AppXDeploymentClient[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AppXDeploymentClient.dll
Size

735KB
MD5

983d5c60842e0a7ce78a84891fd60d2b
SHA1

9771711475ed53bb394a92969d32d67a1b5a7427
SHA256

4151eb0ab5fefcd891a19b64471d3167e66a5aa2b8b3dd2cd236c89f8f4f6f49
SHA512

8515b4cb284d3a60e868605999753e625d97677aea41191cf998e41b71572e3a75a3ba0ad4581eb8c04a2a9c5bc9b8b5cdcaacb875cbf6d53214769adbbea685
SSDEEP

12288:N+vdjwBDRwxDX3xZ8eO5j9GucrVwF7jve7KxmoYABHO8pXvU6sB+VMu4E:N+vdjTDX3P8eOT0xIn27KMoYgU6sB+u4

Score

1^/10

Malware Config

Signatures

Files

AppXDeploymentClient.dll
.dll windows:10 windows x86 arch:x86

e1b866cf77df98ca74a4a2ccc0473d44

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:d1:f4:81:70:de:1a:09:8d:61:07:c8:56:3e:b9:de:1d:0b:06:c8:36:60:18:5e:21:6e:51:a7:88:ae:41:c2
Signer

Actual PE Digest

7b:d1:f4:81:70:de:1a:09:8d:61:07:c8:56:3e:b9:de:1d:0b:06:c8:36:60:18:5e:21:6e:51:a7:88:ae:41:c2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AppXDeploymentClient.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-string-l1-1-0

memmove_s
memset

ntdll

RtlInitializeCriticalSection
NtQuerySystemInformation
RtlReportException
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
RtlFreeHeap
NtQueryInformationFile
NtQueryInformationProcess
RtlDeleteCriticalSection
NtSetInformationThread
RtlIsMultiUsersInSessionSku
RtlInitializeSRWLock
RtlLeaveCriticalSection
RtlEnterCriticalSection
NtUnmapViewOfSection
NtMapViewOfSection
RtlNtStatusToDosErrorNoTeb
NtClose
NtCreateSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlAllocateHeap
RtlReleaseSRWLockExclusive
RtlAllocateAndInitializeSid
RtlAcquireSRWLockExclusive
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlFreeSid
RtlAllocateWnfSerializationGroup
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlUnsubscribeWnfStateChangeNotification
RtlNtStatusToDosError
NtQueryInformationThread
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlInitializeGenericTableAvl
RtlDowncaseUnicodeString
RtlQueryPackageClaims
RtlCompareUnicodeString
RtlInitUnicodeString
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
NtSetInformationVirtualMemory

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
FreeLibrary
LoadStringW
GetModuleFileNameW
LoadLibraryExW
LoadLibraryExA

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
CreateEventW
OpenSemaphoreW
WaitForSingleObjectEx
LeaveCriticalSection
ResetEvent
CreateEventExW
ReleaseSRWLockShared
SetEvent
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
SleepEx
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns
CloseThreadpoolTimer
CreateThreadpoolWork
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
WaitForThreadpoolWorkCallbacks
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
SetThreadToken
GetProcessId
OpenProcessToken
GetCurrentThread
OpenThreadToken
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

rpcrt4

CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
UuidCreate
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
NdrOleAllocate
NdrStubCall2
CStdStubBuffer_DebugServerRelease
I_RpcExceptionFilter
IUnknown_Release_Proxy
RpcBindingBind
RpcBindingCreateW
RpcServerInqCallAttributesW
RpcBindingFree
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcAsyncInitializeHandle
CStdStubBuffer_Disconnect
RpcAsyncCancelCall
RpcAsyncCompleteCall
CStdStubBuffer_AddRef
NdrClientCall4
RpcStringFreeW
NdrAsyncClientCall2
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrOleFree
CStdStubBuffer_Invoke
UuidToStringW
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
RpcBindingUnbind
NdrStubForwardingFunction
NdrDllCanUnloadNow
NdrDllGetClassObject

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient10
ObjectStublessClient8
ObjectStublessClient6
NdrProxyForwardingFunction5
NdrProxyForwardingFunction4
ObjectStublessClient17
ObjectStublessClient21
ObjectStublessClient19
CStdStubBuffer2_QueryInterface
ObjectStublessClient24
ObjectStublessClient13
ObjectStublessClient25
ObjectStublessClient9
ObjectStublessClient16
ObjectStublessClient12
ObjectStublessClient14
ObjectStublessClient11
CStdStubBuffer2_CountRefs
ObjectStublessClient26
CStdStubBuffer2_Connect
ObjectStublessClient22
ObjectStublessClient3
ObjectStublessClient27
ObjectStublessClient18
ObjectStublessClient20
ObjectStublessClient15
ObjectStublessClient23
CStdStubBuffer2_Disconnect
ObjectStublessClient7
NdrProxyForwardingFunction3

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoSetErrorReportingFlags
RoTransformError
RoOriginateError

api-ms-win-core-com-l1-1-0

CoGetApartmentType
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoGetCallContext
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitializeEx
CoRevertToSelf
CoImpersonateClient
CoTaskMemAlloc
CoDecrementMTAUsage
CoGetCallerTID
CoIncrementMTAUsage
CoReleaseMarshalData
CoMarshalInterface
StringFromGUID2

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventUnregister
EventWriteTransfer
EventSetInformation
EventActivityIdControl
EventRegister

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
CompareStringEx

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetVersionExW
GetLocalTime
GetWindowsDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize
RoActivateInstance

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

GetFileSizeEx
CompareFileTime
GetDiskFreeSpaceExW
CreateDirectoryW
GetFileAttributesW
FindClose
GetDiskFreeSpaceW
DeleteFileW
GetDriveTypeW
CreateFileW
GetFullPathNameW
SetFileAttributesW
WriteFile
FindFirstFileW
GetVolumePathNameW
FindNextFileW
GetVolumeInformationW

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle

api-ms-win-security-lsalookup-l1-1-0

LsaLookupOpenLocalPolicy
LsaLookupGetDomainInfo
LsaLookupFreeMemory
LsaLookupClose

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-file-l1-2-0

GetTempPathW
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-path-l1-1-0

PathAllocCanonicalize
PathCchCombine
PathCchSkipRoot
PathCchRemoveBackslash

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx
NotifyServiceStatusChangeW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW
StartServiceW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualProtect
CreateFileMappingW
VirtualQuery
UnmapViewOfFile

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AppInstallerUpdateAllTask
AppxAddPackageToAllUserStoreForPbr
AppxCleanupOrphanPackages
AppxCleanupSystemAppsMigratedToFOD
AppxCleanupWCIReparsePoints
AppxCreateSharedLocalFolder
AppxCreateSharedLocalFolderForFamilyName
AppxDeletePackageFiles
AppxDestagePackage
AppxDoesSharedLocalFolderExistForFamilyName
AppxGetPackageInstalledLocation
AppxGetStagedPackageFullNameFromFamilyName
AppxIsStagedPackageStoreSigned
AppxPackageRepositoryRecoverStagedPackages
AppxPackageRepositoryRecoverUserInstalls
AppxPreRegisterAllInboxPackages
AppxPreRegisterPackage
AppxPreStageCleanupRunTask
AppxRecoverUserInstallsForUpgrade
AppxRegisterPackage
AppxRemoveAllPackagesForUserSid
AppxRemovePackageForAllUsers
AppxRemovePackageForUserSid
AppxRequestRemovePackageForUser
AppxStagePackage
AppxValidatePackages
AppxValidatePackagesWithOptions
CheckAppInstallerUpdateAvailability
CheckComCallerHasCapabilities
CheckForUpdatesAndWaitForInstallerIfNeeded
CleanupProfileForUser
ClientDeleteAllPackagesFromMainPackageArray
ClientGetAllPackagesToBeInstalledForUser
CreateCanonicalPriFile
DeleteApplicabilityInfoArray
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
EnsurePackageFamiliesAreRegisteredInContainer
EnsurePackageFamilyIsRegisteredBeforeActivation
FixJunctionsForAppsIfNecessary
GeneratePreInstalledPriFiles
GetApplicability
GetApplicability2
GetApplicability4
GetApplicability5
GetBundleApplicablePackages
GetMetadataRootForPackage
GetNotificationPayload
GetNotificationPayloadForUser
GetPackageApplicabilityForUserLogon
GetPackageRegistrationStatusForUser
GetPackageRegistrationStatusForUserAndDefaultAccount
HasPackageFamilyBeenRegisteredForUser
IsPackageInstalled
IsPackageMetadataUnderSystemMetadata
IsSharedAppsEnabled
NotifyPackageStatusChanged
PopulateProtocolAndFTA
PreRegisterPackagesInContainer
RDSRecoverRequests
ReArmAppxPreStageCleanupTask
RegisterNotification
RegisterNotificationForUser
RemovePackageFromContainer
RepairPackageFileAcls
RequestContentGroups
RequestContentGroupsForFullTrust
UnregisterNotification
UnregisterNotificationForUser
UpdateAgentCancelAllDownloads
UpdateAgentCreateDownload
UpdateAgentFreeDownloadRanges
UpdateAgentGetDownloadRanges
UpdateAgentGetDownloadingPackageCount
UpdateDataSourceAddRange
UpdateDataSourceCancelRun
UpdateDataSourceRegister
UpdateDataSourceRun
VerifyPackage

Sections

.text
Size: 648KB - Virtual size: 648KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1b866cf77df98ca74a4a2ccc0473d44

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

7b:d1:f4:81:70:de:1a:09:8d:61:07:c8:56:3e:b9:de:1d:0b:06:c8:36:60:18:5e:21:6e:51:a7:88:ae:41:c2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-security-lsalookup-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-path-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 648KB - Virtual size: 648KB

.data Size: 2KB - Virtual size: 4KB

.idata Size: 11KB - Virtual size: 11KB

.didat Size: 1024B - Virtual size: 844B

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 39KB - Virtual size: 38KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

7b:d1:f4:81:70:de:1a:09:8d:61:07:c8:56:3e:b9:de:1d:0b:06:c8:36:60:18:5e:21:6e:51:a7:88:ae:41:c2
Signer

.text
Size: 648KB - Virtual size: 648KB

.data
Size: 2KB - Virtual size: 4KB

.idata
Size: 11KB - Virtual size: 11KB

.didat
Size: 1024B - Virtual size: 844B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 39KB - Virtual size: 38KB