SyncInfrastructure[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SyncInfrastructure.dll
Size

315KB
MD5

469e61ed4c5e018e1d0b130ace65d85f
SHA1

092b13b3b417688d6384eab21c373585283ac731
SHA256

9e8d84782940fe4d8e7fbea32cb5a847f628dbb3e65c2315835d7e11c62ddef3
SHA512

d4c232b26e3f35bf50915d6cb6916084f1a0afae531b9bedf72b0edfe7f94b7a85f8e96a27d0d4803eb0945f7f76947dc992f2750b72711cd2d638f787eff787
SSDEEP

6144:kJOEAjp/AvGaeuCGNIgutZkeWw1JpOnYuChmPJw8K2vO:mONjaeuClXWEO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SyncInfrastructure.dll

Files

SyncInfrastructure.dll
.dll regsvr32 windows:6 windows x86 arch:x86

1f768d02578ceb9d364d09753e84705b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SyncInfrastructure.pdb

Imports

msvcrt

memmove_s
_vsnwprintf
calloc
_purecall
wcscat_s
wcsncpy_s
wcscpy_s
_errno
realloc
_onexit
_wmakepath_s
__dllonexit
_unlock
?terminate@@YAXXZ
_wsplitpath_s
_wtol
wcsrchr
_vsnprintf
memcpy_s
memcpy
swprintf_s
??_U@YAPAXI@Z
_ftol2
_wtoi64
_ltow
_lock
__CxxFrameHandler3
??_V@YAXPAX@Z
_CxxThrowException
free
??2@YAPAXI@Z
memset
malloc
_except_handler4_common
??1type_info@@UAE@XZ
_amsg_exit
_initterm
_XcptFilter
??3@YAXPAX@Z

ntdll

WinSqmIncrementDWORD
WinSqmSetDWORD
WinSqmAddToStreamEx
WinSqmIsOptedIn
WinSqmStartSession
WinSqmEndSession

kernel32

VirtualFree
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
CopyFileW
GetFileAttributesW
ReadFile
CreateFileW
WriteFile
OpenEventW
FindResourceW
LoadResource
LockResource
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
GetProcAddress
GetModuleHandleW
DebugBreak
VirtualAlloc
DisableThreadLibraryCalls
SetThreadLocale
GetThreadLocale
InterlockedCompareExchange
ResetEvent
SetEvent
InterlockedExchange
CloseHandle
WaitForSingleObject
CreateThread
CreateEventW
GetSystemTimeAsFileTime
QueueUserWorkItem
GetCurrentThreadId
GetTickCount64
FormatMessageW
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OutputDebugStringA
SizeofResource
SetLastError
FlushInstructionCache
GetCurrentThread
DeleteFileW
LocalFree
GetModuleFileNameW

user32

RegisterClassExW
GetWindowLongW
KillTimer
SetTimer
CharUpperBuffW
CharLowerBuffW
PostMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadCursorW
GetClassInfoExW
SetWindowLongW
GetSystemMetrics
CharNextW
PostThreadMessageW
UnregisterClassW
UnregisterClassA
DestroyWindow
CreateWindowExW
DefWindowProcW
CallWindowProcW

ole32

StringFromCLSID
StgCreateStorageEx
StgOpenStorageEx
CoTaskMemAlloc
PropVariantCopy
PropVariantClear
StringFromGUID2
CoCreateInstance
CoCreateGuid
CoAddRefServerProcess
CoReleaseServerProcess
CoUninitialize
CoInitializeEx
CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects
CreateItemMoniker
GetRunningObjectTable
CoTaskMemFree
CLSIDFromString

oleaut32

VarBstrCat
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
DispCallFunc
VariantClear
SysAllocStringLen
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
VarUI8FromStr
VariantInit

shlwapi

StrStrIW
StrStrA
StrCmpNIW
PathCombineW
StrStrW
StrCmpIW
ord219
SHStrDupW
PathAddBackslashW

advapi32

EventUnregister
EventRegister
RegOpenKeyExW
RegCloseKey
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
RegEnumKeyExW
GetTraceLoggerHandle
OpenThreadToken
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegisterTraceGuidsW
UnregisterTraceGuids
RegQueryInfoKeyW
EventWrite
RegSetKeyValueW
RegGetValueW

propsys

PropVariantToUInt32
PropVariantCompareEx
PropVariantToBSTR
PropVariantToUInt64
InitPropVariantFromFileTime
InitPropVariantFromCLSID
PSCreateMemoryPropertyStore
PropVariantToGUID

crypt32

CryptUnprotectData
CryptProtectData

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

shell32

SHGetKnownFolderPath
SHBindToParent
SHParseDisplayName
SHCreateDirectoryExW
SHCreateShellItem

setupapi

SetupDiDeleteDeviceInterfaceData
SetupDiGetDevicePropertyW
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDeviceInterfaceW
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f768d02578ceb9d364d09753e84705b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

ole32

oleaut32

shlwapi

advapi32

propsys

crypt32

wtsapi32

shell32

setupapi

Exports

Exports

Sections

.text Size: 280KB - Virtual size: 279KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 280KB - Virtual size: 279KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 22KB - Virtual size: 22KB