Windows[.]Networking[.]Connectivity[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Windows.Networking.Connectivity.dll
Size

420KB
MD5

946d73063de07748eae1c7515c5f9e44
SHA1

266269527029480cdff58b01ae97f0c337932f7f
SHA256

df6782b87375110d5c8a72fd86edfa2875ad751769a1070a235b6c39dc9b73f7
SHA512

53029388ba43ef0ff9c39a75e1021aea10029a35758a087eda09e0d353a960958a5b516372d4f443be640912f5058022e3f98dc62fba45b0c7c609939cbc6c6c
SSDEEP

6144:jf6Qa162UaTQdL/OaIbRk9/GDJFZZlR1bBpNUC3:j53lHxP8wGDJFZRdOC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Windows.Networking.Connectivity.dll

Files

Windows.Networking.Connectivity.dll
.dll regsvr32 windows:6 windows x86 arch:x86

1f0b1313f822c7ee7162921cdd9af871

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Windows.Networking.Connectivity.pdb

Imports

msvcrt

realloc
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
strchr
_CxxThrowException
??0exception@@QAE@ABV0@@Z
memcpy
__pctype_func
___lc_handle_func
___lc_codepage_func
calloc
___mb_cur_max_func
_errno
__crtLCMapStringW
strerror
abort
??1type_info@@UAE@XZ
??2@YAPAXI@Z
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
??1exception@@UAE@XZ
_initterm
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
__CxxFrameHandler3
_except_handler4_common
malloc
free
_amsg_exit
_XcptFilter
_purecall
??3@YAXPAX@Z
memcmp
setlocale
??_V@YAXPAX@Z
memset

rpcrt4

NdrStubCall2
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
NdrOleAllocate
NdrStubForwardingFunction
NdrOleFree
IUnknown_QueryInterface_Proxy
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllUnregisterProxy
CStdStubBuffer_AddRef

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsIsStringEmpty
WindowsDuplicateString
HSTRING_UserFree
WindowsStringHasEmbeddedNull
HSTRING_UserUnmarshal
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
HSTRING_UserSize
HSTRING_UserMarshal

api-ms-win-core-winrt-error-l1-1-1

RoTransformError
SetRestrictedErrorInfo
RoOriginateError
GetRestrictedErrorInfo
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
RoOriginateErrorW

api-ms-win-core-com-l1-1-1

CoSetProxyBlanket
CoImpersonateClient
CoCopyProxy
CoIncrementMTAUsage
CoRevertToSelf
IIDFromString
CoDecrementMTAUsage
CoGetCallContext
CoMarshalInterface
CoTaskMemFree
CreateStreamOnHGlobal
CoReleaseMarshalData
CoCreateInstance
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
RoGetAgileReference

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls
GetModuleFileNameW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

Sleep
WaitForSingleObject
InitOnceExecuteOnce
CreateEventExW
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
CreateEventW
AcquireSRWLockExclusive
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeSRWLock

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
OpenThreadToken
TerminateProcess
GetCurrentProcess
OpenProcess
GetCurrentProcessId
OpenProcessToken
GetCurrentThread

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-1

GetLastError
RaiseException
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
TrySubmitThreadpoolCallback
CallbackMayRunLong
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SubmitThreadpoolWork
CreateThreadpoolWait
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWait
CloseThreadpoolWork

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-security-base-l1-2-0

GetTokenInformation
CheckTokenCapability

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

ntdll

RtlLoadString
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlNtStatusToDosError
memmove_s
memmove
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage

combase

ord14
ord6
ord32
ord10
ord12
ord5
ord9
ord2
ord8
ord34
ord15
ord33
ord11
ord16
ord7
ord13

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SetHostNameMediaStreamingMode

Sections

.text
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 757B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f0b1313f822c7ee7162921cdd9af871

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

ntdll

combase

api-ms-win-core-heap-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 373KB - Virtual size: 373KB

.orpc Size: 1024B - Virtual size: 757B

.data Size: 5KB - Virtual size: 6KB

.idata Size: 7KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 292B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 31KB - Virtual size: 30KB

.text
Size: 373KB - Virtual size: 373KB

.orpc
Size: 1024B - Virtual size: 757B

.data
Size: 5KB - Virtual size: 6KB

.idata
Size: 7KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 292B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 31KB - Virtual size: 30KB