aaclient[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

aaclient.dll
Size

128KB
MD5

aefe406ab9cf4c8c4f932c983c396423
SHA1

79f6da24e84e6589153c40ba84a5b0068534a94f
SHA256

7934ed8542f04b0ef320d6259df848c3d42e4543886def34e93a90acd16d0e3b
SHA512

84eb1ab0f9f9d10f6b5bafe92f9acaa8108e7b28a0419a872b8fc41f7f1d704fe013f65c458968ef59cd954b920e223a076ad0f4eb89c5e70639126f6f45d00b
SSDEEP

3072:Lgou29EdC0ALR6Gn0o1ElHshebcO3YqUEq/hofxd3bPUPX8Lih331F2rv+YKN+m5:MQa/ALkGBWlH7QOFUlifxtbcPX8Lih3j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaclient.dll

Files

aaclient.dll
.dll windows:6 windows x86 arch:x86

d6fea1eea82e97467c4a631cf0bfb8b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

aaclient.pdb

Imports

msvcrt

_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
ferror
_itoa
_snprintf
_iob
isleadbyte
__mb_cur_max
mbtowc
memcpy
_onexit
_lock
__dllonexit
_unlock
_amsg_exit
_initterm
_XcptFilter
_errno
__CxxFrameHandler
malloc
free
memset
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
_ltow
_ultow
wcsrchr

ws2_32

htonl

mstscax

RegisterTransportExtDll

kernel32

LoadLibraryExA
UnregisterWaitEx
RegisterWaitForSingleObject
VerSetConditionMask
VerifyVersionInfoW
LoadLibraryExW
lstrlenW
GetProcessHeap
HeapAlloc
HeapFree
WideCharToMultiByte
GetComputerNameW
WaitForSingleObject
SetEvent
CreateEventW
GetModuleFileNameW
GetLastError
GetProcAddress
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GetQueuedCompletionStatus
LeaveCriticalSection
EnterCriticalSection
PostQueuedCompletionStatus
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateThread
CreateIoCompletionPort
InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeSListHead
LocalAlloc
Sleep
LocalFree
GetComputerNameExW
DelayLoadFailureHook
FreeLibrary
InterlockedCompareExchange
GetVersion
InterlockedExchange
OutputDebugStringA
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

Exports

Exports

LoadClientAdapter
OpenKeyReader
OpenKeyReaderWriter
g_fnStartTransport

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6fea1eea82e97467c4a631cf0bfb8b2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ws2_32

mstscax

kernel32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 111KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 112KB - Virtual size: 111KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB