FXSAPI[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

FXSAPI.dll
Size

222KB
MD5

942e57152f1cd0533644ab30ef1a4728
SHA1

707dd9d62390100c39134512ed7f8056ee2f0e18
SHA256

4f72510becfafdbb06c9caac66ba9e95225de1ea12b4d2fd5b67492a2e628abd
SHA512

165db48e4928145a4678816b55b6f781bdb6863ef28de27769ba277be4066f36c8b6d6513fa13d70f1e0c26f30e4bf8b49f0b9ca5e301bfedb691e035b1f1a16
SSDEEP

3072:GN2ohgfzUAIr8js6IMjQn6EkvVrVukJzdh4AqJSba5sGtif9yARTTd6:YyzFs6IGGnkvVMkHKfMzyApT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FXSAPI.dll

Files

FXSAPI.dll
.dll windows:6 windows x86 arch:x86

1bd38313e69a18e8dca272433ac63fdb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FXSAPI.pdb

Imports

msvcrt

_amsg_exit
_initterm
free
malloc
_XcptFilter
realloc
_errno
wcschr
iswalpha
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_wcsnicmp
__CxxFrameHandler
_mbstrlen
wcsstr
wcsncmp
_wcsnset
_itow
_vsnwprintf
qsort
wcsrchr
_mbsicmp
_wcsicmp
memcpy
memset

rpcrt4

RpcBindingToStringBindingW
RpcStringBindingParseW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcBindingServerFromClient
RpcServerRegisterAuthInfoW
RpcServerListen
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcServerUnregisterIf
RpcBindingFree
RpcBindingSetAuthInfoW
RpcBindingInqAuthClientW
RpcServerRegisterIf
NdrServerCall2
NdrClientCall2

kernel32

EnterCriticalSection
LocalFree
GetLastError
PostQueuedCompletionStatus
LocalAlloc
GetSystemTimeAsFileTime
GetComputerNameW
lstrlenW
DeleteCriticalSection
VirtualAlloc
ReadFile
CloseHandle
GetFileSize
GetFileAttributesW
GetFullPathNameW
DeleteFileW
WriteFile
GetTempFileNameW
GetTempPathW
GetLocalTime
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
DisableThreadLibraryCalls
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
Sleep
OutputDebugStringA
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
LeaveCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersion
HeapDestroy
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
GetVersionExW
InterlockedDecrement
SetFilePointer
ExpandEnvironmentStringsW
InterlockedIncrement
OutputDebugStringW
WideCharToMultiByte
MultiByteToWideChar
FileTimeToSystemTime
GetDateFormatW
SystemTimeToFileTime
CreateDirectoryW
GetCurrentThread
CreateEventW
OpenEventW
SetEvent
WaitForSingleObject
SetEndOfFile
MapViewOfFile
GetFileType
CreateFileW
LocalFileTimeToFileTime
GetSystemTime
MapViewOfFileEx
CreateFileMappingW
CopyFileW
GetStringTypeExW
GetTimeFormatW
MulDiv
CreateProcessW
ReleaseMutex
WaitForMultipleObjects
SetEnvironmentVariableW
CreateMutexW
OpenMutexW
SetLastError
VirtualFree
TerminateProcess
InitializeCriticalSection
UnmapViewOfFile

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
ReportEventW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
OpenSCManagerW
RegQueryValueExW
IsValidSecurityDescriptor
GetSecurityDescriptorControl
GetSecurityDescriptorLength
RegOpenKeyExW
RegCloseKey
TraceMessage
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
RegEnumKeyExW
CloseServiceHandle
CopySid
GetLengthSid
IsValidSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
SetSecurityDescriptorDacl
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
QueryServiceStatus
OpenServiceW
StartServiceW

winspool.drv

OpenPrinterW
EnumPrintersW
FindClosePrinterChangeNotification
FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification
SetPrinterW
AddPrinterW
ClosePrinter
SetJobW
DocumentPropertiesW
GetJobW
GetPrinterW

gdi32

EndPage
StartPage
DeleteDC
StartDocW
CreateDCW
EndDoc
DeleteEnhMetaFile
DeleteObject
GetTextMetricsW
SelectObject
CreateFontIndirectW
SetTextColor
GetDeviceCaps
LPtoDP
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
SetBkMode
RestoreDC
PlayEnhMetaFile
GetEnhMetaFileHeader
SetEnhMetaFileBits
SaveDC
SelectClipRgn
CreateRectRgnIndirect
StretchDIBits

user32

DrawTextW
PostMessageW

Exports

Exports

FXSAPIFree
FXSAPIInitialize
FaxAbort
FaxAccessCheck
FaxAccessCheckEx
FaxAccessCheckEx2
FaxAddOutboundGroupA
FaxAddOutboundGroupW
FaxAddOutboundRuleA
FaxAddOutboundRuleW
FaxAnswerCall
FaxCheckValidFaxFolder
FaxClose
FaxCompleteJobParamsA
FaxCompleteJobParamsW
FaxConnectFaxServerA
FaxConnectFaxServerW
FaxCreateAccount
FaxDeleteAccount
FaxEnableRoutingMethodA
FaxEnableRoutingMethodW
FaxEndMessagesEnum
FaxEnumAccounts
FaxEnumGlobalRoutingInfoA
FaxEnumGlobalRoutingInfoW
FaxEnumJobsA
FaxEnumJobsEx2
FaxEnumJobsExA
FaxEnumJobsExW
FaxEnumJobsW
FaxEnumMessagesA
FaxEnumMessagesEx
FaxEnumMessagesW
FaxEnumOutboundGroupsA
FaxEnumOutboundGroupsW
FaxEnumOutboundRulesA
FaxEnumOutboundRulesW
FaxEnumPortsA
FaxEnumPortsExA
FaxEnumPortsExW
FaxEnumPortsW
FaxEnumRoutingExtensionsA
FaxEnumRoutingExtensionsW
FaxEnumRoutingMethodsA
FaxEnumRoutingMethodsW
FaxEnumerateProvidersA
FaxEnumerateProvidersW
FaxFreeBuffer
FaxFreeSenderInformation
FaxGetAccountInfo
FaxGetActivityLoggingConfigurationA
FaxGetActivityLoggingConfigurationW
FaxGetArchiveConfigurationA
FaxGetArchiveConfigurationW
FaxGetConfigOption
FaxGetConfigWizardUsed
FaxGetConfigurationA
FaxGetConfigurationW
FaxGetCountryListA
FaxGetCountryListW
FaxGetDeviceStatusA
FaxGetDeviceStatusW
FaxGetExtensionDataA
FaxGetExtensionDataW
FaxGetGeneralConfiguration
FaxGetJobA
FaxGetJobEx2
FaxGetJobExA
FaxGetJobExW
FaxGetJobW
FaxGetLoggingCategoriesA
FaxGetLoggingCategoriesW
FaxGetMessageA
FaxGetMessageEx
FaxGetMessageTiffA
FaxGetMessageTiffW
FaxGetMessageW
FaxGetOutboxConfiguration
FaxGetPageData
FaxGetPersonalCoverPagesOption
FaxGetPortA
FaxGetPortExA
FaxGetPortExW
FaxGetPortW
FaxGetQueueStates
FaxGetReceiptsConfigurationA
FaxGetReceiptsConfigurationW
FaxGetReceiptsOptions
FaxGetRecipientInfoA
FaxGetRecipientInfoW
FaxGetRecipientsLimit
FaxGetReportedServerAPIVersion
FaxGetRoutingInfoA
FaxGetRoutingInfoW
FaxGetSecurity
FaxGetSecurityEx
FaxGetSecurityEx2
FaxGetSenderInfoA
FaxGetSenderInfoW
FaxGetSenderInformation
FaxGetServerActivity
FaxGetServerSKU
FaxGetServicePrintersA
FaxGetServicePrintersW
FaxGetVersion
FaxInitializeEventQueue
FaxOpenPort
FaxPrintCoverPageA
FaxPrintCoverPageW
FaxReAssignMessage
FaxRefreshArchive
FaxRegisterForServerEvents
FaxRegisterForServerEventsEx
FaxRegisterRoutingExtensionW
FaxRegisterServiceProviderExA
FaxRegisterServiceProviderExW
FaxRelease
FaxRemoveMessage
FaxRemoveOutboundGroupA
FaxRemoveOutboundGroupW
FaxRemoveOutboundRule
FaxSendDocumentA
FaxSendDocumentEx2
FaxSendDocumentExA
FaxSendDocumentExW
FaxSendDocumentForBroadcastA
FaxSendDocumentForBroadcastW
FaxSendDocumentW
FaxSetActivityLoggingConfigurationA
FaxSetActivityLoggingConfigurationW
FaxSetArchiveConfigurationA
FaxSetArchiveConfigurationW
FaxSetConfigWizardUsed
FaxSetConfigurationA
FaxSetConfigurationW
FaxSetDeviceOrderInGroupA
FaxSetDeviceOrderInGroupW
FaxSetExtensionDataA
FaxSetExtensionDataW
FaxSetGeneralConfiguration
FaxSetGlobalRoutingInfoA
FaxSetGlobalRoutingInfoW
FaxSetJobA
FaxSetJobW
FaxSetLoggingCategoriesA
FaxSetLoggingCategoriesW
FaxSetMessage
FaxSetOutboundGroupA
FaxSetOutboundGroupW
FaxSetOutboundRuleA
FaxSetOutboundRuleW
FaxSetOutboxConfiguration
FaxSetPortA
FaxSetPortExA
FaxSetPortExW
FaxSetPortW
FaxSetQueue
FaxSetReceiptsConfigurationA
FaxSetReceiptsConfigurationW
FaxSetRoutingInfoA
FaxSetRoutingInfoW
FaxSetSecurity
FaxSetSecurityEx2
FaxSetSenderInformation
FaxStartMessagesEnum
FaxStartMessagesEnumEx
FaxStartPrintJob2W
FaxStartPrintJobA
FaxStartPrintJobW
FaxUnregisterForServerEvents
FaxUnregisterRoutingExtensionA
FaxUnregisterRoutingExtensionW
FaxUnregisterServiceProviderExA
FaxUnregisterServiceProviderExW
IsDeviceVirtual

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bd38313e69a18e8dca272433ac63fdb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

kernel32

advapi32

winspool.drv

gdi32

user32

Exports

Exports

Sections

.text Size: 201KB - Virtual size: 200KB

.data Size: 7KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 201KB - Virtual size: 200KB

.data
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB