authui[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

authui.dll
Size

1.7MB
MD5

cdd35c1ce1ebfe80c055691cdc8df443
SHA1

f519446aa941655aa28d158bbe78cf51f5402b93
SHA256

de548012a90fffcf6b6ca1ffa5c04167cbaaa8656d7d9a7132d62340c3958409
SHA512

7d085b550f2cb1c08ba873cb4fd12364abfde7dc2ae0c763d4b99bb575366f156f21d84063d95e5299882277cecdc1318636a1c7415103a4279addff919b387e
SSDEEP

12288:gbqmMjsGIw8uK3QNYzrMHKu9muAaz+3KKKKKKKKF1CzogaOZ9ei:UqmYX7b4YHMbaESo3M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
authui.dll

Files

authui.dll
.dll windows:6 windows x86 arch:x86

a302eb5c012e9f62d6075be97ce3e8d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

authui.pdb

Imports

msvcrt

_except_handler4_common
_ftol2
towupper
_ltow
wcsncmp
wcsstr
_wcslwr
_CxxThrowException
memcpy_s
__CxxFrameHandler3
wcsrchr
memmove_s
wcstoul
_wtoi
_itow
wcstok_s
wcstol
floor
_ftol2_sse
memmove
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_amsg_exit
_initterm
free
malloc
_XcptFilter
_wcsicmp
_vsnwprintf
wcschr
memcpy
memset

ntdll

EtwGetTraceEnableLevel
NtOpenProcess
NtOpenProcessToken
NtQueryInformationToken
NtClose
NtPowerInformation
RtlExtendedLargeIntegerDivide
RtlInitUnicodeString
WinSqmStartSession
WinSqmEndSession
WinSqmAddToStream
WinSqmSetDWORD
WinSqmIncrementDWORD
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwEventRegister
EtwEventUnregister
VerSetConditionMask
RtlEqualUnicodeString
EtwTraceMessage
RtlNtStatusToDosErrorNoTeb
EtwGetTraceEnableFlags
RtlInitString
RtlNtStatusToDosError
EtwEventWrite
NtSetSystemInformation

api-ms-win-core-localregistry-l1-1-0

RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CLSIDFromString
PropVariantClear
CoUninitialize
CoInitializeEx
CoAddRefServerProcess
CoReleaseServerProcess
CoRevokeClassObject
CoRegisterClassObject
CoLoadLibrary
CreateStreamOnHGlobal
CoWaitForMultipleHandles
CoInitialize

rpcrt4

RpcAsyncInitializeHandle
I_RpcExceptionFilter
RpcAsyncCompleteCall
RpcAsyncCancelCall
RpcBindingFree
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcBindingInqLocalClientPID
I_RpcBindingIsClientLocal
RpcBindingInqAuthClientW
RpcServerUnregisterIf
RpcBindingVectorFree
RpcEpUnregister
RpcServerListen
RpcEpRegisterW
UuidFromStringW
RpcServerInqBindings
RpcServerRegisterIfEx
RpcServerUseProtseqW
NdrServerCall2
NdrAsyncClientCall

cryptui

CryptUIDlgViewCertificateW

comctl32

ord321
ord323
ord338
ord343
ord326
ord328
ord336
ord334
ord324
ord329
ord385
ord331
ord320
ord337
ImageList_Destroy
ord413
ImageList_GetImageCount
ImageList_LoadImageW
ImageList_DrawEx
ord410
ord380
InitCommonControlsEx
ord344
ord345
ord388
ord332
ord386
ord322
ord339
ord412

shlwapi

ord219
SHRegGetValueW
ord260
ord12
ord618
PathFileExistsW
SHCreateStreamOnFileW
ord628
ord437
ord629
ord560
StrDupW
StrChrW
SHSetValueW
SHStrDupW

gdi32

SetWindowOrgEx
CreateCompatibleDC
GetDeviceCaps
GetDeviceGammaRamp
SetDeviceGammaRamp
GetObjectW
DeleteObject
GetDIBits
OffsetWindowOrgEx
DeleteDC
GetStockObject
GdiTransparentBlt
BitBlt
PatBlt
CreateDIBSection
SetDIBits
GdiAlphaBlend
RestoreDC
SelectClipRgn
SaveDC
OffsetRgn
CreateRoundRectRgn
SetStretchBltMode
GetStretchBltMode
SetPixel
CombineRgn
StretchBlt
SetBkMode
SetTextAlign
SetTextColor
TextOutW
CreateFontIndirectW
CreateDCW
CreateCompatibleBitmap
GetBitmapBits
CreateBitmap
GetLayout
CreateSolidBrush
SelectObject

user32

TrackPopupMenuEx
DestroyMenu
PeekMessageW
MsgWaitForMultipleObjectsEx
MapWindowPoints
DestroyWindow
UnregisterClassW
LoadBitmapW
RedrawWindow
GetWindowDC
DestroyIcon
SetActiveWindow
SetForegroundWindow
SetPropW
GetIconInfo
CreateIconIndirect
DialogBoxIndirectParamW
ShowWindow
SetWindowPos
GetDC
MonitorFromWindow
GetMonitorInfoW
ReleaseDC
InsertMenuItemW
GetUserObjectInformationW
EndDialog
GetWindowLongW
AdjustWindowRectEx
GetWindowRect
OffsetRect
CopyRect
MessageBoxTimeoutW
PostQuitMessage
GetMessageW
TranslateMessage
DispatchMessageW
LoadIconW
LoadStringW
GetKeyState
SystemParametersInfoW
SendMessageW
GetThreadDesktop
SetThreadDesktop
EnumWindows
IsWindow
GetParent
PostMessageW
GetSystemMetrics
CreatePopupMenu
SendInput
ShowCursor
EndMenu
EnableWindow
RegisterClassExW
DefWindowProcW
LoadCursorW
EnumDisplayMonitors
GetClassInfoExW
InvalidateRect
CharUpperBuffW
SetRectEmpty
GetSysColor
IsRectEmpty
GetKeyboardLayout
GetMouseMovePointsEx
GetSysColorBrush
FillRect
LoadImageW
IsProcessDPIAware
RegisterClassW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
BuildReasonArray
DialogBoxParamW
RecordShutdownReason
IsWindowEnabled
EnableMenuItem
GetWindowTextLengthW
IsDlgButtonChecked
GetWindowTextW
CheckDlgButton
ReasonCodeNeedsComment
GetDesktopWindow
BeginPaint
EndPaint
GetClientRect
GetWindow
GetDlgItem
MessageBoxW
GetAsyncKeyState
IsSETEnabled
CreateWindowExW
KillTimer
SetWindowLongW
SetTimer
DrawStateW
DrawIconEx
SetRect
MoveWindow
CopyImage
NotifyWinEvent
GetCursor
MonitorFromPoint
UnregisterClassA
UpdateWindow
GetCursorPos
ScreenToClient
ClientToScreen
TrackPopupMenu
AppendMenuW
PtInRect
SetWindowTextW
DestroyReasons

crypt32

CertCreateCertificateContext
CertFreeCertificateContext

kernel32

lstrcmpiW
ReadFile
SetLastError
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
LocalReAlloc
FindResourceExW
DecodePointer
EncodePointer
GetUserPreferredUILanguages
LocaleNameToLCID
ResolveLocaleName
GetLocaleInfoEx
LCIDToLocaleName
GetModuleHandleW
DebugBreak
lstrlenW
LoadLibraryW
GetSystemPowerStatus
GetUserDefaultLCID
RegQueryValueExW
RegDeleteValueW
HeapSetInformation
RegDeleteTreeW
GetEnvironmentVariableW
RegSetValueExW
RegCreateKeyExW
CreateEventExW
OpenEventW
QueueUserWorkItem
WaitForMultipleObjects
GetSystemInfo
RegGetValueW
CreateFileW
GetFileSize
ExpandEnvironmentStringsW
GetStdHandle
WTSGetActiveConsoleSessionId
IsWow64Process
QueueUserAPC
GetUserGeoID
GetAtomNameW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
RaiseException
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
RegOpenKeyExA
LoadLibraryA
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
SleepEx
GetLocaleInfoW
GetThreadUILanguage
OpenProcess
lstrcmpW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedExchange
WaitForSingleObject
GetCurrentProcess
DuplicateHandle
FindResourceW
SizeofResource
LoadResource
LockResource
GetCurrentThreadId
CreateThread
SetThreadUILanguage
SetEvent
CompareStringW
GetComputerNameW
CreateEventW
CloseHandle
MulDiv
InitializeCriticalSectionAndSpinCount
Sleep
ExpandEnvironmentStringsA
CompareStringOrdinal
FormatMessageW
GetProductInfo
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
VerifyVersionInfoW
LocalAlloc
LocalFree
LoadLibraryExW
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LoadLibraryExA
InterlockedCompareExchange
FreeLibrary
GetLastError
GetProcAddress
DelayLoadFailureHook
HeapFree
GetProcessHeap
HeapAlloc
GetModuleFileNameW
RegQueryValueExA

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a302eb5c012e9f62d6075be97ce3e8d3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-localregistry-l1-1-0

ole32

rpcrt4

cryptui

comctl32

shlwapi

gdi32

user32

crypt32

kernel32

Exports

Exports

Sections

.text Size: 386KB - Virtual size: 386KB

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 386KB - Virtual size: 386KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 24KB - Virtual size: 23KB