TapiSysprep[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TapiSysprep.dll
Size

9KB
MD5

4776dbfb1ab6d0a1c5df1b95be5e9ab8
SHA1

aeb88bfba353c87e4d33effafc21739b70cb45db
SHA256

7579d71059469b451e4d9e230485f8c8bd944c17980ea844a72d009a868aa0be
SHA512

2581f292fd25468da53c60ac83ddf609a4ea75b7f3f846ed78c62ac88ebceccb58d4125307e33f653ff3dcdbf096b67fae8722c6d5f8974f8d803b021fef2968
SSDEEP

192:pPFlfVE9hV9zmJupAEgsiLJsMEgVT6oWcWOoNxbWnwo:5wmJGAHsiL2bgVzJWO+xbWwo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TapiSysprep.dll

Files

TapiSysprep.dll
.dll windows:6 windows x86 arch:x86

0d9382039dffd2071f55bbb688b83592

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

tapisysprep.pdb

Imports

msvcrt

_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter

advapi32

RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey

shlwapi

SHDeleteKeyW

wdscore

CurrentIP
WdsSetupLogMessageW
ConstructPartialMsgVW

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
QueryPerformanceCounter
InterlockedCompareExchange
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTickCount
InterlockedExchange
GetLastError
Sleep

Exports

Exports

TapiSysPrepClean

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