AppxSip[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AppxSip.dll
Size

149KB
MD5

8b31dc83cbbd49a27c53c6f2fa358f72
SHA1

c832d534acf2b0ee7d23cd5b8669094ba33c2c49
SHA256

6f679f5fbadd5efdd95c2ba23ccc65b6687592217ffa3063197143f69df8691d
SHA512

06974d98388ca8dcac24b119b0e5ef5e9e826f82fc480712351e3ed095cf03e01133f9c3b95fd336d7f38d24b205a11e1c9560a1702c57a73f24c22f84d37736
SSDEEP

3072:CDDhn4yD7/2GoOt9ykjsXbNcWsp5FwfL1D4hCx7ISYyHM60nRVgnW:+h4yD7OGlixD4hc7IsoPV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AppxSip.dll

Files

AppxSip.dll
.dll regsvr32 windows:10 windows x86 arch:x86

9a779bd69546e3c367fefd86ec9d11da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AppxSip.pdb

Imports

ntdll

RtlAllocateHeap
memmove
RtlNtStatusToDosError
RtlFreeHeap
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvl
_vsnwprintf
qsort
RtlNumberGenericTableElementsAvl
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlLookupElementGenericTableAvl
wcsrchr
_strnicmp
RtlDeleteCriticalSection
memcpy_s
_chkstk
memcmp
memcpy
memset

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWrite
EventUnregister

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetLocalTime

api-ms-win-core-com-l1-1-0

CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-core-debug-l1-1-0

OutputDebugStringW

api-ms-win-core-localization-l1-2-0

FormatMessageW

crypt32

CryptSIPRemoveProvider
CryptSIPAddProvider
CryptFindOIDInfo
CertFreeCertificateContext
CryptMsgClose
CertCloseStore
CryptEncodeObject
CertNameToStrW
CertGetSubjectCertificateFromStore
CryptMsgGetParam
CryptQueryObject

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

DeleteFileW
CreateFileW
DeleteFileA
GetFileAttributesW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
CompareStringEx
CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-libraryloader-l1-1-0

FreeLibrary
GetProcAddress
LoadLibraryExW
LoadLibraryExA
GetModuleHandleW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

opcservices

ord15
ord16
ord12

api-ms-win-core-kernel32-legacy-l1-1-0

FileTimeToDosDateTime
DosDateTimeToFileTime
CopyFileW

api-ms-win-core-file-l2-1-0

ReplaceFileW
MoveFileExW

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

Exports

Exports

AppxBundleSipCreateIndirectData
AppxBundleSipGetSignedDataMsg
AppxBundleSipIsFileSupportedName
AppxBundleSipPutSignedDataMsg
AppxBundleSipRemoveSignedDataMsg
AppxBundleSipVerifyIndirectData
AppxSipCreateIndirectData
AppxSipGetSignedDataMsg
AppxSipIsFileSupportedName
AppxSipPutSignedDataMsg
AppxSipRemoveSignedDataMsg
AppxSipVerifyIndirectData
DllCanUnloadNow
DllRegisterServer
DllUnregisterServer
EappxBundleSipCreateIndirectData
EappxBundleSipGetSignedDataMsg
EappxBundleSipIsFileSupportedName
EappxBundleSipPutSignedDataMsg
EappxBundleSipRemoveSignedDataMsg
EappxBundleSipVerifyIndirectData
EappxSipCreateIndirectData
EappxSipGetSignedDataMsg
EappxSipIsFileSupportedName
EappxSipPutSignedDataMsg
EappxSipRemoveSignedDataMsg
EappxSipVerifyIndirectData
P7xSipCreateIndirectData
P7xSipGetSignedDataMsg
P7xSipIsFileSupportedName
P7xSipPutSignedDataMsg
P7xSipRemoveSignedDataMsg
P7xSipVerifyIndirectData

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a779bd69546e3c367fefd86ec9d11da

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

crypt32

api-ms-win-core-handle-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-delayload-l1-1-0

opcservices

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-heap-l1-1-0

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 136KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 80B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 136KB - Virtual size: 136KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 80B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB