TSWorkspace.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
TSWorkspace.dll
Resource
win7-20240215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
TSWorkspace.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
TSWorkspace.dll
-
Size
774KB
-
MD5
e3fd66867955b9ce2163c3a8e2198247
-
SHA1
ca8541b24bd851e079a6e6cd0afd68f42e9dec17
-
SHA256
ac1fcdcbf93b137682e71d379fe2525368951f95ea707d9d080f069fc0e57665
-
SHA512
861b95f2040feb463ab1623ab87a3e6510ff6a4c85098c2e81fe0fa612bd5398572619f8e18166f97956a4989aef05bd8dbb686f53b2ff38d65aee08cc2eeea5
-
SSDEEP
12288:YVZ3q7RPwvYDva3tO88wZMWGXDW0TuAI5XIB7GjFqaFRRY6ii:CZ3mdPDva3t7ITdTubim4kRRYh
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource TSWorkspace.dll
Files
-
TSWorkspace.dll.dll regsvr32 windows:6 windows x86 arch:x86
e21e3fc14a4e316216b756a7121eb189
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
toupper
wcstok_s
_wcslwr
memset
_wtol
towlower
_ftol2_sse
memmove_s
calloc
wcstombs
??0exception@@QAE@ABQBDH@Z
wcscspn
_wcsnicmp
wcscat_s
_wfopen_s
fgetws
iswcntrl
fclose
_wcsicmp
_ftol2
rand_s
??0exception@@QAE@ABQBD@Z
__RTDynamicCast
iswspace
_vsnwprintf
memcpy
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_callnewh
_XcptFilter
wcsncpy_s
wcscpy_s
_CxxThrowException
memcpy_s
free
malloc
wcsncmp
_onexit
_lock
__dllonexit
_unlock
_errno
realloc
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_amsg_exit
_initterm
__CxxFrameHandler3
kernel32
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CreateMutexW
ReleaseMutex
SystemTimeToFileTime
GetSystemTime
CreateDirectoryExW
CompareStringOrdinal
InitializeCriticalSectionAndSpinCount
InitOnceExecuteOnce
ExpandEnvironmentStringsW
TerminateThread
DeleteFileW
WriteFile
LCMapStringW
FindNLSStringEx
CompareStringEx
SetLastError
GetAtomNameW
GetTimeFormatW
GetDateFormatW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointer
GetFileAttributesW
ReadFile
GetFileSize
HeapAlloc
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
HeapDestroy
HeapReAlloc
HeapSize
HeapFree
TlsFree
GetSystemDirectoryW
CreateFileW
GetSystemInfo
GetCurrentThread
OpenThread
SwitchToThread
TlsGetValue
TlsSetValue
FindResourceExW
CreateThread
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
WaitForSingleObject
ResetEvent
SetEvent
CreateEventW
LocalFree
LocalAlloc
CloseHandle
LockResource
OutputDebugStringA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
lstrlenA
CompareStringW
WideCharToMultiByte
InterlockedExchange
GetVersionExA
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InitOnceInitialize
DisableThreadLibraryCalls
GetModuleFileNameW
lstrcmpiW
GetModuleHandleW
GetProcAddress
LoadLibraryW
InterlockedDecrement
InterlockedIncrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
GetProcessHeap
TlsAlloc
FreeLibraryAndExitThread
GetModuleHandleExW
advapi32
GetSecurityDescriptorControl
RegNotifyChangeKeyValue
CredWriteW
CredGetSessionTypes
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegDeleteKeyW
CredFree
CredUnmarshalCredentialW
GetUserNameW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
MakeAbsoluteSD
GetAclInformation
InitializeAcl
AddAce
OpenThreadToken
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RegEnumKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
EventUnregister
IsValidSid
GetLengthSid
