ActionCenter[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

ActionCenter.dll
Size

259KB
MD5

21aeefdb9510320ca6dfc0049184898b
SHA1

02d10ec665465e8ff6df4b60c8a3541934b1ae29
SHA256

a426056d1ca214917d51922e117830ddc999a3587e174438c3807bb2c4056280
SHA512

ef2176c2c828423458e7ec9e5c36317ce9e84686e95e6bc4975ead984ff938f80a6625724b061280dd83e633a4c09798913105b0394988c0e9cc338c6a09972b
SSDEEP

3072:kVgEmHk8U+YvkspNKbX0UkJzaeegTBp6XTTYXfQqsslaWwQVLQAQgh02dv5MWaIE:kaw7NKwBRF9TBpUv3fEn6dgb1ak

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ActionCenter.dll

Files

ActionCenter.dll
.dll windows:10 windows x86 arch:x86

7ee42119139468be6847fd949662d30a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ActionCenter.pdb

Imports

msvcrt

_except_handler4_common
__CxxFrameHandler3
_onexit
free
_unlock
_lock
_initterm
_amsg_exit
memcpy
memcmp
strchr
isdigit
_XcptFilter
_callnewh
_purecall
memcpy_s
malloc
_vsnwprintf
__dllonexit
memset

shell32

ord100
ShellExecuteExW
SHQueryUserNotificationState

shlwapi

ord635
ord158
HashData
StrCmpW
StrCmpIW
SHRegGetValueW
ord278
ord219
StrChrW
StrStrW
ord631
PathParseIconLocationW

rpcrt4

CStdStubBuffer_Connect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerQueryInterface

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
OpenThreadToken
GetCurrentThread
OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetModuleHandleA
DisableThreadLibraryCalls
GetModuleFileNameA
LoadStringW
LoadLibraryExW
FreeLibrary
GetProcAddress

api-ms-win-core-errorhandling-l1-1-1

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryW
LoadLibraryA

api-ms-win-core-debug-l1-1-1

OutputDebugStringW
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

OpenSemaphoreW
WaitForSingleObjectEx
InitOnceComplete
WaitForSingleObject
ReleaseSRWLockShared
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockExclusive
CreateMutexExW
InitializeCriticalSection
InitOnceBeginInitialize
CreateSemaphoreExW
Sleep
AcquireSRWLockExclusive
ReleaseSemaphore
ReleaseMutex
AcquireSRWLockShared
DeleteCriticalSection

api-ms-win-core-heap-l1-2-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventRegister
EventWrite
EventUnregister
EventSetInformation

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

api-ms-win-core-com-l1-1-1

CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemRealloc
StringFromGUID2
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoCreateInstance
CoGetMalloc

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-security-base-l1-2-0

GetTokenInformation

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient10
ObjectStublessClient4
ObjectStublessClient6
ObjectStublessClient5
ObjectStublessClient14
ObjectStublessClient13
ObjectStublessClient7
ObjectStublessClient3
ObjectStublessClient11
ObjectStublessClient9
ObjectStublessClient12
ObjectStublessClient8

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

crypt32

CryptUnprotectData
CryptProtectData

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-marshal-l1-1-0

HWND_UserMarshal
HWND_UserUnmarshal
HWND_UserFree
HWND_UserSize

comctl32

ord336
ord328
ord334
ord386
ord329
ord332
ord335

ntdll

WinSqmAddToStream
WinSqmAddToStreamEx

user32

DefWindowProcW
GetWindowLongW
SetTimer
PostMessageW
SendMessageW
KillTimer

wevtapi

EvtSeek
EvtNext
EvtCreateRenderContext
EvtRender
EvtCreateBookmark
EvtUpdateBookmark
EvtSubscribe
EvtClose
EvtQuery

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ee42119139468be6847fd949662d30a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

shell32

shlwapi

rpcrt4

api-ms-win-core-localization-l1-2-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-security-base-l1-2-0

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-heap-l2-1-0

crypt32

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-marshal-l1-1-0

comctl32

ntdll

user32

wevtapi

Exports

Exports

Sections

.text Size: 208KB - Virtual size: 207KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 29KB - Virtual size: 29KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 208KB - Virtual size: 207KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 12KB - Virtual size: 12KB