iashlpr[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

iashlpr.dll
Size

110KB
MD5

73741dfffe51d9078399492a54450ce0
SHA1

abe3e682440ef29218a268f8d2546be59ffb2a9e
SHA256

1e69cad8ce418fc8f1afb57ecd5300dfa3db41ee6c7dc4f59d41b87bc9bf6fd5
SHA512

b6de76511ce3befeab21ee22892d1df09881dd981fb1252fae85afd3919154b0eb00389ebad64cf08c274ed7f38ed38f13f19455a8042a39ab84b05b05dc0a61
SSDEEP

1536:tV9PnJ5ZkfQpukzgLJSDhM9u7CGxLzjBK2mjTRNbh/wnvQ8TE8KmLp7:tVlReQpu58hYuvZK2mjTRNOTimLp7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
iashlpr.dll

Files

iashlpr.dll
.dll regsvr32 windows:6 windows x64 arch:x64

d564896c5dbd6e3f377dd2344ead17ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

iashlpr.pdb

Imports

msvcrt

memcpy
_wcsicmp
_itow_s
_ultow_s
wcschr
_strnicmp
vsprintf_s
_CxxThrowException
__CxxFrameHandler3
free
malloc
_callnewh
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
??1type_info@@UEAA@XZ
_purecall
wcscpy_s
wcscspn
sprintf_s
_snprintf_s
_wcsupr_s
wcsrchr
wcscat_s
memcpy_s
swprintf_s
??0exception@@QEAA@AEBQEBD@Z
memmove_s
??0exception@@QEAA@XZ
memset

atl

ord16
ord21
ord15
ord18
ord22
ord32

iasrad

?radiusFromIAS@VSAFilter@@QEBAJPEAUIAttributesRaw@@H@Z
?radiusToIAS@VSAFilter@@QEBAJPEAUIAttributesRaw@@@Z
?shutdown@VSAFilter@@QEAAJXZ
?initialize@VSAFilter@@QEAAJXZ

iassvcs

IASReportSecurityEvent
IASReportEvent
IASRegisterComponent

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlImageNtHeader
RtlFreeHeap
RtlVirtualUnwind
RtlAllocateHeap

advapi32

UnregisterTraceGuids
CreateWellKnownSid
OpenSCManagerA
QueryServiceStatusEx
OpenServiceA
FreeSid
LookupAccountSidW
AllocateAndInitializeSid
StartServiceW
QueryServiceStatus
TraceMessage
OpenSCManagerW
OpenServiceW
CloseServiceHandle
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

kernel32

SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTickCount
LocalFree
GetCurrentProcess
GetCurrentProcessId
FormatMessageA
FileTimeToLocalFileTime
GetComputerNameExW
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
SetThreadStackGuarantee
GetModuleFileNameW
GetLastError
FileTimeToSystemTime
FormatMessageW
InitializeCriticalSection
DeleteCriticalSection
Sleep
SetEvent
CreateEventW
WaitForSingleObjectEx
CloseHandle
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
DisableThreadLibraryCalls
CreateTimerQueue
DeleteTimerQueueEx
SleepEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
WideCharToMultiByte
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemInfo
GetCurrentThreadId
GetModuleHandleW

ole32

CoCreateInstance
CLSIDFromProgID
CoGetClassObject
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VariantInit
SysFreeString
SysStringLen
SetErrorInfo
LoadRegTypeLi
SysAllocStringByteLen
SysAllocString
VariantClear

rtutils

TraceDumpExA
TraceVprintfExA
TraceRegisterExW
TraceDeregisterW

ws2_32

WSAGetLastError
WSAStartup
WSACleanup
FreeAddrInfoW
GetAddrInfoW
GetNameInfoW

rpcrt4

Ndr64AsyncClientCall
RpcAsyncCancelCall
RpcAsyncCompleteCall
RpcStringFreeW
RpcBindingSetOption
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcAsyncInitializeHandle
I_RpcExceptionFilter
RpcBindingFree
NdrClientCall3

qutil

FreeNapComponentRegistrationInfoArray

Exports

Exports

AllocateAttributes
ConfigureIas
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DoRequest
DoRequestAsync
FreeAttributes
GetOptionIas
InitializeIas
MemAllocIas
MemFreeIas
MemReallocIas
SetOptionIas
ShutdownIas

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d564896c5dbd6e3f377dd2344ead17ff

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

iasrad

iassvcs

ntdll

advapi32

kernel32

ole32

oleaut32

rtutils

ws2_32

rpcrt4

qutil

Exports

Exports

Sections

.text Size: 87KB - Virtual size: 86KB

.data Size: 1024B - Virtual size: 5KB

.pdata Size: 3KB - Virtual size: 2KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 512B - Virtual size: 508B

.text
Size: 87KB - Virtual size: 86KB

.data
Size: 1024B - Virtual size: 5KB

.pdata
Size: 3KB - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 512B - Virtual size: 508B