FirewallControlPanel[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

FirewallControlPanel.dll
Size

845KB
MD5

11d23cb85baec15eb0e7262d13071b71
SHA1

3f531204c2c835323bc9ded44e33b1024209ab8b
SHA256

dfd342f4155dac1ade26b476beccf0958d0ccf379d7d402b9d7ca56ea5e2444d
SHA512

b270fdec5c6e3790a58bc9765644fa0add3470cc69cd9db90cff5461907e37f162d45cd138b91e242db549991efe7c1607f1c756b350b6bf19daf313cce691d5
SSDEEP

12288:htBiljMBo/hB1sjm6zJHMed87HHjlmoRnJj0ZbC0XWNYacpf:htBiljMBYmmOJ7danZmkR04Xyf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FirewallControlPanel.dll

Files

FirewallControlPanel.dll
.dll regsvr32 windows:6 windows x86 arch:x86

c0dcd84666fed0d65444c45fb804cb2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FirewallControlPanel.pdb

Imports

msvcrt

_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
__CxxFrameHandler3
??1type_info@@UAE@XZ
_lock
__dllonexit
_onexit
_except_handler4_common
floor
_ftol2_sse
_CxxThrowException
towupper
wcsrchr
_unlock
memset
_vsnwprintf
_wcsicmp
wcsspn
malloc
qsort
memcpy_s
_purecall
_wtol
free
memcpy

ntdll

EtwLogTraceEvent
WinSqmIncrementDWORD
RtlQueryElevationFlags
WinSqmAddToStream
WinSqmIsOptedIn
EtwEventWrite
EtwEventUnregister
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage

oleaut32

LoadTypeLi
SysFreeString
SysAllocString
LoadRegTypeLi
SysStringLen
VariantClear
VariantInit

api-ms-win-core-com-l1-1-1

CoTaskMemAlloc
CoCreateGuid
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoSetProxyBlanket
StringFromGUID2

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
LoadLibraryExA
GetModuleHandleW
LoadStringW
GetModuleFileNameW
FreeLibrary
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

ResetEvent
CreateEventW
LeaveCriticalSection
SetEvent
EnterCriticalSection
ReleaseMutex
WaitForSingleObject
Sleep
InitializeCriticalSection
DeleteCriticalSection
OpenMutexW

api-ms-win-core-heap-l1-2-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
FlushInstructionCache
IsProcessorFeaturePresent

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-2-0

FreeSid
CheckTokenMembership
AllocateAndInitializeSid

api-ms-win-core-sysinfo-l1-2-1

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-memory-l1-1-2

VirtualFree
VirtualAlloc

api-ms-win-core-interlocked-l1-2-0

InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpICW
StrCmpCW
SHLoadIndirectString
QISearch

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW
lstrlenW

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

shcore

CommandLineToArgvW
IUnknown_QueryService
ord145
IUnknown_Set
ord140
ord190
SHStrDupW
IUnknown_SetSite
IUnknown_GetSite

shlwapi

PathFindExtensionW
ord538
PathFindFileNameW
AssocQueryStringW
ord172
ord204
ord24
ord278

user32

MessageBeep
GetKeyState
RemovePropW
SetCapture
SetTimer
GetDlgItemInt
GetWindowTextLengthW
SetDlgItemInt
KillTimer
ReleaseCapture
GetWindow
SetWindowTextW
NotifyWinEvent
PtInRect
GetMessagePos
DrawFocusRect
GetFocus
InflateRect
GetParent
MessageBoxW
LoadIconW
MapWindowPoints
SystemParametersInfoW
InvalidateRect
MoveWindow
GetWindowTextW
ReleaseDC
DrawTextW
GetDlgCtrlID
EndPaint
BeginPaint
FillRect
SetRect
DrawIconEx
GetClientRect
GetSysColor
IsWindowVisible
GetDC
SetFocus
DestroyIcon
EndDialog
GetMonitorInfoW
MonitorFromRect
GetWindowRect
IsDlgButtonChecked
SetForegroundWindow
SetActiveWindow
SetWindowPos
GetDoubleClickTime
SetClassLongW
LoadImageW
CheckDlgButton
EnableWindow
SendDlgItemMessageW
ShowWindow
GetDlgItem
SetDlgItemTextW
SetCursor
LoadCursorW
SendMessageW
SetPropW
UnregisterClassW
CallWindowProcW
GetPropW
RegisterClassExW
GetClassInfoExW
DialogBoxParamW
GetActiveWindow
LockSetForegroundWindow
PostMessageW
SetWindowLongW
DefWindowProcW
GetWindowLongW
UnregisterClassA
CreateIconIndirect
CreateWindowExW
ClientToScreen
DestroyWindow
GetSystemMetrics

kernel32

QueueUserWorkItem
UnregisterWaitEx

gdi32

CreateCompatibleDC
DeleteDC
SelectObject
GetStockObject
SetTextColor
CreateBitmapIndirect
SetBkMode
DeleteObject
CreateSolidBrush
CreateFontIndirectW
GetObjectW
SetDIBits
CreateCompatibleBitmap

uxtheme

SetWindowTheme
GetThemeBackgroundContentRect
GetThemeFont
DrawThemeBackground
CloseThemeData
GetThemeColor
OpenThemeData
IsThemeActive

oleacc

ObjectFromLresult
LresultFromObject
CreateStdAccessibleProxyW

firewallapi

IsRuleOpenPortOrAuthApp
FWGetGlobalConfig
FwGetVersionField
FwIsGroupPolicyEnforced
FWOpenPolicyStore
IcfChangeNotificationCreate
FWEnumProducts
FWGetConfig
FWClosePolicyStore
FWFreeProducts
IcfChangeNotificationDestroy
FwAnalyzeFirewallPolicyOnProfile
IsRuleOldGlobalOpenPort
IsRuleOldAuthApp
FWEnumFirewallRules
FWFreeFirewallRules
FWSetFirewallRule
FwAlloc
FwActivate
FWDeleteFirewallRule
FwFree
FWAddFirewallRule

msimg32

GradientFill

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
ActivateActCtx
ReleaseActCtx
DeactivateActCtx

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ShowNotificationDialogW
ShowWarningDialogW

Sections

.text
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 594KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0dcd84666fed0d65444c45fb804cb2c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

oleaut32

api-ms-win-core-com-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-interlocked-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-threadpool-private-l1-1-0

shcore

shlwapi

user32

kernel32

gdi32

uxtheme

oleacc

firewallapi

msimg32

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 221KB - Virtual size: 220KB

.data Size: 2KB - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 8KB

.didat Size: 1024B - Virtual size: 932B

.rsrc Size: 594KB - Virtual size: 594KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 221KB - Virtual size: 220KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.didat
Size: 1024B - Virtual size: 932B

.rsrc
Size: 594KB - Virtual size: 594KB

.reloc
Size: 17KB - Virtual size: 16KB