PersonaX[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PersonaX.dll
Size

149KB
MD5

72aee147d7d676aa5518bb4f70a0fce0
SHA1

fe7add5b23ebb1c6dc5e5f6e2d0a36773a32d93b
SHA256

b91e69dbd4d7ee68e4609a6824a399ae7362cb19a3291dd8dc5f9e32d34de286
SHA512

ca055ddf3ea86fbf4799afb0a4e6d103eca1b56638a82571b89a72db1574aee3a64761f942fdf6b93605138bb703ad0ab1c459e94c1b6894e7895a24b1f5ceee
SSDEEP

3072:CM8WnozPqaZkcrPPDrgy5tF19Snpt+nmPcaKZToMFw5XRi7V8cEjyUPctEgN8nNE:CM8WnozqaRza28nNmZ+WfMEJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PersonaX.dll

Files

PersonaX.dll
.dll windows:6 windows x86 arch:x86

32f544b95f239e454814b3b2efd68514

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PersonaX.pdb

Imports

msvcrt

wcslen
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
??1type_info@@UAE@XZ
_onexit
___lc_codepage_func
_vsnwprintf
_unlock
_free_locale
_get_current_locale
_lock
realloc
strchr
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
rand
calloc
___mb_cur_max_func
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
malloc
_ismbblead
memset
free
abort
_wcsdup
wcsstr
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_purecall
??3@YAXPAX@Z
memcpy_s
__crtCompareStringW
memmove
__dllonexit
__crtLCMapStringW
_callnewh
??0exception@@QAE@ABQBDH@Z
_CxxThrowException
__CxxFrameHandler3
memcpy
setlocale
_errno
___lc_handle_func
___lc_collate_cp_func
__pctype_func

wincorlib

?GetActivationFactoryByPCWSTR@@YGJPAXAAVGuid@Platform@@PAPAX@Z
?GetIidsFn@@YGJHPAKPBU__s_GUID@@PAPAVGuid@Platform@@@Z
?UninitializeData@Details@Platform@@YGXH@Z
?InitializeData@Details@Platform@@YGJH@Z
?EventSourceAdd@Details@Platform@@YG?AVEventRegistrationToken@Foundation@Windows@@PAPAXPAUEventLock@12@P$AAVDelegate@2@@Z
?EventSourceGetTargetArray@Details@Platform@@YGPAXPAXPAUEventLock@12@@Z
?EventSourceGetTargetArraySize@Details@Platform@@YGIPAX@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YGPAXPAXIPBXPA_J@Z
?EventSourceRemove@Details@Platform@@YGXPAPAXPAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?EventSourceUninitialize@Details@Platform@@YGXPAPAX@Z
?EventSourceInitialize@Details@Platform@@YGXPAPAX@Z
??0DisconnectedException@Platform@@Q$AAA@XZ
?AllocateException@Heap@Details@Platform@@SAPAXII@Z
?__abi_make_type_id@@YGP$AAVType@Platform@@ABU__abi_type_descriptor@@@Z
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@P$AAV01@@Z
?__abi_WinRTraiseObjectDisposedException@@YGXXZ
?__abi_WinRTraiseInvalidCastException@@YGXXZ
?__abi_WinRTraiseNotImplementedException@@YGXXZ
??0Delegate@Platform@@Q$AAA@XZ
??0Object@Platform@@Q$AAA@XZ
?Allocate@Heap@Details@Platform@@SAPAXII@Z
?Free@Heap@Details@Platform@@SAXPAX@Z
?AlignedFree@Heap@Details@Platform@@SAXPAX@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AAEXXZ
?CreateException@Exception@Platform@@SAP$AAV12@HP$AAVString@2@@Z
?get@Message@Exception@Platform@@Q$AAAP$AAVString@3@XZ
?__abi_WinRTraiseDisconnectedException@@YGXXZ
?__abi_WinRTraiseFailureException@@YGXXZ
?__abi_WinRTraiseOperationCanceledException@@YGXXZ
?__abi_WinRTraiseAccessDeniedException@@YGXXZ
?__abi_WinRTraiseInvalidArgumentException@@YGXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YGXXZ
?__abi_WinRTraiseCOMException@@YGXJ@Z
?__abi_translateCurrentException@@YGJ_N@Z
?__abi_WinRTraiseNullReferenceException@@YGXXZ
?__abi_WinRTraiseChangedStateException@@YGXXZ
?__abi_WinRTraiseOutOfBoundsException@@YGXXZ
?__abi_WinRTraiseWrongThreadException@@YGXXZ
?__abi_WinRTraiseOutOfMemoryException@@YGXXZ
?GetActivationFactory@Details@Platform@@YGJPAVModuleBase@1WRL@Microsoft@@PAUHSTRING__@@PAPAUIActivationFactory@@@Z
?TerminateModule@Details@Platform@@YG_NPAVModuleBase@1WRL@Microsoft@@@Z

api-ms-win-core-synch-l1-2-0

InitOnceComplete
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitOnceBeginInitialize
ReleaseSRWLockExclusive
DeleteCriticalSection
ReleaseMutex
Sleep
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateMutexExW
OpenSemaphoreW
CreateSemaphoreExW

api-ms-win-core-heap-l1-2-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-1

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-error-l1-1-1

RoOriginateError

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCreateStringReference
WindowsDeleteString
WindowsCreateString

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f544b95f239e454814b3b2efd68514

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

wincorlib

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 101KB - Virtual size: 100KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 3KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 8B

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 101KB - Virtual size: 100KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 3KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 8KB - Virtual size: 8KB