AuthBrokerUI[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AuthBrokerUI.dll
Size

98KB
MD5

20c0c534c203004f271585f7b8a7276e
SHA1

8e922738e4069672f5cee9d2580890b4750e290e
SHA256

1d0b7a9807277bb77d322a171168bd8db7130a625c7c4fae0bda2cc771411da8
SHA512

28424fa3fe0391e743889f3469740d3b6c75f389da7f46f2ba6070a60aa54afec2c9e39d379d6c4a69e29e890a0e84dd0dc33a10ca1cbbb8af61ecf8198f4f02
SSDEEP

1536:CbOCJz8DmUzR006X3SPRNH8QUkie+CTNW6ICwChfrmPS6Fsp9Fp6zo4ozy/C++7I:GOCsmJSPtUkie+CTN5Blf3zl++8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AuthBrokerUI.dll

Files

AuthBrokerUI.dll
.dll windows:10 windows x86 arch:x86

e912d779784eeaaec4bd299a1ea84218

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AuthBrokerUI.pdb

Imports

msvcrt

_except_handler4_common
_vsnwprintf
memcpy_s
__dllonexit
_onexit
_ftol2_sse
memset
_unlock
_lock
__CxxFrameHandler3
_initterm
malloc
_amsg_exit
_XcptFilter
free
_callnewh
_purecall

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage

api-ms-win-core-synch-l1-2-0

ReleaseSemaphore
CreateMutexExW
OpenSemaphoreW
ResetEvent
SetEvent
WaitForSingleObjectEx
WaitForMultipleObjectsEx
ReleaseMutex
WaitForSingleObject
CreateSemaphoreExW
CreateEventW
Sleep

api-ms-win-core-winrt-error-l1-1-1

RoOriginateError

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadStringW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW

shcore

ord244
GetScaleFactorForMonitor

authbroker

FindCallingThreadImmersiveWindow

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-localization-l1-2-1

FormatMessageW
SetThreadPreferredUILanguages

oleaut32

SysFreeString
SysStringLen

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-heap-l1-2-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

CreateWndMgmt
DirectUIInitProc
DirectUIInitThread
DirectUIUnInitProc
DirectUIUnInitThread
FreeWndMgmt
WabCreateWebRuntimeCoreControl
WabCreateWebRuntimeCoreVisualViewport
WabImmDisableLegacyIME

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e912d779784eeaaec4bd299a1ea84218

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

shcore

authbroker

api-ms-win-core-debug-l1-1-1

api-ms-win-core-localization-l1-2-1

oleaut32

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 83KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 316B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 84KB - Virtual size: 83KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 316B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 5KB