aclui[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aclui.dll
Size

122KB
MD5

d424e5155b6ec8fdbb35ce1f914a6423
SHA1

17b18454a04959a3ca5e001c42303ce5bb318a08
SHA256

c933bad40f223aadb3d3311cd118b1b3a20d452b7216023d48ec26b65dfc060b
SHA512

244baf22d9b2ad21d779ebe86270be2c0d40bcd8cc835aef3a6207f10c7d1e74ce1202061b67c9c21d54bdc52815a597f41caf842016eab4059bff810d51fc0f
SSDEEP

3072:giFE4eu1lcycNdF/7ayBpYj1jL2T3ElAfm8+pq:9F9zcyw/Oyjj+Auvp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aclui.dll

Files

aclui.dll
.dll windows:6 windows x86 arch:x86

b1c3bccc3487b1852fecc5251ffc206a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

aclui.pdb

Imports

msvcrt

memcpy
memset
_vsnwprintf
_itow_s
iswspace
wcsrchr
_XcptFilter
malloc
free
_initterm
_amsg_exit
_except_handler4_common
wcsncmp

ntdll

NtOpenProcessToken
NtOpenThreadToken
WinSqmAddToStream
WinSqmIncrementDWORD
RtlCreateUnicodeString
RtlFreeUnicodeString
WinSqmSetDWORD
WinSqmSetString
WinSqmStartSession
WinSqmIsOptedIn
WinSqmEndSession
RtlLengthSid
RtlNtStatusToDosError
RtlEqualUnicodeString
RtlInitUnicodeString
NtQueryInformationToken
RtlGetNtProductType
NtClose

kernel32

FreeLibraryAndExitThread
GetModuleHandleW
FreeLibrary
CreateThread
LoadLibraryW
GlobalUnlock
GlobalLock
CheckElevationEnabled
WaitForSingleObject
lstrlenW
SetLastError
InterlockedIncrement
lstrcmpiW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetTickCount
InterlockedDecrement
InitializeCriticalSection
DelayLoadFailureHook
GetProcAddress
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
Sleep
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LockResource
LoadResource
FindResourceW
FormatMessageW
GetCurrentThread
GetCurrentProcess
CloseHandle
CompareStringW
GetLastError
DisableThreadLibraryCalls
LocalFree
LocalAlloc
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
RegCloseKey
ExpandEnvironmentStringsA
RegQueryValueExA
RegOpenKeyExA
LoadLibraryA
GetModuleFileNameW

user32

ShowScrollBar
ReleaseDC
DrawFocusRect
GetSysColor
FrameRect
GetSysColorBrush
GetDC
InflateRect
SetScrollInfo
CallWindowProcW
OffsetRect
LoadImageW
RegisterClassW
LoadBitmapW
GetWindow
DrawTextW
GetWindowTextW
SystemParametersInfoW
UnregisterClassW
GetDlgItemTextW
SendDlgItemMessageW
DestroyWindow
GetDesktopWindow
LoadCursorW
SetCursor
MoveWindow
GetScrollInfo
SetScrollPos
ScrollWindow
GetClientRect
GetSystemMetrics
CheckDlgButton
GetWindowLongW
IsWindowEnabled
IsDlgButtonChecked
SetWindowLongW
MessageBoxW
GetWindowRect
MapWindowPoints
SetWindowPos
SetWindowTextW
IsWindowVisible
ShowWindow
GetParent
PostMessageW
GetFocus
SetFocus
EnableWindow
DialogBoxParamW
EndDialog
LoadIconW
GetDlgItem
SendMessageW
LoadStringW
RegisterWindowMessageW
RegisterClipboardFormatW
GetDlgCtrlID
DestroyIcon
MapDialogRect
CreateWindowExW
SetDlgItemTextW
DefWindowProcW

gdi32

CreateFontIndirectW
GetObjectW
DeleteObject
SetBkMode
SetTextColor
SelectObject
SetBkColor

shlwapi

PathAppendW
StrRChrW
StrChrW

advapi32

GetSecurityDescriptorControl
GetSidSubAuthority
IsValidSecurityDescriptor
IsValidAcl
OpenThreadToken
DuplicateTokenEx
AdjustTokenPrivileges
SetThreadToken
InitializeAcl
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
IsValidSid
GetSecurityDescriptorOwner
GetTokenInformation
OpenProcessToken
SetSecurityDescriptorOwner
LsaOpenPolicy
GetSidSubAuthorityCount
IsWellKnownSid
DeleteAce
LookupAccountNameW
GetSecurityDescriptorSacl
GetLengthSid
ConvertSidToStringSidW
CopySid
LsaLookupSids
GetWindowsAccountDomainSid
LookupAccountSidW
EqualSid
EqualPrefixSid

ole32

CoCreateInstance
ReleaseStgMedium
CoInitialize
CoCreateGuid
CoUninitialize

oleaut32

SafeArrayAccessData
SysReAllocStringLen
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysFreeString

shell32

ord6
ord258
ord259

ntdsapi

DsCrackNamesW
DsBindWithSpnExW
DsUnBindW
DsMakeSpnW
DsFreeNameResultW

Exports

Exports

CreateSecurityPage
EditSecurity
EditSecurityAdvanced
IID_ISecurityInformation

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1c3bccc3487b1852fecc5251ffc206a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

gdi32

shlwapi

advapi32

ole32

oleaut32

shell32

ntdsapi

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 96KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 96KB - Virtual size: 96KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 6KB - Virtual size: 5KB