHBA_SendTEST
SMHBA_SetBindingSupport
SMHBA_SetPersistentBinding

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f857022c910f93fcc049d42aaed2c29

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

wmiclnt

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 57KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 24B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 57KB - Virtual size: 57KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB