SystemSettings[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SystemSettings.dll
Size

5.9MB
MD5

c0fd74d6dce4939f6aecaf8ac560a58f
SHA1

4dd48043ba6001f97ccf1cbc42b2b64e5fc11994
SHA256

85f51361fcf21e673c096279c064267fd5e70642e8ca6c1f5e3628ac300b8da2
SHA512

b3edf7ea78234d3623f71721c930e6ee874c3caa4efc0fe1c55571ef56703f96229ceca616ab7a8ca1532c39716096f6a82897313edb5233385554066f7b2c08
SSDEEP

98304:KBWSDgrxjC5hm0uHoIIVIBBgTIysF+FdKevPdKBW:8haHoIjDg95FdzvPdj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SystemSettings.dll

Files

SystemSettings.dll
.dll windows:10 windows x64 arch:x64

773a3bd3afe631e736a8c057a2230acf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SystemSettings.pdb

Imports

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegQueryValueExW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegEnumKeyExW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolWait
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
OpenThreadToken
GetCurrentThreadId
OpenProcessToken
GetCurrentThread
GetCurrentProcess
GetCurrentProcessId
ExitProcess

api-ms-win-core-localization-l1-2-0

GetUserPreferredUILanguages
GetLocaleInfoEx
ResolveLocaleName
LCMapStringEx
FormatMessageW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ResetEvent
InitializeCriticalSection
SetEvent
InitializeSRWLock
ReleaseSRWLockExclusive
CreateEventW
InitializeCriticalSectionEx
WaitForSingleObject
CreateMutexExW
EnterCriticalSection
CreateEventExW
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockShared
OpenSemaphoreW
SetWaitableTimer
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
ReleaseMutex

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsTrimStringEnd
WindowsTrimStringStart
WindowsIsStringEmpty
WindowsPreallocateStringBuffer
WindowsGetStringLen
WindowsDuplicateString
WindowsDeleteStringBuffer
WindowsConcatString
WindowsCompareStringOrdinal
WindowsCreateString
WindowsPromoteStringBuffer
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister
EventActivityIdControl

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
GetModuleHandleW
LoadLibraryExW
DisableThreadLibraryCalls
FindStringOrdinal
FindResourceExW
LoadResource
GetModuleHandleExW
LockResource
GetProcAddress

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemDirectoryW
GetTickCount64
GetWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoGetMalloc
PropVariantClear
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoIncrementMTAUsage
CoCreateInstance
CoGetContextToken

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

oleaut32

SysStringLen
SysFreeString
SafeArrayAccessData
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayDestroy

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CompareFileTime

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
CopySid
GetTokenInformation
EqualSid
CheckTokenMembership
IsValidSid
GetLengthSid
FreeSid

wkscli

NetGetJoinInformation

api-ms-win-core-path-l1-1-0

PathCchAppend

netutils

NetApiBufferFree

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

sspicli

GetUserNameExW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv
GetComputerNameW

api-ms-win-core-shlwapi-legacy-l1-1-0

SHExpandEnvironmentStringsW
PathParseIconLocationW
PathFindExtensionW

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

shcore

CreateStreamOverRandomAccessStream
SHCreateMemStream
CreateRandomAccessStreamOverStream
ord244
SetCurrentProcessExplicitAppUserModelID
IsOS

gdi32

CreateDIBSection
DeleteObject
GetObjectW

propsys

PSPropertyBag_WriteStr
PSCreateMemoryPropertyStore

ntdll

NtQueryWnfStateData
RtlInitUnicodeString
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
WinSqmIncrementDWORD
RtlPublishWnfStateData

mrmcorer

ResourceManagerQueueGetString

d2d1

ord1

api-ms-win-rtcore-ntuser-window-l1-1-0

GetAncestor
AllowSetForegroundWindow

api-ms-win-shell-namespace-l1-1-0

SHCreateItemFromParsingName

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
GetMonitorInfoW

api-ms-win-appmodel-runtime-l1-1-1

FindPackagesByPackageFamily

wincorlib

?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?__abi_WinRTraiseCOMException@@YAXJ@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
??0NotImplementedException@Platform@@QE$AAA@XZ
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
??0NullReferenceException@Platform@@QE$AAA@XZ
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?__abi_WinRTraiseChangedStateException@@YAXXZ
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@PE$AAV01@@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K@Z
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNotImplementedException@@YAXXZ
??0Delegate@Platform@@QE$AAA@XZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
??0Object@Platform@@QE$AAA@XZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
??0InvalidArgumentException@Platform@@QE$AAA@PE$AAVString@1@@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
??0InvalidArgumentException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
??0ChangedStateException@Platform@@QE$AAA@XZ
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?ReleaseInContextImpl@Details@Platform@@YAJPEAUIUnknown@@0@Z
?GetObjectContext@Details@Platform@@YAPEAUIUnknown@@XZ
?GetProxyImpl@Details@Platform@@YAJPEAUIUnknown@@AEBU_GUID@@0PEAPEAU3@@Z
?InitializeData@Details@Platform@@YAJH@Z
?UninitializeData@Details@Platform@@YAXH@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?__abi_FailFast@@YAXXZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
?ToString@Guid@Platform@@QEAAPE$AAVString@2@XZ
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ
??0Exception@Platform@@QE$AAA@HPE$AAVString@1@@Z
?ToString@Enum@Platform@@QE$AAAPE$AAVString@2@XZ
?ToString@int32@default@@QEAAPE$AAVString@Platform@@XZ
?GetType@Object@Platform@@QE$AAAPE$AAVType@2@XZ
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?Equals@Object@Platform@@QE$AAA_NPE$AAV12@@Z
?ToString@float64@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@uint32@default@@QEAAPE$AAVString@Platform@@XZ
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
??0Exception@Platform@@QE$AAA@H@Z
??0GridLength@Xaml@UI@Windows@@QEAA@NW4GridUnitType@123@@Z
?get@Bottom@Rect@Foundation@Windows@@QEAAMXZ
??0Rect@Foundation@Windows@@QEAA@VPoint@12@VSize@12@@Z
??0DisconnectedException@Platform@@QE$AAA@XZ

msvcp_win

?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_IsNonBlockingThread@_Task_impl_base@details@Concurrency@@SA_NXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
_Mtx_lock
_Mtx_unlock
?_Incref@facet@locale@std@@UEAAXXZ
_Cnd_wait
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_XGetLastError@std@@YAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
_Cnd_broadcast
_Mtx_destroy_in_situ
_Cnd_destroy_in_situ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?id@?$ctype@_W@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
??0facet@locale@std@@IEAA@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$collate@_W@std@@2V0locale@2@A
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
_Mtx_init_in_situ
_Cnd_init_in_situ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
??1facet@locale@std@@MEAA@XZ
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
_Query_perf_counter
?_Xinvalid_argument@std@@YAXPEBD@Z
_Query_perf_frequency
_Wcsxfrm
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
_Wcscoll
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z
?_Throw_C_error@std@@YAXH@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

api-ms-win-crt-string-l1-1-0

wcscspn
wcslen
memset

api-ms-win-crt-private-l1-1-0

memcpy
memcmp
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
wcsrchr
wcsstr
strchr
wcschr
__std_terminate
__CxxFrameHandler4
_o_wcstoul
_o_wcstol
_o_wcstod
_o_wcsncpy_s
_o_wcscpy_s
_o_wcscat_s
_o_towupper
_o_towlower
_o_terminate
_o_sqrt
_o_sin
_o_realloc
_o_pow
_o_memcpy_s
_o_malloc
_o_lround
_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswscanf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
_o__wcsnicmp
_o_ceil
_o_cos
_o_exp
_o_floor
_o_free
_o_iswspace
memmove

ext-ms-win-rtcore-ntuser-sysparams-l1-1-0

MonitorFromPoint

ext-ms-win-shell-shell32-l1-2-0

ShellExecuteExW
SHCreateItemInKnownFolder

ext-ms-win-shell-shell32-l1-2-1

SHGetStockIconInfo
SHDefExtractIconW

ext-ms-win-ntuser-gui-l1-1-0

DestroyIcon

ext-ms-win-ole32-bindctx-l1-1-0

CreateBindCtx

ext-ms-win-ntuser-keyboard-l1-1-0

MapVirtualKeyExW

ext-ms-win-ntuser-keyboard-l1-2-0

GetKeyNameTextW

ext-ms-win-com-ole32-l1-1-1

CoAllowSetForegroundWindow

ext-ms-win-security-slc-l1-1-0

SLGetWindowsInformationDWORD

policymanager

PolicyManager_GetPolicyInt
PolicyManager_FreeGetPolicyData
PolicyManager_GetPolicy

winlangdb

Bcp47GetLocalizedName
Bcp47GetEnglishName
Bcp47GetNativeName

bcp47langs

Bcp47GetIsoScriptCode

wintrust

WTGetSignatureInfo

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-lsapolicy-l1-1-0

LsaClose
LsaFreeMemory
LsaOpenPolicy
LsaLookupNames2

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

ext-ms-win-els-elscore-l1-1-0

MappingGetServices
MappingRecognizeText
MappingFreePropertyBag

api-ms-win-crt-math-l1-1-0

floorf

Exports

Exports

StartApplication

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 947KB - Virtual size: 947KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 409KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

773a3bd3afe631e736a8c057a2230acf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-registry-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-l1-1-0

oleaut32

api-ms-win-core-string-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-security-base-l1-1-0

wkscli

api-ms-win-core-path-l1-1-0

netutils

api-ms-win-core-localization-l2-1-0

sspicli

api-ms-win-core-registry-l1-1-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-security-lsalookup-l1-1-2

shcore

gdi32

propsys

ntdll

mrmcorer

d2d1

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-shell-namespace-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-appmodel-runtime-l1-1-1

wincorlib

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

ext-ms-win-rtcore-ntuser-sysparams-l1-1-0

ext-ms-win-shell-shell32-l1-2-0

ext-ms-win-shell-shell32-l1-2-1

ext-ms-win-ntuser-gui-l1-1-0

ext-ms-win-ole32-bindctx-l1-1-0

ext-ms-win-ntuser-keyboard-l1-1-0

ext-ms-win-ntuser-keyboard-l1-2-0

ext-ms-win-com-ole32-l1-1-1

ext-ms-win-security-slc-l1-1-0

policymanager

winlangdb

bcp47langs

wintrust

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 947KB - Virtual size: 947KB

.data
Size: 409KB - Virtual size: 449KB

.pdata
Size: 208KB - Virtual size: 207KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 106KB - Virtual size: 106KB

.rdata2
Size: 512B - Virtual size: 4KB