SensorsApi[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

SensorsApi.dll
Size

318KB
MD5

4b3a2b2d7a26d0567a255ffd09ba078c
SHA1

b9a7ee7bb2bfc5b86c9f9fd17584ddbedf071e48
SHA256

113ede50bbabf2d564dc1ad9b1166103a77766a7190945a3d732e34aa57ce272
SHA512

e2dbb3321fa1040c541f674fb65198160d3e70b10a6116c8c0b4c197bb5fbc7704f0dd0c9e0344aef411017143fcff65d8b27ba96913acb5fb424e28b64d56fc
SSDEEP

6144:ZrJOuk6PaTCqJ79qr0UUTnK301Ur4UF5oY5NxvkHf7EuGv5ITRD0OQF+uoo6cVls:muk6UC84QUUfyr4UoS6uHYw8WNZiKf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SensorsApi.dll

Files

SensorsApi.dll
.dll regsvr32 windows:10 windows x86 arch:x86

525cd8f306a3a71b485a5cea7f0b99a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SensorsApi.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
memmove_s
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcsnicmp
_o_calloc
_o_free
_o_malloc
_o_strncat_s
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wmemcpy_s
_except_handler4_common
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsrchr
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
__std_terminate
__CxxFrameHandler3
_o__cexit
_o__callnewh
memcmp
memcpy

rpcrt4

CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerRelease
NdrDllGetClassObject
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
NdrDllCanUnloadNow
CStdStubBuffer_Connect
NdrCStdStubBuffer_Release
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
NdrDllUnregisterProxy
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
NdrDllRegisterProxy
CStdStubBuffer_DebugServerQueryInterface

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient14
ObjectStublessClient10
ObjectStublessClient17
ObjectStublessClient12
ObjectStublessClient9
ObjectStublessClient4
ObjectStublessClient16
ObjectStublessClient8
ObjectStublessClient6
ObjectStublessClient11
ObjectStublessClient3
ObjectStublessClient15
ObjectStublessClient5
ObjectStublessClient13
ObjectStublessClient7

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadResource
GetModuleFileNameA
GetModuleFileNameW
SizeofResource
GetModuleHandleExA
LockResource
FindResourceExW
LoadLibraryExW
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-localization-l1-2-0

SetThreadLocale
GetThreadLocale
FormatMessageW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
ReleaseMutex
CreateEventW
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSection
AcquireSRWLockExclusive
LeaveCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
ResetEvent
CreateMutexExW
SetEvent
ReleaseSemaphore
EnterCriticalSection
InitializeCriticalSectionEx
WaitForMultipleObjectsEx
CreateSemaphoreExW
CreateEventExW
InitializeSRWLock
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapSize
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegGetKeySecurity
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegSetKeySecurity
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TerminateProcess
ExitProcess
GetCurrentProcessId
CreateThread
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-marshal-l1-1-0

HWND_UserMarshal
HWND_UserSize
HWND_UserFree
HWND_UserUnmarshal

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

user32

DispatchMessageW
LoadCursorW
SetCursor
TranslateMessage
UnregisterClassA
IsWindow
PostQuitMessage
DialogBoxParamW
PeekMessageW
MsgWaitForMultipleObjectsEx
EndDialog
LoadStringW

sensorsutilsv2

IsKeyPresentInCollectionList
PropVariantGetInformation
PropKeyFindKeySetPropVariant
PropKeyFindKeyGetFloat
PropKeyFindKeyGetDouble
InitPropVariantFromFloat
PropKeyFindKeyGetPropVariant
CollectionsListCopyAndMarshall
CollectionsListGetMarshalledSize
IsCollectionListSame
CollectionsListGetSerializedSize
PropKeyFindKeyGetUlong
PropKeyFindKeyGetFileTime
PropKeyFindKeyGetGuid

sensorsnativeapi.v2

SensorUnregisterDeviceRemovalNotificationV2
SensorGetDataFieldPropertiesV2
SensorGetPropertiesV2
SensorGetDataThresholdsV2
SensorGetDataIntervalV2
SensorSetDataThresholdsV2
SensorSetDataIntervalV2
SensorEnableIdleOperationV2
SensorGetDataCollectionV2
SensorGetSupportedDataFieldsV2
SensorStartStateChangeNotificationV2
SensorStartCollectionV2
SensorStopV2
SensorCloseV2
SensorRegisterDeviceRemovalNotificationV2
SensorStopStateChangeNotificationV2
SensorGetCapabilitiesCollectionV2
SensorOpenByInterfaceV2

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
CloseThreadpool
SetThreadpoolThreadMaximum
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolThreadMinimum
CreateThreadpool
CreateThreadpoolWork
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork

api-ms-win-security-base-l1-1-0

GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
CheckTokenMembership
FreeSid
AddAce
GetAclInformation
IsValidSid
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetTokenInformation
CopySid
AddAccessAllowedAceEx
AllocateAndInitializeSid
GetAce
IsWellKnownSid

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-psapi-l1-1-0

K32GetModuleBaseNameW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

WinSqmIsOptedIn
WinSqmAddToStreamEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SensorCloseCOM
SensorEnableIdleOperationCOM
SensorGetAccDataCOM
SensorGetAlsDataCOM
SensorGetAlsDataWithColorCOM
SensorGetBarDataCOM
SensorGetCapabilitiesCollectionCOM
SensorGetDataCollectionCOM
SensorGetDeviceIdCOM
SensorGetFusDataCOM
SensorGetGyrDataCOM
SensorGetMagDataCOM
SensorGetPropertiesCOM
SensorGetPrxDataCOM
SensorGetThresholdsCOM
SensorOpenByInterfaceCOM
SensorPermissionsHandler
SensorPermissionsHandlerA
SensorPermissionsHandlerW
SensorRegisterEventCOM
SensorSetAccThresholdsCOM
SensorSetAlsThresholdsCOM
SensorSetAlsWithColorThresholdsCOM
SensorSetBarThresholdsCOM
SensorSetFusThresholdsCOM
SensorSetGyrThresholdsCOM
SensorSetIntervalCOM
SensorSetMagThresholdsCOM
SensorSetOrientationSensorThresholdsCOM
SensorSetThresholdsCOM
SensorStartCollectionCOM
SensorStopCOM
SensorUnregisterEventCOM

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

525cd8f306a3a71b485a5cea7f0b99a4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-marshal-l1-1-0

api-ms-win-shcore-unicodeansi-l1-1-0

user32

sensorsutilsv2

sensorsnativeapi.v2

api-ms-win-core-threadpool-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

ntdll

Exports

Exports

Sections

.text Size: 282KB - Virtual size: 282KB

.data Size: 1024B - Virtual size: 3KB

.idata Size: 10KB - Virtual size: 10KB

.didat Size: 512B - Virtual size: 332B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 282KB - Virtual size: 282KB

.data
Size: 1024B - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 332B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 21KB - Virtual size: 20KB