azroleui[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

azroleui.dll
Size

443KB
MD5

843a302365db5fb769547ab7ef66e28d
SHA1

ab24c2bfefdb73f1bcfeef2a777573604caf6618
SHA256

30ac32430cc0879459f0bc23a4faef8e76b5a131f74da956f970f0f83ec94ae8
SHA512

0fade798d7015eae9d49facd3de901d539ef9af6381e488423988fe101d8ad4ff1157106cb966bf1805accf2b54fadcb89f4062001098aa885c17bd22651816f
SSDEEP

3072:sueL+AITSZJul/tPRWyFSiDAzXp+29RI8YRjyPe6PSFtPyMcoKr+AD+7QYnuh:gLfIT6GWLp+29RI8MjAAtYNC7QYu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
azroleui.dll

Files

azroleui.dll
.dll regsvr32 windows:6 windows x64 arch:x64

dde8c85819b0547c0212f33e9e92be7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

azroleui.pdb

Imports

mfc42u

ord2408
ord4770
ord4983
ord5711
ord5730
ord4368
ord5722
ord3468
ord2412
ord6660
ord3396
ord3001
ord912
ord2593
ord6440
ord1778
ord4747
ord5712
ord3806
ord665
ord1287
ord559
ord1003
ord4699
ord2532
ord4722
ord6614
ord2661
ord4127
ord3177
ord620
ord6351
ord1122
ord4602
ord4521
ord1262
ord4214
ord2752
ord659
ord1063
ord1426
ord622
ord3916
ord3534
ord6053
ord5065
ord5724
ord5615
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord5229
ord4567
ord4609
ord3319
ord6632
ord1677
ord2676
ord1574
ord286
ord2801
ord6021
ord4826
ord3174
ord371
ord877
ord5986
ord3222
ord3780
ord367
ord5602
ord3440
ord5807
ord4623
ord625
ord4262
ord6395
ord6393
ord1259
ord1264
ord6050
ord6704
ord6707
ord3417
ord1286
ord4601
ord2411
ord2781
ord2783
ord3774
ord4599
ord4014
ord4436
ord6184
ord2459
ord2049
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord3761
ord5702
ord5245
ord4721
ord852
ord337
ord4557
ord6418
ord4131
ord6887
ord5227
ord2906
ord6691
ord2903
ord1650
ord1441
ord2449
ord3820
ord2595
ord4544
ord4860
ord2393
ord3868
ord4771
ord4988
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord5699
ord2140
ord2457
ord5683
ord1736
ord5484
ord3933
ord6814
ord2060
ord2670
ord4789
ord4017
ord5709
ord4694
ord6812
ord5586
ord2399
ord5663
ord4752
ord1777
ord4365
ord6437
ord2517
ord5077
ord5406
ord5246
ord5687
ord5352
ord5382
ord5114
ord5304
ord5583
ord5585
ord5584
ord999
ord549
ord4582
ord1365
ord1499
ord624
ord1284
ord5887
ord2975
ord2629
ord6886
ord6832
ord5815
ord6821
ord5804
ord2121
ord3830
ord2876
ord1126
ord2273
ord2846
ord1463
ord4473
ord287
ord1040
ord626
ord867

msvcrt

_ltow
_wcsicmp
_itow
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
__CxxFrameHandler3
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
_XcptFilter
_wtoi64
_initterm
iswdigit
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
memcpy_s
_wtol
_wcsnicmp
_wcsicoll
_amsg_exit
iswprint
realloc
free
malloc
__C_specific_handler
wcstoul
memset
memcpy
__RTDynamicCast
_purecall
??0exception@@QEAA@AEBV0@@Z
wcscmp

atl

ord15
ord18
ord22
ord21
ord44
ord45
ord32
ord43
ord16

ntdll

RtlCreateUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlFreeUnicodeString

kernel32

SetEvent
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
CreateEventW
CloseHandle
GetModuleHandleW
LoadLibraryExW
GetProcAddress
GetLastError
GetModuleFileNameW
GetCurrentThreadId
DeleteCriticalSection
InterlockedPopEntrySList
FlushInstructionCache
GlobalFree
DecodePointer
LoadLibraryExA
InterlockedPushEntrySList
GetSystemWindowsDirectoryW
InitializeCriticalSection
ResetEvent
SetLastError
DeactivateActCtx
LoadLibraryW
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleHandleExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
QueryActCtxW
OutputDebugStringA
GetTickCount
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
Sleep
LocalFree
LocalAlloc
FindFirstFileW
FindClose
MultiByteToWideChar
FormatMessageW
CompareStringW
GetCommandLineW
ReleaseActCtx
ExpandEnvironmentStringsW
GetFullPathNameW
EncodePointer
HeapAlloc
HeapFree
GetCurrentProcess
VirtualFree
VirtualAlloc
GetProcessHeap

user32

GetWindowTextW
EnumWindows
GetDlgItem
EnableWindow
GetWindowLongW
SetWindowLongW
SetWindowTextW
MsgWaitForMultipleObjects
GetDlgCtrlID
LoadMenuW
GetSubMenu
ScreenToClient
ChildWindowFromPointEx
RegisterClipboardFormatW
LoadStringW
DestroyWindow
GetSysColor
GetSysColorBrush
SetFocus
GetClientRect
MapWindowPoints
GetFocus
MessageBoxW
MessageBeep
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
SetForegroundWindow
GetWindowThreadProcessId
FindWindowExW
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetParent
DispatchMessageW
PeekMessageW
KillTimer
SetTimer
PostThreadMessageW
CallWindowProcW
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
PostMessageW
LoadBitmapW
CloseClipboard
SendMessageW
LoadImageW
LoadIconW
CreateWindowExW

oleaut32

VariantClear
SysAllocString
VariantInit
VariantChangeType
SysStringLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SysAllocStringLen
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SysFreeString
SafeArrayGetVartype

ole32

CreateStreamOnHGlobal
CoTaskMemAlloc
StringFromCLSID
CoCreateInstance
ReleaseStgMedium
CoUninitialize
StringFromGUID2
CoInitialize
CoTaskMemFree

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
LsaOpenPolicy
ConvertSidToStringSidW
LsaClose
LsaFreeMemory
EqualPrefixSid
LsaLookupSids
ConvertStringSidToSidW
CopySid
GetLengthSid
RegCloseKey

shlwapi

PathFindFileNameW
PathAddBackslashW
PathRemoveFileSpecW
PathStripPathW

secur32

TranslateNameW

shell32

SHGetMalloc
ord259
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFolderLocation
ord258
CommandLineToArgvW

netutils

NetApiBufferFree

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

logoncli

DsGetDcNameW

gdi32

DeleteObject
GetObjectW

dsuiext

ord10

ntdsapi

DsFreeNameResultW
DsCrackNamesW

activeds

ord13
ord9

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 355KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dde8c85819b0547c0212f33e9e92be7f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

atl

ntdll

kernel32

user32

oleaut32

ole32

advapi32

shlwapi

secur32

shell32

netutils

dsrole

logoncli

gdi32

dsuiext

ntdsapi

activeds

Exports

Exports

Sections

.text Size: 355KB - Virtual size: 354KB

.data Size: 28KB - Virtual size: 39KB

.pdata Size: 11KB - Virtual size: 11KB

.idata Size: 11KB - Virtual size: 11KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 355KB - Virtual size: 354KB

.data
Size: 28KB - Virtual size: 39KB

.pdata
Size: 11KB - Virtual size: 11KB

.idata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 10KB - Virtual size: 10KB