ActionCenter[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

ActionCenter.dll
Size

820KB
MD5

1ba555c2b6c0a6269dde81a9b0a9e4ec
SHA1

ded8d0addb66ca5d89b573771474b42e9eb6fad3
SHA256

27abcacf1c4e5318dd472d7966dc8ab645340a2f938fd52d47d3837159b59be3
SHA512

21482087832fe6c7abdf29bd9f08e4505cb462963b6fe69fc581c27a508d83a024dcd96ffb7e1ba5abbbf765176104680c88b9f03345911c6f332408174670ae
SSDEEP

12288:LaJ7UsMq2GokUuMx0GM78fFCZW7SG7cD3pW8:LatVVFoj0V7wFCZW+6E3w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ActionCenter.dll

Files

ActionCenter.dll
.dll windows:6 windows x86 arch:x86

34dc779945a9cbd5bdc1082d1a270792

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ActionCenter.pdb

Imports

msvcrt

memcpy
memcmp
isdigit
_purecall
strchr
_except_handler4_common
_vsnwprintf
_initterm
malloc
free
_amsg_exit
_XcptFilter
??2@YAPAXI@Z
??3@YAXPAX@Z
memset

kernel32

HeapFree
GetCurrentThread
DisableThreadLibraryCalls
FreeLibrary
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetLastError
AcquireSRWLockShared
ReleaseSRWLockShared
CompareStringOrdinal
SetLastError
GetModuleHandleA
CloseHandle
GetModuleHandleExW
ExpandEnvironmentStringsW
LocalAlloc
LocalFree
GetUserDefaultUILanguage
GetLocaleInfoW
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetModuleFileNameW
OutputDebugStringA
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
FormatMessageW
HeapAlloc
GetProcessHeap
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

shlwapi

SHRegGetValueW
ord219
StrStrW
PathParseIconLocationW
StrChrW
ord158
ord278
ord635
ord631

advapi32

RegOpenKeyExW
OpenThreadToken
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegGetValueW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
EventUnregister
EventRegister
EventWrite

user32

RegisterClassExW
PtInRect
GetCursorPos
GetSubMenu
LoadMenuW
DestroyIcon
SetPropW
NotifyWinEvent
RemovePropW
PostQuitMessage
GetWindowRect
GetMessageW
CalculatePopupWindowPosition
SetWindowPos
GetDoubleClickTime
IsWindowVisible
TranslateMessage
GetAncestor
SendNotifyMessageW
FindWindowW
DestroyWindow
KillTimer
DefWindowProcW
SetWindowLongW
ShowWindow
LoadStringW
GetProcessDefaultLayout
DestroyMenu
DispatchMessageW
InflateRect
LoadCursorW
TrackPopupMenuEx
AdjustWindowRectEx
SetTimer
SendMessageW
PostMessageW
SetForegroundWindow
GetWindowLongW

ntdll

WinSqmIncrementDWORD
WinSqmAddToStreamEx
WinSqmAddToStream

rpcrt4

CStdStubBuffer_AddRef
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
IUnknown_QueryInterface_Proxy
NdrOleFree
CStdStubBuffer_Connect
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
NdrOleAllocate

ole32

ObjectStublessClient13
ObjectStublessClient6
ObjectStublessClient10
ObjectStublessClient3
StringFromGUID2
CoCreateInstance
ObjectStublessClient11
ObjectStublessClient7
HWND_UserMarshal
ObjectStublessClient8
HWND_UserUnmarshal
ObjectStublessClient4
ObjectStublessClient12
ObjectStublessClient14
ObjectStublessClient5
ObjectStublessClient9
HWND_UserFree
HWND_UserSize
CoTaskMemRealloc
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoGetMalloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler

oleaut32

SysAllocString

shell32

ord723
ord100
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHQueryUserNotificationState
ShellExecuteExW

