SensorsApi[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SensorsApi.dll
Size

325KB
MD5

3ec4b53d0d0125404cc9b9d28aea6987
SHA1

8f4e997a89ac601edc9bb0415153f1f26126f770
SHA256

4da6f24a74d590780265813efdb4e6638407770d27ead84e5cf520e666ba80ba
SHA512

75d671da2d816a69f42d53fce3adaf8a6cb7b50bc5815e270df1f63fd2a030d8e6fc0bb5bf1c9b1aeffbd582f13073f581e1b35e9ad7d163a88471bab716da64
SSDEEP

6144:9M29W9qU5ZfE0Lg29RAgTxu+SACTpdfgUOLIlsEHXG/DB:91o7phRAgNuBfJGIK8XG/l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SensorsApi.dll

Files

SensorsApi.dll
.dll regsvr32 windows:10 windows x86 arch:x86

fa863973cbdd3979c866d9ad191d23ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SensorsApi.pdb

Imports

msvcp_win

?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_unlock
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?_Winerror_message@std@@YAKKPADK@Z
?_Xout_of_range@std@@YAXPBD@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
_Cnd_wait
_Cnd_broadcast
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
??0task_continuation_context@Concurrency@@AAE@XZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
?_Syserror_map@std@@YAPBDH@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_Winerror_map@std@@YAHH@Z
_Mtx_lock
?_Xbad_alloc@std@@YAXXZ

api-ms-win-crt-string-l1-1-0

memmove_s

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
memcpy
_o__wcsicmp
_o__wcsnicmp
_o_calloc
_o_free
_o_malloc
_o_memset
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wmemcpy_s
__CxxFrameHandler3
_except_handler4_common
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
memmove
wcsrchr
memcmp

rpcrt4

CStdStubBuffer_Invoke
CStdStubBuffer_CountRefs
NdrClientCall4
NdrDllUnregisterProxy
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
I_RpcExceptionFilter
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
NdrDllCanUnloadNow
NdrOleFree
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
NdrDllGetClassObject
NdrDllRegisterProxy
IUnknown_Release_Proxy
RpcBindingCreateW
RpcBindingBind
RpcBindingFree

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient17
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient7
ObjectStublessClient15
ObjectStublessClient13
ObjectStublessClient3
ObjectStublessClient4
ObjectStublessClient5
ObjectStublessClient10
ObjectStublessClient11
ObjectStublessClient14
ObjectStublessClient12
ObjectStublessClient16
ObjectStublessClient6

api-ms-win-core-localization-l1-2-1

FormatMessageW
SetThreadLocale
GetThreadLocale

api-ms-win-core-synch-l1-2-0

ReleaseSRWLockExclusive
InitializeCriticalSection
AcquireSRWLockExclusive
ResetEvent
LeaveCriticalSection
CreateEventExW
DeleteCriticalSection
WaitForMultipleObjectsEx
CreateMutexExW
OpenSemaphoreW
CreateSemaphoreExW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
EnterCriticalSection
WaitForSingleObject
InitializeCriticalSectionEx
CreateEventW
SetEvent

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FindResourceExW
SizeofResource
DisableThreadLibraryCalls
GetModuleFileNameW
LockResource
GetProcAddress
GetModuleHandleW
LoadLibraryExW
LoadResource
GetModuleHandleExW

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegSetValueExW
RegSetKeySecurity
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegGetKeySecurity
RegCreateKeyExW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
GetLastError
RaiseException
UnhandledExceptionFilter
SetLastError

api-ms-win-core-winrt-error-l1-1-1

RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
ExitProcess
OpenProcessToken
GetCurrentProcess
IsProcessorFeaturePresent
OpenProcess
GetCurrentThreadId
CreateThread
GetCurrentProcessId

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapDestroy
HeapAlloc
HeapSize
HeapReAlloc
HeapFree

api-ms-win-core-debug-l1-1-1

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-2-0

InitializeSListHead

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

user32

SetCursor
TranslateMessage
PostQuitMessage
MsgWaitForMultipleObjectsEx
PeekMessageW
DialogBoxParamW
EndDialog
UnregisterClassA
IsWindow
LoadStringW
DispatchMessageW
LoadCursorW

sensorsutilsv2

CollectionsListDeserializeFromBuffer
PropKeyFindKeySetPropVariant
PropKeyFindKeyGetFloat
PropKeyFindKeyGetDouble
InitPropVariantFromFloat
PropKeyFindKeyGetPropVariant
PropKeyFindKeyGetUlong
PropKeyFindKeyGetFileTime
IsCollectionListSame
IsKeyPresentInCollectionList
CollectionsListGetMarshalledSize
PropKeyFindKeyGetGuid
CollectionsListCopyAndMarshall

sensorsnativeapi.v2

SensorOpenByInterfaceV2
SensorStartCollectionV2
SensorStopV2
SensorGetSupportedDataFieldsV2
SensorGetDataCollectionV2
SensorEnableIdleOperationV2
SensorGetDataIntervalV2
SensorGetDataThresholdsV2
SensorGetPropertiesV2
SensorGetDataFieldPropertiesV2
SensorCloseV2
SensorGetCapabilitiesCollectionV2

api-ms-win-core-marshal-l1-1-0

HWND_UserUnmarshal
HWND_UserFree
HWND_UserSize
HWND_UserMarshal

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SubmitThreadpoolWork
SetThreadpoolTimer
WaitForThreadpoolWorkCallbacks
CreateThreadpoolTimer
CloseThreadpoolWork

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-2-1

ReadFile
CreateFileW

api-ms-win-security-base-l1-2-0

CheckTokenMembership
FreeSid
AddAce
InitializeSecurityDescriptor
IsValidSid
GetTokenInformation
CopySid
AllocateAndInitializeSid
GetAce
SetSecurityDescriptorDacl
IsWellKnownSid
GetAclInformation
GetLengthSid
AddAccessAllowedAceEx
InitializeAcl
GetSecurityDescriptorDacl

api-ms-win-core-psapi-l1-1-0

K32GetModuleBaseNameW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-io-l1-1-1

CancelIoEx
GetOverlappedResult

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

ntdll

WinSqmIsOptedIn
WinSqmAddToStreamEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SensorCloseCOM
SensorEnableIdleOperationCOM
SensorGetAccDataCOM
SensorGetAlsDataCOM
SensorGetBarDataCOM
SensorGetCapabilitiesCollectionCOM
SensorGetDataCollectionCOM
SensorGetDeviceIdCOM
SensorGetFusDataCOM
SensorGetGyrDataCOM
SensorGetMagDataCOM
SensorGetPrxDataCOM
SensorGetThresholdsCOM
SensorOpenByInterfaceCOM
SensorPermissionsHandler
SensorPermissionsHandlerA
SensorPermissionsHandlerW
SensorRegisterEventCOM
SensorSetAccThresholdsCOM
SensorSetAlsThresholdsCOM
SensorSetBarThresholdsCOM
SensorSetFusThresholdsCOM
SensorSetGyrThresholdsCOM
SensorSetMagThresholdsCOM
SensorStartCollectionCOM
SensorStopCOM
SensorUnregisterEventCOM

Sections

.text
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa863973cbdd3979c866d9ad191d23ef

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-heap-l1-2-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-2-0

api-ms-win-shcore-unicodeansi-l1-1-0

user32

sensorsutilsv2

sensorsnativeapi.v2

api-ms-win-core-marshal-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-security-base-l1-2-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-io-l1-1-1

api-ms-win-core-delayload-l1-1-1

ntdll

Exports

Exports

Sections

.text Size: 287KB - Virtual size: 286KB

.data Size: 2KB - Virtual size: 3KB

.idata Size: 11KB - Virtual size: 11KB

.didat Size: 512B - Virtual size: 272B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 287KB - Virtual size: 286KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 11KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 272B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 22KB - Virtual size: 21KB