ActivationManager[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

ActivationManager.dll
Size

326KB
MD5

468521d990c354a90a9de03245cc174e
SHA1

8747dced5d3d336e3baffc0426aaf590f25387b7
SHA256

2176f2a4d372f2ab7527a3e8b27877bd22389f0df03f55fd45a0728795eaf6eb
SHA512

4aa8aff08b46e1f0f37e25ca14bf311dcbe1e5b15d67faa58172e4abecfe8b767d43fb5722e206dd0db4312d1ca1de08a67cfba494008a9efc6035f491ecbc7b
SSDEEP

6144:PMS7qxaUAzphLpaNk2MFifcoDaexDoObktKXmgVQ8j3steo:P77qxaU7NggZxkVhgQ8or

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ActivationManager.dll

Files

ActivationManager.dll
.dll windows:10 windows x86 arch:x86

55e5480218e15bd408708190ae5991a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ActivationManager.pdb

Imports

msvcrt

__crtLCMapStringW
_wcsdup
_get_current_locale
realloc
abort
__uncaught_exception
memset
_ismbblead
_errno
___mb_cur_max_func
_free_locale
___lc_codepage_func
___lc_handle_func
__pctype_func
setlocale
??0exception@@QAE@ABQBDH@Z
memcpy
_CxxThrowException
wcsrchr
wcscspn
memmove_s
_callnewh
?what@exception@@UBEPBDXZ
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
memmove
??0exception@@QAE@XZ
memcmp
??0exception@@QAE@ABV0@@Z
_vsnprintf_s
free
??3@YAXPAX@Z
memcpy_s
_except_handler4_common
__CxxFrameHandler3
??1type_info@@UAE@XZ
_vsnwprintf
_onexit
malloc
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_purecall
calloc
??_V@YAXPAX@Z

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
FreeLibraryAndExitThread
GetModuleHandleExW
FreeLibrary
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

EnterCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
LeaveCriticalSection
CreateMutexExW
WaitForSingleObjectEx
OpenSemaphoreW
InitializeCriticalSectionEx
CreateEventW
ReleaseSemaphore
SetEvent
ResetEvent
InitializeCriticalSection
AcquireSRWLockExclusive
InitializeSRWLock
CreateSemaphoreExW
ReleaseMutex
Sleep
WaitForSingleObject
CreateEventExW
ReleaseSRWLockShared
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-2-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-1

GetLastError
UnhandledExceptionFilter
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-2

OpenProcessToken
GetCurrentProcessId
TlsSetValue
GetCurrentThreadId
TlsFree
TlsGetValue
GetCurrentProcess
CreateThread
TlsAlloc
TerminateProcess
GetCurrentThread
OpenThreadToken
GetThreadId
GetProcessId

api-ms-win-core-localization-l1-2-1

FormatMessageW
LCMapStringW

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-com-l1-1-1

CoSetProxyBlanket
CoImpersonateClient
CoRevertToSelf
CoTaskMemAlloc
RoGetAgileReference
CoMarshalInterThreadInterfaceInStream
CoGetCallContext
CoCreateInstance
CoReleaseMarshalData
CLSIDFromString
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoGetStdMarshalEx
CoWaitForMultipleHandles
CoInitializeEx
CoReleaseServerProcess
CoAddRefServerProcess
CoRevokeClassObject
CoGetApartmentType
CoUninitialize
CoTaskMemRealloc
CoRegisterClassObject
CoResumeClassObjects
CoCreateFreeThreadedMarshaler
CoTaskMemFree

api-ms-win-core-winrt-string-l1-1-0

WindowsSubstringWithSpecifiedLength
WindowsDuplicateString
WindowsDeleteString
WindowsCreateStringReference
WindowsIsStringEmpty
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventWrite
EventRegister
EventUnregister

api-ms-win-core-winrt-error-l1-1-1

SetRestrictedErrorInfo
RoOriginateError
RoGetMatchingRestrictedErrorInfo
RoTransformError
RoOriginateErrorW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoRevokeActivationFactories
RoRegisterActivationFactories
RoActivateInstance

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-heap-l2-1-0

LocalFree
LocalReAlloc
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegGetValueW
RegEnumKeyExW
RegCloseKey
RegOpenCurrentUser

api-ms-win-shcore-thread-l1-1-0

SHCreateThread
SHCreateThreadRef
SHGetThreadRef
SHSetThreadRef

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-errorhandling-l1-1-3

RaiseFailFastException

ntdll

NtOpenProcessTokenEx
RtlNtStatusToDosError
RtlGetDeviceFamilyInfoEnum
NtQueryInformationProcess
RtlIsMultiSessionSku

oleaut32

SysFreeString
SysAllocString

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_QueryService

api-ms-win-core-threadpool-l1-2-0

CallbackMayRunLong
TrySubmitThreadpoolCallback
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
FreeLibraryWhenCallbackReturns

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-appmodel-identity-l1-2-0

AppXGetOSMaxVersionTested

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId
GetPackageFamilyName
PackageFamilyNameFromFullName
GetStagedPackageOrigin
FindPackagesByPackageFamily
GetPackageFullName

api-ms-win-core-winrt-propertysetprivate-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-security-base-l1-2-0

DuplicateTokenEx
GetTokenInformation
CheckTokenMembershipEx
CreateWellKnownSid

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-appmodel-runtime-internal-l1-1-3

GetPackageStatusForUser

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryW

rpcrt4

I_RpcBindingInqLocalClientPID
RpcServerInqCallAttributesW
RpcRevertToSelf
RpcImpersonateClient

api-ms-win-appmodel-runtime-l1-1-2

GetPackageFullNameFromToken

api-ms-win-core-shlwapi-obsolete-l1-2-0

StrCmpLogicalW
StrCmpIW

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

combase

ord140
ord65
ord79

coremessaging

MsgRelease
MsgStringCreateShared
MsgBlobCreateShared
CoreUICreate

coreuicomponents

CoreUIFactoryCreate
CoreUICreateICoreWindowFactory

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-shcore-stream-l1-1-0

IStream_Write

api-ms-win-appmodel-state-l1-2-0

GetSystemAppDataKey
OpenStateExplicit
CloseState

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55e5480218e15bd408708190ae5991a2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-errorhandling-l1-1-3

ntdll

oleaut32

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-quirks-l1-1-0

api-ms-win-appmodel-identity-l1-2-0

api-ms-win-appmodel-runtime-l1-1-1

api-ms-win-core-winrt-propertysetprivate-l1-1-1

api-ms-win-security-base-l1-2-0

api-ms-win-security-capability-l1-1-0

api-ms-win-appmodel-runtime-internal-l1-1-3

api-ms-win-core-libraryloader-l1-2-2

rpcrt4

api-ms-win-appmodel-runtime-l1-1-2

api-ms-win-core-shlwapi-obsolete-l1-2-0

api-ms-win-core-string-l1-1-0

combase

coremessaging

coreuicomponents

api-ms-win-core-apiquery-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-appmodel-state-l1-2-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 293KB - Virtual size: 293KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 104B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 293KB - Virtual size: 293KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 104B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 18KB