MbaeApi[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MbaeApi.dll
Size

667KB
MD5

fc1bdc45993a3e3a20450392a028d30d
SHA1

e1045e43df02c2235d576cc13539c3add6dd6d3e
SHA256

5b3b4e88d5ebe45b03612bca422672540932abf6dd74295b57be27e4e5b67415
SHA512

70a7e69d6902ea26da5b28a7079438a478d0a0bd8252da8d99ead3b8bb781cd13db14694d15d42b8f3d83f6e1c6cf05a73e84ebbc1d4612b6e88673b212e670e
SSDEEP

12288:y3zF0JKPm4wEPj665DxISfCLmon2S2z7N5UzgMwppcc41h:yx0ULFPu4DxISwn2J7/gwrcc41h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MbaeApi.dll

Files

MbaeApi.dll
.dll regsvr32 windows:10 windows x86 arch:x86

5b6610e4119442bd08e6f12874ba20d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MbaeApi.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-string-l1-1-0

memset
memmove_s

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wcsicmp
_o__wcsnicmp
_o__wtoi
_o_calloc
_o_free
_o_isalpha
_o_iswspace
_o_malloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstombs
_except_handler4_common
_CxxThrowException
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
_o__cexit
_o__crt_atexit
_o__callnewh
_o__configure_narrow_argv
__std_terminate
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

LockResource
GetModuleHandleExW
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
LoadLibraryExW
FreeLibrary
GetModuleHandleW
GetProcAddress
GetModuleHandleExA
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OpenMutexW
WaitForSingleObject
InitializeCriticalSection
CreateEventW
CreateEventExW
SetEvent
ReleaseSRWLockShared
InitializeSRWLock
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ResetEvent
ReleaseMutex
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
CreateThread
OpenProcessToken

api-ms-win-core-localization-l1-2-0

SetThreadLocale
GetThreadLocale
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SafeArrayGetElement
SafeArrayDestroy
GetErrorInfo
SafeArrayGetLBound
SafeArrayGetUBound
SysReAllocStringLen
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VarBstrCat
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
VarUI4FromStr
BSTR_UserMarshal
VARIANT_UserMarshal
BSTR_UserUnmarshal
VARIANT_UserSize
VARIANT_UserUnmarshal
VARIANT_UserFree
BSTR_UserFree
BSTR_UserSize
SysFreeString
SetErrorInfo

rpcrt4

NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
NdrClientCall4
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
UuidFromStringW
RpcBindingFree
RpcBindingBind
RpcBindingCreateW
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
CStdStubBuffer_Connect
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient12
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient6
ObjectStublessClient10
ObjectStublessClient13
ObjectStublessClient14
ObjectStublessClient11
ObjectStublessClient5
ObjectStublessClient3
ObjectStublessClient7
ObjectStublessClient4

api-ms-win-core-com-l1-1-0

StringFromIID
CoTaskMemAlloc
CoWaitForMultipleHandles
CoTaskMemRealloc
CoTaskMemFree
StringFromCLSID
StringFromGUID2
CoCreateInstance
CLSIDFromString
CoCreateFreeThreadedMarshaler

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteValueW
RegGetValueW
RegDeleteTreeW
RegSetValueExW
RegQueryValueExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolThreadMinimum
SubmitThreadpoolWork
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpool
CreateThreadpoolWork
SetThreadpoolThreadMaximum
CreateThreadpool

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
TraceMessage
GetTraceEnableLevel

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

ntdll

RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlAllocateWnfSerializationGroup
RtlUnsubscribeWnfNotificationWaitForCompletion
WinSqmIncrementDWORD
NtQueryKey

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoUninitialize

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-security-base-l1-1-0

IsWellKnownSid
GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

crypt32

CryptUnprotectData
CryptProtectData

api-ms-win-core-file-l1-1-0

GetFullPathNameW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString
WindowsDeleteString

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-service-private-l1-1-0

SubscribeServiceChangeNotifications
UnsubscribeServiceChangeNotifications

api-ms-win-security-accesshlpr-l1-1-0

QueryTransientObjectSecurityDescriptor
FreeTransientObjectSecurityDescriptor

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 543KB - Virtual size: 542KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b6610e4119442bd08e6f12874ba20d9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

ntdll

api-ms-win-core-winrt-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

crypt32

api-ms-win-core-file-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-service-private-l1-1-0

api-ms-win-security-accesshlpr-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

Exports

Exports

Sections

.text Size: 543KB - Virtual size: 542KB

.data Size: 11KB - Virtual size: 14KB

.idata Size: 10KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 308B

.rsrc Size: 73KB - Virtual size: 73KB

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 543KB - Virtual size: 542KB

.data
Size: 11KB - Virtual size: 14KB

.idata
Size: 10KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 308B

.rsrc
Size: 73KB - Virtual size: 73KB

.reloc
Size: 28KB - Virtual size: 27KB