AppointmentActivation[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AppointmentActivation.dll
Size

116KB
MD5

3be490b354191315571d5e9b3bec148f
SHA1

6825180b184ed86e739b8d6a6840d9087f22796b
SHA256

0800cf0e680f4b44d358d44a57b332c7767f95c29b6cc541fe7293d74813b5f1
SHA512

215057a228742a9a8e0673b66654ab88392c3f7318a3a7b6b60ab1517b55d57c6f58c441d9c5ee09b6131ddb83ba990f24566d5bce0ad82fbee631565a0b7a68
SSDEEP

3072:w1ejvAFoD7GRpVsQc7kRW3gzxzAb7Pd7DkfnnRiE:wGaYQcoR+gdqd7wg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AppointmentActivation.dll

Files

AppointmentActivation.dll
.dll windows:10 windows x86 arch:x86

22d023744077e2a1995911d28fed3452

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AppointmentActivation.pdb

Imports

msvcrt

_wcstoi64
free
_initterm
_XcptFilter
wcscspn
memcpy_s
_amsg_exit
_lock
_vsnwprintf
malloc
wcstoul
_unlock
__dllonexit
wcsrchr
_onexit
_wcsicmp
_wcstoui64
wcsstr
__CxxFrameHandler3
_except_handler4_common
wcsncmp
_purecall
_vsnwprintf_s
memmove
_vscwprintf
_callnewh
memcmp
memcpy
memset

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId

rpcrt4

NdrCStdStubBuffer2_Release
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_Invoke
CStdStubBuffer_DebugServerQueryInterface
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrStubForwardingFunction
NdrOleAllocate
NdrStubCall2
CStdStubBuffer_DebugServerRelease
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
CStdStubBuffer_IsIIDSupported

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserSize
WindowsDuplicateString
WindowsCreateStringReference
HSTRING_UserUnmarshal
WindowsCreateString
WindowsDeleteString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
HSTRING_UserFree
HSTRING_UserMarshal
WindowsGetStringRawBuffer
WindowsSubstringWithSpecifiedLength

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
CreateSemaphoreExW
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
LeaveCriticalSection
OpenSemaphoreW
InitializeSRWLock
DeleteCriticalSection
AcquireSRWLockShared
CreateEventExW
InitializeCriticalSectionEx
ReleaseSemaphore
ReleaseSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockExclusive
SetEvent
CreateMutexExW
ReleaseMutex

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleHandleExA
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameA

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateFreeThreadedMarshaler
CoWaitForMultipleObjects
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoTaskMemFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef

api-ms-win-core-url-l1-1-0

UrlUnescapeW
UrlEscapeW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient10
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient6
NdrProxyForwardingFunction5
NdrProxyForwardingFunction4
CStdStubBuffer2_CountRefs
CStdStubBuffer2_Connect
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction3
ObjectStublessClient7
CStdStubBuffer2_Disconnect

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AwaitAppointmentActivation
DeserializeActivationArgs
DeserializeAppointment
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetAddAppointmentArgument
GetCalendarChooserArgument
GetLegacyAppointmentDetailsArgumentString
GetProxyDllInfo
GetRemoveAppointmentArgument
GetReplaceAppointmentArgument
GetWindowIdOfHost
ReleaseActivationArgs
SerializeAppointmentIdsResult
SerializeCalendarIdResult
ShowAddAppointment
ShowAddAppointmentAsync
ShowAppointmentDetails
ShowCalendarChooser
ShowCalendarChooserAsync
ShowRemoveAppointment
ShowRemoveAppointmentAsync
ShowReplaceAppointment
ShowReplaceAppointmentAsync
ShowTimeFrame

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22d023744077e2a1995911d28fed3452

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-appmodel-runtime-l1-1-1

rpcrt4

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 100KB - Virtual size: 99KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB