LocationApi[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

LocationApi.dll
Size

311KB
MD5

10c8325cdd43d9f623421ce71169a834
SHA1

0ea03f23b3a00b2dbc0c77c4fb1d269a339804a4
SHA256

0f54c77522f684d4ff79bdedf56dbad33237eba9dee06e46b23cd9f3ad6fa34c
SHA512

4a132ee15222e35ac873739fd2855105bf6f04524bb237531de1bb4abede1ee4da96372a3b3c9a1c0a1b35fdda8627b28968bb18a0d9142d19b99a08d0288e82
SSDEEP

6144:XNC7w80eKo0K2SNLDlEg0HM4RAO+fqdX0H:S0zKhVE/M4RkAX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
LocationApi.dll

Files

LocationApi.dll
.dll regsvr32 windows:10 windows x86 arch:x86

c35c7d0c4306f868b3712cd7c6264043

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

LocationApi.pdb

Imports

msvcp110_win

?_Xbad_alloc@std@@YAXXZ

msvcrt

__CxxFrameHandler3
memmove
_wcsicmp
_wmakepath_s
_wsplitpath_s
memcmp
_ftol2
_CxxThrowException
_CIsqrt
??3@YAXPAX@Z
_resetstkoflw
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
realloc
_errno
_initterm
_amsg_exit
_XcptFilter
_callnewh
memset
wcsncpy_s
malloc
free
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_purecall
wcscat_s
wcscpy_s
memcpy_s
calloc
_vsnwprintf
??_V@YAXPAX@Z
memcpy

oleaut32

RegisterTypeLi
SysFreeString
LoadTypeLi
UnRegisterTypeLi
BSTR_UserUnmarshal
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
SysStringLen
VariantInit
LPSAFEARRAY_UserMarshal
BSTR_UserMarshal
LoadRegTypeLi
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserSize

rpcrt4

CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
NdrStubForwardingFunction
NdrStubCall2
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrDllGetClassObject
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
NdrDllUnregisterProxy
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient9
ObjectStublessClient7
ObjectStublessClient8
ObjectStublessClient10
NdrProxyForwardingFunction6
ObjectStublessClient15
ObjectStublessClient6
NdrProxyForwardingFunction5
NdrProxyForwardingFunction4
ObjectStublessClient13
ObjectStublessClient4
NdrProxyForwardingFunction3
ObjectStublessClient12
ObjectStublessClient14
ObjectStublessClient5
CStdStubBuffer2_Connect
ObjectStublessClient3
ObjectStublessClient11
CStdStubBuffer2_CountRefs
CStdStubBuffer2_Disconnect
CStdStubBuffer2_QueryInterface

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
GetProcAddress

api-ms-win-core-localization-l1-2-1

GetGeoInfoW
GetUserGeoID
EnumSystemGeoID
SetThreadLocale
GetThreadLocale
FormatMessageW

api-ms-win-core-synch-l1-2-0

Sleep
ReleaseMutex
ReleaseSRWLockExclusive
WaitForSingleObject
DeleteCriticalSection
SetEvent
ReleaseSemaphore
EnterCriticalSection
OpenEventW
CreateSemaphoreExW
LeaveCriticalSection
AcquireSRWLockExclusive
CreateMutexExW
CreateMutexW
InitializeSRWLock
WaitForSingleObjectEx
AcquireSRWLockShared
OpenSemaphoreW
InitializeCriticalSection
ReleaseSRWLockShared
CreateEventW

api-ms-win-core-heap-l1-2-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
GetLastError
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-com-l1-1-1

CoTaskMemAlloc
PropVariantClear
CoSetProxyBlanket
CoCreateInstance
PropVariantCopy
StringFromGUID2
CLSIDFromString
CoTaskMemFree

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryInfoKeyW
RegSetKeySecurity
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegGetKeySecurity
RegSetValueExW
RegDeleteKeyExW
RegGetValueW
RegCreateKeyExW

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
CreateThread
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-debug-l1-1-1

OutputDebugStringW
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolThreadMinimum
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolTimer
IsThreadpoolTimerSet
CloseThreadpool
SetThreadpoolTimer
CloseThreadpoolCleanupGroup
SetThreadpoolWait
CloseThreadpoolWork
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
CreateThreadpoolWork
SetThreadpoolThreadMaximum
CreateThreadpool

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount64
GetSystemTime
GetTickCount

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-marshal-l1-1-0

HWND_UserMarshal
HWND_UserSize
HWND_UserFree
HWND_UserUnmarshal

user32

CreateWindowExW
RegisterClassExW
PostThreadMessageW
GetWindowLongW
IsWindow
DestroyWindow
UnregisterClassA
GetMessageW
DefWindowProcW
RegisterWindowMessageW
GetClassNameW
PostMessageW
EnumWindows
SetWindowLongW
UnregisterClassW
TranslateMessage
DispatchMessageW

ntdll

WinSqmAddToStreamEx
WinSqmAddToAverageDWORD
WinSqmAddToStream
WinSqmIsOptedIn
WinSqmIncrementDWORD

propsys

PropVariantToBSTR
PropVariantToString
PropVariantToDouble
InitPropVariantFromCLSID
InitPropVariantFromFileTime

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-security-base-l1-2-0

AddAccessAllowedAceEx
InitializeAcl
GetLengthSid
AddAce
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
SetSecurityDescriptorDacl
CopySid
GetAce
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c35c7d0c4306f868b3712cd7c6264043

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp110_win

msvcrt

oleaut32

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-string-l2-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-marshal-l1-1-0

user32

ntdll

propsys

api-ms-win-core-apiquery-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-security-base-l1-2-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 228KB - Virtual size: 227KB

.data Size: 1024B - Virtual size: 5KB

.idata Size: 9KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 16B

.rsrc Size: 53KB - Virtual size: 53KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 228KB - Virtual size: 227KB

.data
Size: 1024B - Virtual size: 5KB

.idata
Size: 9KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 53KB - Virtual size: 53KB

.reloc
Size: 18KB - Virtual size: 17KB