SettingMonitor[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SettingMonitor.dll
Size

152KB
MD5

16658bb0db79a7487a0e6121f73d3322
SHA1

3413111c8c9b80e60eaa6ca74ac683d3ff57200e
SHA256

e9f1eed79d663281dbf97fbbb6ff822b56c0703f0792bce3e06377d6d1a3fcbd
SHA512

370cbb05ec84cf9ba939ce80ed7fc5c0adb46c1d5abda84db7484cc1202faaa97cc13ea82d8676f36746967fd9b4c0a72f4e21fc1615d0176e7df77a015a3789
SSDEEP

3072:tgyR2syDYlJo0TZ6t48sSw6jz5c94yG/amUZ6rkjSUG:yyFXojt48sp9GUZ6rPUG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SettingMonitor.dll

Files

SettingMonitor.dll
.dll windows:10 windows x86 arch:x86

150593282896218c7d23db05b9b85695

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SettingMonitor.pdb

Imports

msvcrt

memcmp
_except_handler4_common
_CxxThrowException
memcpy
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
_amsg_exit
_XcptFilter
iswalnum
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_vsnprintf_s
_callnewh
??1type_info@@UAE@XZ
_vsnwprintf
free
memmove
_purecall
memcpy_s
__CxxFrameHandler3
memset

api-ms-win-shcore-sysinfo-l1-1-0

IsOS

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-shcore-registry-l1-1-1

SHDeleteValueW
SHSetValueW
SHGetValueW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleW
FreeLibraryAndExitThread
FreeLibrary
LoadLibraryExW

api-ms-win-core-synch-l1-2-0

InitializeCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
InitOnceExecuteOnce
AcquireSRWLockExclusive
SetEvent
CreateEventExW
DeleteCriticalSection
Sleep
EnterCriticalSection
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
LeaveCriticalSection
InitializeCriticalSectionEx
OpenEventW
ReleaseSRWLockExclusive
CreateEventW

api-ms-win-core-heap-l1-2-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-debug-l1-1-1

OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-2

OpenProcessToken
OpenThreadToken
GetCurrentProcessId
GetCurrentThreadId
TlsGetValue
TlsFree
GetCurrentProcess
TerminateProcess
CreateThread
TlsAlloc
GetCurrentThread
TlsSetValue

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryW
LoadLibraryA

api-ms-win-core-com-l1-1-1

CoTaskMemFree
CLSIDFromString
CoWaitForMultipleHandles
CoEnableCallCancellation
CoInitializeEx
CoGetMalloc
CoCancelCall
IIDFromString
CoCreateFreeThreadedMarshaler
RoGetAgileReference
CoRegisterClassObject
CoGetApartmentType
CoUninitialize
CoDisableCallCancellation
CoTaskMemAlloc
CoRevokeClassObject
PropVariantClear
CoTaskMemRealloc
CoCreateInstance

api-ms-win-core-winrt-error-l1-1-1

RoOriginateError

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWrite

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegGetValueW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegQueryInfoKeyW

api-ms-win-core-file-l1-2-1

CompareFileTime

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceMessage
GetTraceEnableLevel
GetTraceEnableFlags
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolWait
FreeLibraryWhenCallbackReturns
CallbackMayRunLong
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
TrySubmitThreadpoolCallback
SetThreadpoolWait
CreateThreadpoolWork

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

ntdll

NtQueryInformationToken
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlNtStatusToDosError
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
NtPowerInformation

user32

DispatchMessageW
SetWindowLongW
GetWindowLongW
DefWindowProcW
RegisterPowerSettingNotification
PeekMessageW
MsgWaitForMultipleObjectsEx
DestroyWindow
TranslateMessage
PostThreadMessageW
UnregisterPowerSettingNotification

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

150593282896218c7d23db05b9b85695

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-shcore-sysinfo-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-shcore-registry-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

ntdll

user32

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 131KB - Virtual size: 131KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 7KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 280B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 131KB - Virtual size: 131KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 7KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 280B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 9KB - Virtual size: 9KB