Geolocation[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

Geolocation.dll
Size

347KB
MD5

29f2ab95f69d1a87ef88baa883133001
SHA1

f282024c2f66a17e57a89cab28da368dcb98c6d9
SHA256

d40918bb3596f896f589dd3494507ea3926489a922bc62c086fca21a6b6548ed
SHA512

c9e8c9f6dec12c83f4e738c52a3c7f539d1f8669778b5056d85c270cc9e65f87f4c85c93fb4f438c727232b293bb2968b04b151ece7392b21a64d1715716a322
SSDEEP

6144:cQZcvuqEn8qmon2xqkvEW6ij4wxeG4Pt:nZcGZ8qmAQqkvEW6isueG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Geolocation.dll

Files

Geolocation.dll
.dll windows:10 windows x86 arch:x86

3981b0247ac5521afe7913cd863d94b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Geolocation.pdb

Imports

msvcp110_win

?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Xbad_function_call@std@@YAXXZ
??0id@locale@std@@QAE@I@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xlength_error@std@@YAXPBD@Z
_Nan
?_Winerror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ

msvcrt

wcsnlen
memmove_s
realloc
_isnan
memcpy
memcmp
_ftol2
_CxxThrowException
_CIfmod
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__CxxFrameHandler3
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_purecall
memcpy_s
memmove
_vsnwprintf
??_V@YAXPAX@Z
??3@YAXPAX@Z
memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
GetModuleHandleExW
LoadStringW
FreeLibrary
GetModuleFileNameA
GetProcAddress
LoadLibraryExW

api-ms-win-core-synch-l1-2-0

AcquireSRWLockShared
DeleteCriticalSection
CreateMutexExW
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
CreateEventExW
OpenSemaphoreW
Sleep
SetEvent
CreateSemaphoreExW
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeCriticalSection
InitOnceExecuteOnce
CreateEventW
ReleaseSRWLockShared
InitializeSRWLock
OpenEventW
WaitForSingleObject
ReleaseMutex

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError
RaiseException

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
HSTRING_UserMarshal
HSTRING_UserSize
WindowsCreateStringReference
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
HSTRING_UserFree
WindowsDuplicateString
HSTRING_UserUnmarshal
WindowsGetStringLen

api-ms-win-core-com-l1-1-1

CoReleaseMarshalData
CoTaskMemFree
CoUninitialize
CoDecrementMTAUsage
CoMarshalInterface
CoGetCallerTID
CoIncrementMTAUsage
CoQueryProxyBlanket
RoGetAgileReference
CoInitializeEx
CoSetProxyBlanket
CoCreateFreeThreadedMarshaler
CoCreateInstance
CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
CoWaitForMultipleHandles
CoGetApartmentType

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
EventWrite

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
TlsGetValue
OpenThreadToken
GetCurrentProcessId
OpenProcessToken
CreateThread
TlsAlloc
GetCurrentThread
OpenProcess
SetThreadToken
TlsSetValue
GetCurrentThreadId
TlsFree
TerminateProcess

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoOriginateErrorW
GetRestrictedErrorInfo
RoReportFailedDelegate
SetRestrictedErrorInfo
IsErrorPropagationEnabled
RoOriginateError
RoTransformError

api-ms-win-core-localization-l1-2-1

FormatMessageW
GetUserGeoID
GetGeoInfoW

api-ms-win-core-debug-l1-1-1

OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

oleaut32

SysStringLen
SysAllocStringLen
SysFreeString

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

ntdll

RtlQueryPackageIdentityEx
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlUnsubscribeWnfStateChangeNotification
RtlReportException
NtQuerySystemInformation

combase

CStdStubBuffer_DebugServerRelease
CStdStubBuffer_QueryInterface
ord9
ord16
CStdStubBuffer_CountRefs
ord7
ord5
ord33
CStdStubBuffer_AddRef
ord32
ord12
ord6
CStdStubBuffer2_Disconnect
ord15
ord2
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer2_CountRefs
ord10
ord13
ord11
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
CStdStubBuffer_IsIIDSupported
CStdStubBuffer2_Connect
CStdStubBuffer_Connect
ord17
ord14
CStdStubBuffer_Disconnect
CStdStubBuffer2_QueryInterface
ord8
ord34

biwinrt

BiRtDeleteEventForApp
BiRtCreateEventForApp

api-ms-win-core-psm-app-l1-1-0

PsmQueryCurrentAppState

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize

api-ms-win-security-base-l1-2-0

RevertToSelf
GetTokenInformation
ImpersonateSelf

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
FreeLibraryWhenCallbackReturns
CloseThreadpoolWait
CallbackMayRunLong
CloseThreadpoolTimer
CreateThreadpoolWait
WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback
CreateThreadpoolTimer
SetThreadpoolTimer
SetThreadpoolWait

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

userenv

UnloadUserProfile

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

rpcrt4

IUnknown_Release_Proxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrStubForwardingFunction
NdrStubCall2
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
NdrOleAllocate

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

api-ms-win-core-rtlsupport-l1-2-0

RtlCaptureContext

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3981b0247ac5521afe7913cd863d94b8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp110_win

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

ntdll

combase

biwinrt

api-ms-win-core-psm-app-l1-1-0

api-ms-win-security-capability-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-synch-l1-2-1

userenv

api-ms-win-core-string-l1-1-0

api-ms-win-core-quirks-l1-1-0

rpcrt4

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-rtlsupport-l1-2-0

Exports

Exports

Sections

.text Size: 307KB - Virtual size: 307KB

.data Size: 2KB - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 307KB - Virtual size: 307KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 25KB