CopySid
GetSecurityDescriptorOwner
EventRegister
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
TraceMessage
EventWrite
RegGetValueW
RegSetKeyValueW
RegDeleteTreeW
RegCreateKeyTransactedW
RegOpenKeyTransactedW
GetSecurityDescriptorGroup
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
ConvertSecurityDescriptorToStringSecurityDescriptorW
shlwapi
ord637
ord496
ord493
ord278
ord158
ord199
ord172
ord219
ord618
ord494
ord24
ord514
ord256
ord204
ord174
ord156
SHStrDupW
ord176
PathFileExistsW
UrlCreateFromPathW
PathCanonicalizeW
PathIsContentTypeW
PathQuoteSpacesW
ole32
StringFromGUID2
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CreateStreamOnHGlobal
PropVariantClear
CoAllowSetForegroundWindow
CoCreateGuid
IIDFromString
CoTaskMemAlloc
oleaut32
SafeArrayRedim
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayUnlock
SafeArrayLock
SysStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
SysAllocStringByteLen
VarUI4FromStr
SysFreeString
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
user32
SetWindowPos
SetWindowLongW
GetWindowLongW
SetFocus
GetParent
GetDlgItem
GetPropW
RemovePropW
SetPropW
GetWindowTextW
SetDlgItemTextW
SendDlgItemMessageW
EnableWindow
ShowWindow
SetDlgItemInt
GetWindowRect
TranslateMessage
LoadCursorW
GetFocus
PostQuitMessage
GetMessageW
LoadIconW
GetMonitorInfoW
MonitorFromWindow
DestroyIcon
CreateWindowExW
UnregisterClassW
GetClassInfoExW
RegisterClassExW
DefWindowProcW
DestroyWindow
PostMessageW
PostThreadMessageW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
DispatchMessageW
PeekMessageW
SendMessageW
LoadStringW
UnregisterClassA
CharNextW
LoadImageW
SetCursor
rpcrt4
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleAllocate
NdrStubCall2
NdrStubForwardingFunction
NdrOleFree
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_Invoke
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
propsys
InitVariantFromBuffer
dnsapi
DnsFree
DnsQuery_W
normaliz
IdnToUnicode
IdnToAscii
ntdll
RtlInitString
WinSqmAddToStream
EtwLogTraceEvent
shell32
SHBindToObject
ShellExecuteExW
ord25
ord18
SHParseDisplayName
ord155
SHGetIDListFromObject
ord152
SHCreateItemFromParsingName
SHGetKnownFolderPath
SHCreateDirectoryExW
SHFileOperationW
Shell_NotifyIconW
gdi32
DeleteObject
gdiplus
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
dui70
?Register@Element@DirectUI@@SGJXZ
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
?GetParent@Element@DirectUI@@QAEPAV12@XZ
?CreateString@Value@DirectUI@@SGPAV12@PBGPAUHINSTANCE__@@@Z
?SetValue@Element@DirectUI@@QAEJPBUPropertyInfo@2@HPAVValue@2@@Z
?Release@Value@DirectUI@@QAEXXZ
?GetClassInfoPtr@Element@DirectUI@@SGPAUIClassInfo@2@XZ
?SetActive@Element@DirectUI@@QAEJH@Z
?GetID@Element@DirectUI@@QAEGXZ
?MessageCallback@Element@DirectUI@@UAEIPAUtagGMSG@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MAEXHH@Z
StrToID
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MAE?AUtagSIZE@@HHPAVSurface@2@@Z
?OnHosted@Element@DirectUI@@MAEXPAV12@@Z
?OnUnHosted@Element@DirectUI@@MAEXPAV12@@Z
?UpdateTooltip@Element@DirectUI@@MAEXPAV12@@Z
?ActivateTooltip@Element@DirectUI@@MAEXPAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MAEXPAV12@@Z
?GetKeyFocused@Element@DirectUI@@UAE_NXZ
?GetAccessibleImpl@Element@DirectUI@@UAEJPAPAUIAccessible@@@Z
?DefaultAction@Element@DirectUI@@UAEJXZ
?GetElementProviderImpl@Element@DirectUI@@UAEJPAVInvokeHelper@2@PAPAVElementProvider@2@@Z
?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
?HandleUiaEventListener@Element@DirectUI@@UAEXPAUEvent@2@@Z
?SetKeyFocus@Element@DirectUI@@UAEXXZ
?EnsureVisible@Element@DirectUI@@UAE_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UAEPAV12@PAV12@HPBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UAEJPAPAV12@I@Z
?Insert@Element@DirectUI@@UAEJPAPAV12@II@Z
?Add@Element@DirectUI@@UAEJPAPAV12@I@Z
?Initialize@ClassInfoBase@DirectUI@@QAEJPAUHINSTANCE__@@PBG_NPBQBUPropertyInfo@2@I@Z
??1CritSecLock@DirectUI@@QAE@XZ
?Register@ClassInfoBase@DirectUI@@QAEJXZ
?ClassExist@ClassInfoBase@DirectUI@@SG_NPAPAUIClassInfo@2@PBQBUPropertyInfo@2@IPAU32@PAUHINSTANCE__@@PBG_N@Z
??0CritSecLock@DirectUI@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
?GetFactoryLock@Element@DirectUI@@SGPAU_RTL_CRITICAL_SECTION@@XZ
?Destroy@Element@DirectUI@@QAEJ_N@Z
?Initialize@Element@DirectUI@@QAEJIPAV12@PAK@Z
?QueryInterface@XProvider@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?Initialize@XProvider@DirectUI@@QAEJPAVElement@2@PAVIXProviderCP@2@@Z
?Create@XResourceProvider@DirectUI@@SGJPAUHINSTANCE__@@PBG11PAPAV12@@Z
?SetHandleEnterKey@XProvider@DirectUI@@IAEX_N@Z
?CreateDUI@XProvider@DirectUI@@UAGJPAVIXElementCP@2@PAPAUHWND__@@@Z
?GetClassInfoPtr@HWNDElement@DirectUI@@SGPAUIClassInfo@2@XZ
??1XProvider@DirectUI@@UAE@XZ
?SetParameter@XProvider@DirectUI@@UAGJABU_GUID@@PAX@Z
?GetDesiredSize@XProvider@DirectUI@@UAGJHHPAUtagSIZE@@@Z
?IsDescendent@XProvider@DirectUI@@UAGJPAVElement@2@PA_N@Z
?SetFocus@XProvider@DirectUI@@UAGJPAVElement@2@@Z
?QueryInterface@Element@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?GetString@Value@DirectUI@@QAEPBGXZ
UnInitThread
InitThread
UnInitProcessPriv
InitProcessPriv
?Init@NavReference@DirectUI@@QAEXPAVElement@2@PAUtagRECT@@@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnInput@Element@DirectUI@@UAEXPAUInputEvent@2@@Z
?OnGroupChanged@Element@DirectUI@@UAEXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UAEPBGPAPAVValue@2@@Z
?IsContentProtected@Element@DirectUI@@UAE_NXZ
?Navigate@XProvider@DirectUI@@UAGJHPA_N@Z
?CanSetFocus@XProvider@DirectUI@@UAGJPA_N@Z
?FindElementWithShortcutAndDoDefaultAction@XProvider@DirectUI@@UAGHGH@Z
?GetHostedElementID@XProvider@DirectUI@@UAGJPAG@Z
?ForceThemeChange@XProvider@DirectUI@@UAGJIJ@Z
?SetDefaultButtonTracking@XProvider@DirectUI@@UAGJ_N@Z
?ClickDefaultButton@XProvider@DirectUI@@UAGHXZ
?SetRegisteredDefaultButton@XProvider@DirectUI@@UAGJPAVElement@2@@Z
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UAGJ_N@Z
?AddRef@XProvider@DirectUI@@UAGKXZ
?GetRoot@XProvider@DirectUI@@IAEPAVElement@2@XZ
??0XProvider@DirectUI@@QAE@XZ
?GetChildren@Element@DirectUI@@QAEPAV?$DynamicArray@PAVElement@DirectUI@@$0A@@2@PAPAVValue@2@@Z
?GetAtomZero@Value@DirectUI@@SGPAV12@XZ
?SetContentAlign@Element@DirectUI@@QAEJH@Z
?Create@DUIXmlParser@DirectUI@@SGJPAPAV12@P6GPAVValue@2@PBGPAX@Z2P6GX11H2@Z2@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QAEJIPAUHINSTANCE__@@0@Z
?CreateElement@DUIXmlParser@DirectUI@@QAEJPBGPAVElement@2@1PAKPAPAV32@@Z
?GetVisible@Element@DirectUI@@QAE_NXZ
?SetVisible@Element@DirectUI@@QAEJ_N@Z
?Destroy@DUIXmlParser@DirectUI@@QAEXXZ
