AppointmentActivation[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

AppointmentActivation.dll
Size

116KB
MD5

e580202076ff943eedf20f4d2f3dd450
SHA1

5eceb73d0594be427b02c38e0e0f7bb3555bba36
SHA256

0f8df5a12beb1729f14f6b1dcc2b8a2656e7290eb8fdcb940d38f9aa849aac05
SHA512

12da2f815ed6ad6a4664b04abd5dae8227aea0578036d869fd6c39cac8ec2c0814c3369b67ff64292841876a9e8ad2b856712e3c595ee510fb85b83b9812d100
SSDEEP

3072:KvctryFoh7wBy5n96nUII1fG765zwP5s:nH7/XA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AppointmentActivation.dll

Files

AppointmentActivation.dll
.dll windows:10 windows x86 arch:x86

4ff280a069307dab6ef4d91a872e96c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AppointmentActivation.pdb

Imports

msvcrt

free
malloc
wcscspn
memcpy_s
wcsrchr
_callnewh
_XcptFilter
wcstoul
_wcstoui64
wcsstr
_amsg_exit
_wcstoi64
_unlock
__dllonexit
_onexit
__CxxFrameHandler3
_except_handler4_common
wcsncmp
_purecall
_vsnwprintf
_vsnwprintf_s
_errno
memmove
_lock
_initterm
memcmp
memcpy
memset

rpcrt4

CStdStubBuffer_Invoke
NdrStubForwardingFunction
NdrStubCall2
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrCStdStubBuffer2_Release
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
NdrOleAllocate
CStdStubBuffer_DebugServerRelease

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
HSTRING_UserSize
HSTRING_UserFree
HSTRING_UserMarshal
WindowsCreateStringReference
WindowsIsStringEmpty
HSTRING_UserUnmarshal
WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsSubstringWithSpecifiedLength

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventRegister
EventUnregister

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-error-l1-1-1

RoOriginateError
RoOriginateErrorW

api-ms-win-core-synch-l1-2-0

CreateEventExW
AcquireSRWLockShared
LeaveCriticalSection
InitializeSRWLock
SetEvent
EnterCriticalSection
DeleteCriticalSection
ReleaseSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
Sleep
CreateSemaphoreExW
ReleaseSemaphore
CreateMutexExW
TryAcquireSRWLockExclusive
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls
FreeLibrary
GetProcAddress
LoadLibraryExW

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-security-base-l1-2-0

GetTokenInformation

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-com-l1-1-1

CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoWaitForMultipleObjects
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoReleaseMarshalData
RoGetAgileReference

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef

api-ms-win-core-url-l1-1-0

UrlUnescapeW
UrlEscapeW

api-ms-win-core-heap-l1-2-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-com-midlproxystub-l1-1-0

NdrProxyForwardingFunction4
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction5
ObjectStublessClient7
CStdStubBuffer2_Disconnect
ObjectStublessClient10
CStdStubBuffer2_CountRefs
ObjectStublessClient9
NdrProxyForwardingFunction3
ObjectStublessClient8
ObjectStublessClient6
CStdStubBuffer2_Connect

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

AwaitAppointmentActivation
DeserializeActivationArgs
DeserializeAppointment
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetAddAppointmentArgument
GetCalendarChooserArgument
GetLegacyAppointmentDetailsArgumentString
GetProxyDllInfo
GetRemoveAppointmentArgument
GetReplaceAppointmentArgument
GetWindowIdOfHost
ReleaseActivationArgs
SerializeAppointmentIdsResult
SerializeCalendarIdResult
ShowAddAppointment
ShowAddAppointmentAsync
ShowAppointmentDetails
ShowCalendarChooser
ShowCalendarChooserAsync
ShowRemoveAppointment
ShowRemoveAppointmentAsync
ShowReplaceAppointment
ShowReplaceAppointmentAsync
ShowTimeFrame

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ff280a069307dab6ef4d91a872e96c0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-security-base-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 100KB - Virtual size: 99KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB