dpapisrv[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

dpapisrv.dll
Size

184KB
MD5

a8647f4b5de3f2e529d0055054ca6e11
SHA1

210c16f0261c24bed9208172ba8ed6d20c3ef2ab
SHA256

fb036dc96a7694590e105d91b8a6012e361f8bf140584ccd918ca01c8fef9cd5
SHA512

fa65f758d1b0ecebd79f87a7b4aafbbf4f41df3a9f9964fbd2d178bc2b35594bf5de991a43a6e55c2c9b579a89655b288563ba43465921b118b8773687726d1a
SSDEEP

3072:cHtWelMMiuR8PTZmapms93ZU2fytcdB2BM0HZ:EwM1R8PTnpms9322aPM0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dpapisrv.dll

Files

dpapisrv.dll
.dll windows:6 windows x64 arch:x64

ca202c76d2f5a1e1c52f080ffd7961fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dpapisrv.pdb

Imports

msvcrt

memcpy
memmove
_initterm
malloc
free
_amsg_exit
_XcptFilter
__C_specific_handler
wcscat_s
_wcsicmp
_vsnwprintf
memcmp
memset

rpcrt4

RpcServerRegisterAuthInfoW
UuidCreate
UuidToStringW
RpcServerUnregisterIfEx
RpcServerUnregisterIf
RpcServerRegisterIf3
NdrServerCall2
NdrServerCallAll
NdrClientCall3
RpcServerInqDefaultPrincNameW
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcNetworkIsProtseqValidW
RpcRevertToSelf
RpcStringFreeW
RpcServerUseProtseqEpW
RpcBindingFree
RpcServerRegisterIfEx
RpcBindingSetAuthInfoExW
RpcImpersonateClient
RpcEpResolveBinding
RpcRevertToSelfEx
UuidFromStringW
RpcStringBindingComposeW
RpcBindingFromStringBindingW

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
SetThreadToken
OpenThreadToken
OpenProcessToken
GetCurrentThread
TerminateProcess

api-ms-win-security-base-l1-2-0

GetSidSubAuthorityCount
CopySid
DuplicateTokenEx
CheckTokenMembership
IsValidSid
EqualSid
SetTokenInformation
ImpersonateLoggedOnUser
AllocateAndInitializeSid
FreeSid
RevertToSelf
GetTokenInformation
GetLengthSid
DuplicateToken
CreateWellKnownSid
AllocateLocallyUniqueId
ImpersonateSelf
AdjustTokenPrivileges

api-ms-win-core-sysinfo-l1-2-1

GetComputerNameExW
GetTickCount
GetSystemTime
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-errorhandling-l1-1-1

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

bcrypt

BCryptGenerateSymmetricKey
BCryptDestroyKey
BCryptGetProperty
BCryptGenRandom
BCryptEncrypt
BCryptDestroyHash
BCryptHashData
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDecrypt
BCryptCreateHash
BCryptGenerateKeyPair
BCryptFinalizeKeyPair
BCryptImportKeyPair
BCryptExportKey
BCryptDeriveKeyCapi
BCryptOpenAlgorithmProvider

api-ms-win-core-file-l1-2-1

FindFirstFileW
SetFilePointer
GetFileSize
CompareFileTime
ReadFile
FindNextFileW
DeleteFileW
WriteFile
CreateFileW
FindClose

api-ms-win-core-synch-l1-2-0

EnterCriticalSection
DeleteCriticalSection
OpenMutexW
WaitForSingleObject
Sleep
AcquireSRWLockExclusive
LeaveCriticalSection
SetEvent
ReleaseSRWLockShared
InitializeSRWLock
CreateEventW
AcquireSRWLockShared
CreateMutexW
InitializeCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-memory-l1-1-2

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
VirtualQuery

cryptbase

SystemFunction041
SystemFunction040

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

ncrypt

NCryptSetProperty
NCryptFinalizeKey
NCryptFreeObject
NCryptCreatePersistedKey
NCryptOpenStorageProvider

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegLoadKeyW
RegCreateKeyExW
RegUnLoadKeyW
RegNotifyChangeKeyValue
RegQueryValueExW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-rtlsupport-l1-2-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize
LocalFree
LocalAlloc
LocalReAlloc

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

lsass.exe

LsaGetInterface

ntdll

RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlLeaveCriticalSection
RtlInitializeCriticalSection
ord1
NtOpenEvent
NtCreateEvent
RtlFreeHeap
RtlDosPathNameToRelativeNtPathName_U
NtCreateFile
RtlReleaseRelativeName
EtwGetTraceEnableLevel
NtPrivilegeCheck
EtwEventRegister
EtwRegisterTraceGuidsW
EtwEventUnregister
EtwUnregisterTraceGuids
EtwGetTraceLoggerHandle
RtlAllocateHeap
RtlImageNtHeader
RtlUpcaseUnicodeString
RtlEqualSid
RtlInitUnicodeString
EtwTraceMessage
NtClose
NtOpenThreadToken
EtwEventWrite
RtlNtStatusToDosError
RtlFreeUnicodeString
EtwGetTraceEnableFlags
RtlEqualDomainName

ntasn1

ord5
ord4

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

InitializeLsaExtension
QueryLsaInterface

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca202c76d2f5a1e1c52f080ffd7961fb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

api-ms-win-core-processthreads-l1-1-2

api-ms-win-security-base-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-handle-l1-1-0

bcrypt

api-ms-win-core-file-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-memory-l1-1-2

cryptbase

api-ms-win-core-timezone-l1-1-0

ncrypt

api-ms-win-core-registry-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

lsass.exe

ntdll

ntasn1

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 157KB - Virtual size: 157KB

.data Size: 3KB - Virtual size: 2KB

.pdata Size: 6KB - Virtual size: 6KB

.idata Size: 8KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 384B

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 844B

.text
Size: 157KB - Virtual size: 157KB

.data
Size: 3KB - Virtual size: 2KB

.pdata
Size: 6KB - Virtual size: 6KB

.idata
Size: 8KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 384B

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 844B