apds[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

apds.dll
Size

214KB
MD5

fe82846a803f29e47a7415a71638aa97
SHA1

3e132d63e3f8549ebf19372cf14d1d0b6ac70111
SHA256

f6692797933547ba8739f6353ec9d1f5ee72a7e46dbf9848c80e6d7b516833be
SHA512

10ce9b26692ef43326b2779fda8be6cc8fe80a75ad8dce686320dcaeb491eee3682fa923df0de68d6b8180cd7031987c72d8448060592d20e24198892aa5c5dc
SSDEEP

3072:ovnERMVGM/uZpkh350WTrhO2/iAKg0EUmY4Dfm/AwWhhBXwq4:ovnmMbXTrhdiAKg0EUmY4K/Aw+hBXh4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
apds.dll

Files

apds.dll
.dll regsvr32 windows:6 windows x86 arch:x86

5efbecbd194b2710582e0d7fbb87db05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

apds.pdb

Imports

msvcrt

__dllonexit
_onexit
_errno
realloc
_except_handler4_common
_lock
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
memset
wcstok_s
wcsstr
wcscat_s
wcscpy_s
wcsncpy_s
malloc
_wcslwr_s
iswspace
wcschr
_vscwprintf
vswprintf_s
??0exception@@QAE@ABQBD@Z
__CxxFrameHandler3
calloc
free
_ui64toa_s
_unlock
_strtoui64
_purecall
_wcsicmp
memmove_s
memcpy_s
memcmp

kernel32

FindResourceW
GetProductInfo
DelayLoadFailureHook
ResolveDelayLoadedAPI
OutputDebugStringA
GetModuleHandleW
GetVersionExW
GetProcAddress
SizeofResource
LockResource
LoadResource
FindResourceExW
GlobalLock
GlobalSize
GlobalUnlock
GlobalAlloc
CloseHandle
GetTempPathW
GetTempFileNameW
CreateFileW
WriteFile
GetLocaleInfoEx
FindClose
FindFirstFileExW
FindNextFileW
DisableThreadLibraryCalls
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
LoadLibraryExW
InitializeCriticalSection
GetWindowsDirectoryW
FreeLibrary
lstrcmpiW
MultiByteToWideChar
ExpandEnvironmentStringsW
LocalFree
LocalAlloc
LoadLibraryW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount

user32

CharNextW
UnregisterClassA

advapi32

RegOpenKeyW
TraceEvent
GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegEnumValueW
UnregisterTraceGuids
RegQueryInfoKeyW
RegSetValueExW
GetTraceEnableFlags
RegDeleteValueW
RegCreateKeyExW

ole32

CoGetMalloc
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

LoadTypeLi
VariantClear
VarUI4FromStr
VarBstrCat
SysAllocStringLen
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
LoadRegTypeLi
UnRegisterTypeLi
SysAllocString
RegisterTypeLi
VariantInit
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString

shlwapi

PathAppendW
UrlUnescapeW
ord12
SHCreateStreamOnFileEx
AssocQueryStringW
SHRegGetValueW
PathFileExistsW
PathFindExtensionW
PathCombineW

cabinet

ord20
ord23
ord21
ord22

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5efbecbd194b2710582e0d7fbb87db05

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

cabinet

Exports

Exports

Sections

.text Size: 109KB - Virtual size: 108KB

.data Size: 3KB - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 76B

.rsrc Size: 88KB - Virtual size: 88KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 109KB - Virtual size: 108KB

.data
Size: 3KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 76B

.rsrc
Size: 88KB - Virtual size: 88KB

.reloc
Size: 8KB - Virtual size: 7KB