dui70

?SetActive@Element@DirectUI@@QAEJH@Z
?SetClass@Element@DirectUI@@QAEJPBG@Z
?SetDirection@Element@DirectUI@@QAEJH@Z
?SetAccessible@Element@DirectUI@@QAEJ_N@Z
?SetAccRole@Element@DirectUI@@QAEJH@Z
?SetAccState@Element@DirectUI@@QAEJH@Z
?SetAccName@Element@DirectUI@@QAEJPBG@Z
?CanSetFocus@HWNDElement@DirectUI@@UAE_NXZ
?IsMSAAEnabled@HWNDElement@DirectUI@@UAE_NXZ
?GetHWND@HWNDElement@DirectUI@@UAEPAUHWND__@@XZ
?ShowFocus@HWNDElement@DirectUI@@QAE_NXZ
?SetParentSizeControl@HWNDElement@DirectUI@@QAEX_N@Z
?SetWrapKeyboardNavigate@HWNDElement@DirectUI@@QAEJ_N@Z
?QueryInterface@Element@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?IsContentProtected@Element@DirectUI@@UAE_NXZ
?IsRTLReading@Element@DirectUI@@UAE_NXZ
?Release@Value@DirectUI@@QAEXXZ
?SetContentString@Element@DirectUI@@QAEJPBG@Z
?GetClassInfoW@HWNDElement@DirectUI@@UAEPAUIClassInfo@2@XZ
?_OnUIStateChanged@HWNDElement@DirectUI@@MAEXGG@Z
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UAEXPAPBGPAI@Z
?WndProc@HWNDElement@DirectUI@@UAEJPAUHWND__@@IIJ@Z
?CreateStyleParser@HWNDElement@DirectUI@@UAEJPAPAVDUIXmlParser@2@@Z
?OnCompositionChanged@HWNDElement@DirectUI@@UAEXXZ
?OnWmSettingChanged@HWNDElement@DirectUI@@UAEXIJ@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UAEXIJ@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UAEXPAUtagMSG@@PAJ@Z
?SetLayoutPos@Element@DirectUI@@QAEJH@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UAEXXZ
?SetVisible@Element@DirectUI@@QAEJ_N@Z
?GetAccessibleImpl@HWNDElement@DirectUI@@UAEJPAPAUIAccessible@@@Z
?RemoveTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@@Z
?ActivateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@K@Z
?UpdateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@@Z
?OnDestroy@HWNDElement@DirectUI@@UAEXXZ
?OnGroupChanged@HWNDElement@DirectUI@@UAEXH_N@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?GetUiaFocusDelegate@Element@DirectUI@@UAEPAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UAEXPAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
?GetElementProviderImpl@Element@DirectUI@@UAEJPAVInvokeHelper@2@PAPAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UAEJABU_GUID@@PAPAX@Z
?DefaultAction@Element@DirectUI@@UAEJXZ
?OnHosted@Element@DirectUI@@MAEXPAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MAE?AUtagSIZE@@HHPAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MAEXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UAEXPAUtagRECT@@@Z
?MessageCallback@Element@DirectUI@@UAEIPAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?EnsureVisible@Element@DirectUI@@UAE_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UAEPAV12@PAV12@HPBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UAEJPAPAV12@I@Z
?Insert@Element@DirectUI@@UAEJPAPAV12@II@Z
?Add@Element@DirectUI@@UAEJPAPAV12@I@Z
?GetContentSize@Element@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?Paint@Element@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UAEXPAUKeyboardEvent@2@@Z
?SetLayout@Element@DirectUI@@QAEJPAVLayout@2@@Z
?OnMouseFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPAUPropertyInfo@2@HPAVValue@2@1@Z
?GetID@Element@DirectUI@@QAEGXZ
?GetKeyFocused@Element@DirectUI@@UAE_NXZ
?GetActive@Element@DirectUI@@QAEHXZ
?GetLayoutPos@Element@DirectUI@@QAEHXZ
?GetChildren@Element@DirectUI@@QAEPAV?$DynamicArray@PAVElement@DirectUI@@$0A@@2@PAPAVValue@2@@Z
?OnThemeChanged@HWNDElement@DirectUI@@UAEXPAUThemeChangedEvent@2@@Z
?GetParent@Element@DirectUI@@QAEPAV12@XZ
?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UAEPBGPAPAVValue@2@@Z
?Add@Element@DirectUI@@QAEJPAV12@@Z
?CreateElement@DUIXmlParser@DirectUI@@QAEJPBGPAVElement@2@1PAKPAPAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QAEJIPAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SGJPAPAV12@P6GPAVValue@2@PBGPAX@Z2P6GX11H2@Z2@Z
?Create@FillLayout@DirectUI@@SGJPAPAVLayout@2@@Z
?Initialize@HWNDElement@DirectUI@@QAEJPAUHWND__@@_NIPAVElement@2@PAK@Z
?Destroy@DUIXmlParser@DirectUI@@QAEXXZ
UnInitThread
InitThread
?StartDefer@Element@DirectUI@@QAEXPAK@Z
?EndDefer@Element@DirectUI@@QAEXK@Z
InitProcessPriv
UnInitProcessPriv
?GetClassInfoPtr@Macro@DirectUI@@SGPAUIClassInfo@2@XZ
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
StrToID
??0IDataEntry@DirectUI@@QAE@XZ
??1IDataEntry@DirectUI@@UAE@XZ
??0IDataEngine@DirectUI@@QAE@XZ
??1IDataEngine@DirectUI@@UAE@XZ
??0HWNDElement@DirectUI@@QAE@XZ
??1HWNDElement@DirectUI@@UAE@XZ
?SetKeyFocus@Element@DirectUI@@UAEXXZ
?GetContentString@Element@DirectUI@@QAEPBGPAPAVValue@2@@Z
?SetDataEngine@Repeater@DirectUI@@QAEXPAUIDataEngine@2@@Z
?OnInput@HWNDElement@DirectUI@@UAEXPAUInputEvent@2@@Z
?Click@Button@DirectUI@@SG?AVUID@@XZ
?KeyboardNavigate@Element@DirectUI@@SG?AVUID@@XZ
?OnEvent@HWNDElement@DirectUI@@UAEXPAUEvent@2@@Z
GetElementDataEntry
?OnUnHosted@Element@DirectUI@@MAEXPAV12@@Z

dwmapi

DwmSetWindowAttribute
DwmIsCompositionEnabled

ext-ms-win-ntuser-private-l1-1-1

GetWindowBand
CreateWindowInBand

comctl32

ord328
ord336
ord335
ord329
ord386
ord334
ord332

wevtapi

EvtNext
EvtSeek
EvtQuery
EvtCreateRenderContext
EvtRender
EvtCreateBookmark
EvtUpdateBookmark
EvtSubscribe
EvtClose

crypt32

CryptProtectData
CryptUnprotectData

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 642B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 606KB - Virtual size: 606KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34dc779945a9cbd5bdc1082d1a270792

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

shlwapi

advapi32

user32

ntdll

rpcrt4

ole32

oleaut32

shell32

dui70

dwmapi

ext-ms-win-ntuser-private-l1-1-1

comctl32

wevtapi

crypt32

Exports

Exports

Sections

.text Size: 186KB - Virtual size: 185KB

.orpc Size: 1024B - Virtual size: 642B

.data Size: 1KB - Virtual size: 2KB

.idata Size: 12KB - Virtual size: 11KB

.rsrc Size: 606KB - Virtual size: 606KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 186KB - Virtual size: 185KB

.orpc
Size: 1024B - Virtual size: 642B

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 606KB - Virtual size: 606KB

.reloc
Size: 12KB - Virtual size: 11KB