Windows[.]Networking[.]BackgroundTransfer[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Windows.Networking.BackgroundTransfer.dll
Size

432KB
MD5

1d489dbdd52748151ba5e2e65a688fe0
SHA1

cea4b6a064f2378d79a7b4abcf7332edb2cd2fb6
SHA256

08584df9df4c71651fd095cda5cf80483fd72372ff049455a8340ffaafed02b3
SHA512

7c91467d4c68b554e2f7ea457aebfe233643c04f208181e32c6bfe40ac32a124c0c92136e48c1a78ed59e3c42f573d3344b16f0202ed9df664d96458d0ca9e46
SSDEEP

3072:2FZgdSeR5OplNh3t3UaQ/+Fx77DFuwCIs+Pqy/b/IwY8vgyym31+YvU8Z4WAflNW:Nd3exnswCIPl/Ievdv4WAbUpkABjqAx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Windows.Networking.BackgroundTransfer.dll

Files

Windows.Networking.BackgroundTransfer.dll
.dll regsvr32 windows:6 windows x86 arch:x86

6dbb3f505d7d7bf7b9e7c7a1ba3ba586

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Windows.Networking.BackgroundTransfer.pdb

Imports

msvcrt

_onexit
__dllonexit
_unlock
_lock
_initterm
__CxxFrameHandler3
_except_handler4_common
_amsg_exit
_XcptFilter
memcmp
realloc
free
_ftol2
malloc
memmove_s
_wcsicmp
_ui64tow_s
??3@YAXPAX@Z
_wcstoui64
wcsstr
_purecall
_itow_s
_vsnwprintf
??2@YAPAXI@Z
memcpy
memset

ntdll

RtlNtStatusToDosError
WinSqmAddToStreamEx
RtlInitUnicodeString

api-ms-win-core-file-l1-2-1

WriteFile
GetTempPathW
SetFilePointer
GetFileSizeEx
ReadFile
CompareFileTime
CreateDirectoryW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
CreateFileW

api-ms-win-core-errorhandling-l1-1-1

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

NdrDllRegisterProxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrClientCall2
RpcBindingFree
RpcBindingSetAuthInfoExW
NdrOleAllocate
RpcStringBindingComposeW
RpcBindingFromStringBindingW
NdrDllGetClassObject
NdrStubForwardingFunction
NdrCStdStubBuffer_Release
NdrStubCall2
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
CStdStubBuffer_AddRef
UuidFromStringW
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
UuidCreate
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
RpcStringFreeW
UuidFromStringA
UuidToStringW
NdrDllUnregisterProxy

api-ms-win-core-synch-l1-2-0

CreateEventW
ReleaseSRWLockShared
WaitForSingleObject
AcquireSRWLockShared
InitializeCriticalSection
ReleaseMutex
CreateMutexW
WaitForSingleObjectEx
SetEvent
Sleep
WaitForMultipleObjectsEx
EnterCriticalSection
DeleteCriticalSection
ReleaseSRWLockExclusive
InitOnceExecuteOnce
LeaveCriticalSection
InitializeSRWLock
AcquireSRWLockExclusive

api-ms-win-core-file-l2-1-1

MoveFileExW

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
GetCurrentThread
TerminateProcess
OpenProcessToken
GetCurrentThreadId
OpenThreadToken
GetProcessId
GetCurrentProcessId
OpenProcess

api-ms-win-security-base-l1-2-0

FreeSid
RevertToSelf
AllocateAndInitializeSid
ImpersonateSelf
GetTokenInformation

api-ms-win-core-heap-l1-2-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventRegister
EventUnregister

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetTickCount64
GetSystemTimePreciseAsFileTime
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
TrySubmitThreadpoolCallback
CallbackMayRunLong
FreeLibraryWhenCallbackReturns
CreateThreadpoolWait
CloseThreadpoolWait

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FreeLibrary
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegGetValueW
RegCloseKey
RegQueryValueExW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

combase

ord9
ord2
ord5
ord32
ord8
ord10
ord90
ord6
ord14
ord7
ord16
ord15
ord33
ord12
ord11
ord13
ord36
ord34

systemeventsbrokerclient

SebDeleteEvent
SebSignalBackgroundDownloadEvent
SebCreateUnconstrainedBackgroundDownloadEvent
SebCreateBackgroundDownloadEvent
SebRegisterWellKnownEvent

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 375KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 969B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6dbb3f505d7d7bf7b9e7c7a1ba3ba586

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-file-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-handle-l1-1-0

rpcrt4

api-ms-win-core-synch-l1-2-0

api-ms-win-core-file-l2-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-security-base-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

combase

systemeventsbrokerclient

api-ms-win-core-localization-l1-2-1

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 375KB - Virtual size: 374KB

.orpc Size: 1024B - Virtual size: 969B

.data Size: 4KB - Virtual size: 6KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 456B

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 375KB - Virtual size: 374KB

.orpc
Size: 1024B - Virtual size: 969B

.data
Size: 4KB - Virtual size: 6KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 456B

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 29KB - Virtual size: 29KB