?SetContentString@Element@DirectUI@@QAEJPBG@Z
?SetAccName@Element@DirectUI@@QAEJPBG@Z
?IsRTLReading@Element@DirectUI@@UAE_NXZ
??0Element@DirectUI@@QAE@XZ
??1Element@DirectUI@@UAE@XZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UBEXXZ
?GetChildren@ClassInfoBase@DirectUI@@UBEHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UAEXXZ
?AddChild@ClassInfoBase@DirectUI@@UAEXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UBE_NXZ
?GetModule@ClassInfoBase@DirectUI@@UBEPAUHINSTANCE__@@XZ
?Add@Element@DirectUI@@QAEJPAV12@P6AHPBX1@Z@Z
?EndDefer@Element@DirectUI@@QAEXK@Z
?IsSubclassOf@ClassInfoBase@DirectUI@@UBE_NPAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UBE_NPBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UBEPBGXZ
?GetValue@Element@DirectUI@@QAEPAVValue@2@PBUPropertyInfo@2@HPAUUpdateCache@2@@Z
?GetAtom@Value@DirectUI@@QAEGXZ
?SetLayoutPos@Element@DirectUI@@QAEJH@Z
?SetEnabled@Element@DirectUI@@QAEJ_N@Z
?GetGlobalIndex@ClassInfoBase@DirectUI@@UBEIXZ
?GetPICount@ClassInfoBase@DirectUI@@UBEIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UAEHXZ
?AddRef@ClassInfoBase@DirectUI@@UAEXXZ
??0ClassInfoBase@DirectUI@@QAE@XZ
?Click@Button@DirectUI@@SG?AVUID@@XZ
?DestroyAll@Element@DirectUI@@QAEJ_N@Z
?SetClass@Element@DirectUI@@QAEJPBG@Z
?GetStringNull@Value@DirectUI@@SGPAV12@XZ
?GetUnset@Value@DirectUI@@SGPAV12@XZ
?OnMouseFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
??1ClassInfoBase@DirectUI@@UAE@XZ
?OnEvent@Element@DirectUI@@UAEXPAUEvent@2@@Z
?OnDestroy@Element@DirectUI@@UAEXXZ
?GetContentSize@Element@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?Paint@Element@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z
wininet
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetCreateUrlW
InternetCombineUrlW
winhttp
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryAuthSchemes
WinHttpReadData
WinHttpOpenRequest
WinHttpOpen
WinHttpSetTimeouts
WinHttpSetOption
WinHttpReceiveResponse
WinHttpSetCredentials
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpSetStatusCallback
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpSendRequest
credui
CredUIPromptForCredentialsW
secur32
LsaConnectUntrusted
LsaLookupAuthenticationPackage
LsaDeregisterLogonProcess
GetUserNameExW
crypt32
CryptDecodeObject
CertFindExtension
CertGetEnhancedKeyUsage
CertDuplicateCertificateContext
CertDuplicateCertificateChain
CertGetCertificateContextProperty
CertVerifyCertificateChainPolicy
CryptMsgClose
CertOpenStore
CryptMsgUpdate
CryptMsgOpenToDecode
CryptSignMessage
CertCloseStore
CryptVerifyDetachedMessageSignature
CryptStringToBinaryW
CryptProtectData
CryptBinaryToStringW
CryptUnprotectMemory
CertGetCertificateChain
CertFreeCertificateContext
CertFreeCertificateChain
CryptProtectMemory
ktmw32
CommitTransaction
CreateTransaction
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
TaskUpdateWorkspaces
TaskUpdateWorkspaces2
TaskUpdateWorkspacesIfNeeded
WorkspaceSilentSetupW
WorkspaceStatusNotify
WorkspaceStatusNotify2
Sections
.text Size: 506KB - Virtual size: 506KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.orpc Size: 512B - Virtual size: 307B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 212KB - Virtual size: 212KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