TileDataRepository[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

TileDataRepository.dll
Size

445KB
MD5

15004ac3a439ab0996029404551f3832
SHA1

5659b1818b9f7070ed97050def00d6fac14e3d9e
SHA256

7e1a2c4ed9a654bce6c0d0ec46b4793d428ebfb765794a52c914809049732135
SHA512

1b125700db467845c1be20c67c9d5a994b5d72bbcc30d65eb893736ab9ce0d0cf60a2597d92f704ddc219d31aca7f88cbca92e804641cf780f48965259dafa7c
SSDEEP

12288:dZutXfZLU4UlsrF49lBQOAFTB0Erj2booUtTTirt8+iWGcOwCFzmad23tU:dZqXfZLU4UlsrF49lBQOAFTB0Gj2boob

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TileDataRepository.dll

Files

TileDataRepository.dll
.dll windows:10 windows x86 arch:x86

bdcc54d969f337b9b74980a915c4835d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

TileDataRepository.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__ultow_s
_o__wcsicmp
memmove
_o_free
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
__CxxFrameHandler3
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__get_errno
_o__crt_atexit
_o__configure_narrow_argv
__std_terminate
wcschr
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
memmove_s

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
GetModuleHandleExW
LoadLibraryExW
GetModuleHandleW
GetProcAddress
FreeLibrary
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
CreateSemaphoreExW
ReleaseSemaphore
InitializeCriticalSectionEx
EnterCriticalSection
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
LeaveCriticalSection
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThread
OpenProcessToken
GetCurrentThreadId
GetCurrentProcess
ProcessIdToSessionId
SetThreadToken
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
SetRestrictedErrorInfo
RoOriginateError
GetRestrictedErrorInfo
RoTransformError

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateString
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-com-l1-1-0

CoReleaseMarshalData
CreateStreamOnHGlobal
CoMarshalInterface
CoTaskMemAlloc
CoGetInterfaceAndReleaseStream
CoGetApartmentType
CoCreateGuid
CoGetCallContext
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoCreateFreeThreadedMarshaler

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventActivityIdControl
EventWriteTransfer
EventRegister

ntdll

RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlGetDeviceFamilyInfoEnum
NtQueryInformationThread
RtlLookupElementGenericTableAvl
NtSetInformationThread
NtQueryInformationFile
NtQueryInformationProcess
RtlInitializeGenericTableAvl
NtAccessCheck
RtlFreeHeap
RtlAllocateHeap
RtlConvertSidToUnicodeString
RtlLeaveCriticalSection
RtlIsMultiUsersInSessionSku
RtlFreeUnicodeString
RtlEnterCriticalSection
RtlInitUnicodeString
RtlValidSid
RtlLengthSid
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlInsertElementGenericTableAvl

api-ms-win-security-base-l1-1-0

GetTokenInformation
GetLengthSid
CreateWellKnownSid
CopySid

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegGetValueW

staterepository.core

sqlite3_shutdown
sqlite3_close
sqlite3_errmsg
sqlite3_log
sqlite3_get_autocommit
sqlite3_changes
sqlite3_last_insert_rowid
sqlite3_db_filename
sqlite3_db_status
sqlite3_next_stmt
sqlite3_errcode
sqlite3_free
sqlite3_vfs_unregister
sqlite3_status
sqlite3_expanded_sql
sqlite3_snprintf
sqlite3_config
sqlite3_step
sqlite3_reset
sqlite3_finalize
sqlite3_sql
sqlite3_column_blob
sqlite3_column_text16
sqlite3_column_bytes
sqlite3_column_int64
sqlite3_column_int
sqlite3_bind_blob
sqlite3_bind_text16
sqlite3_bind_int64
sqlite3_bind_int
sqlite3_clear_bindings
sqlite3_db_handle
sqlite3_exec
sqlite3_stmt_busy
sqlite3_prepare_v2

windows.staterepository

StateRepository_DataAccessLayer_DatabaseCache_Get
StateRepository_DataAccessLayer_DatabaseCache_Add
StateRepository_Shutdown
StateRepository_Initialize

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileAttributesW
WriteFile

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-security-lsalookup-l1-1-0

LsaLookupOpenLocalPolicy
LsaLookupClose
LsaLookupGetDomainInfo
LsaLookupFreeMemory

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 411KB - Virtual size: 410KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bdcc54d969f337b9b74980a915c4835d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-eventing-provider-l1-1-0

ntdll

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-registry-l1-1-1

api-ms-win-core-registry-l1-1-0

staterepository.core

windows.staterepository

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-security-lsalookup-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-windowserrorreporting-l1-1-1

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 411KB - Virtual size: 410KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 10KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 76B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 411KB - Virtual size: 410KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 10KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 76B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 20KB