aclui[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aclui.dll
Size

1014KB
MD5

96c109f9d44e3370e3a57f40c9628d22
SHA1

7e673d76c1399e518ffb61c0586b6d805778bf86
SHA256

6996c8c00834ee0f0a11a3323e2bf0b105974545d380f9cc822a9af10a52d1dc
SHA512

711f1b1fc92f19b64f71664230ea38a65ed6d29345962b46854862ba6bd05f02fc71bc3e7cda11446f77cd1620e0df433123c59f193ae8cb276dc191d4651a5e
SSDEEP

24576:naAmdPKUS58fgSX+bKQi1Sj57nyTTzgSNJ:nERKUS5K+bxVjlnwMSN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aclui.dll

Files

aclui.dll
.dll windows:6 windows x64 arch:x64

44d4315623401862ca0801ba2b348e9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aclui.pdb

Imports

msvcrt

iswctype
_wcstoui64
_ultow
_ui64tow_s
wcstok_s
_i64tow_s
_wcstoi64
_CxxThrowException
__RTDynamicCast
floor
memcmp
memcpy
realloc
_errno
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
__CxxFrameHandler3
?terminate@@YAXXZ
_initterm
_amsg_exit
_ultow_s
wcstoul
wcsncpy_s
swprintf_s
__C_specific_handler
memset
wcsrchr
malloc
wcscpy_s
iswspace
memmove
wcspbrk
wcscspn
wcsspn
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBDH@Z
memcpy_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
wcsncmp
_wcsnicmp
_XcptFilter
_vsnwprintf
memmove_s
wcschr
wcsnlen
free
_itow_s
wcscmp

ntdll

EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlLengthSid
RtlCreateUnicodeString
RtlFreeUnicodeString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError
RtlEqualUnicodeString
RtlGetNtProductType
RtlInitUnicodeString
RtlAddScopedPolicyIDAce
RtlCreateAcl
RtlGetAce
RtlSubAuthoritySid
RtlConvertSidToUnicodeString
RtlAddAccessDeniedAceEx
RtlAddAce
RtlSetDaclSecurityDescriptor
RtlEqualSid
RtlCopySid
RtlFirstFreeAce
RtlValidAcl
RtlAddAuditAccessObjectAce
RtlValidSid
RtlGetSaclSecurityDescriptor
RtlAddAccessDeniedObjectAce
RtlSetGroupSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedObjectAce
RtlGetDaclSecurityDescriptor
RtlInitializeSid
RtlAddAccessAllowedAceEx
RtlSubAuthorityCountSid
RtlGetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAuditAccessAceEx
RtlSetOwnerSecurityDescriptor
RtlInitializeCriticalSectionEx
RtlDeleteCriticalSection
EtwTraceMessage
RtlNtStatusToDosErrorNoTeb
RtlRunOnceExecuteOnce
WinSqmIsOptedIn
WinSqmEndSession
WinSqmSetString
WinSqmStartSession
WinSqmIsOptedInEx
WinSqmSetDWORD
WinSqmIncrementDWORD
WinSqmAddToStream
RtlIsCapabilitySid
RtlIsPackageSid

kernel32

ResolveDelayLoadedAPI
DelayLoadFailureHook
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
lstrcmpW
LocalAlloc
LocalFree
TlsGetValue
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
RaiseException
GetProcessHeap
HeapAlloc
CompareStringW
GetLastError
CheckElevationEnabled
CreateThreadpoolWait
SetThreadpoolWait
AcquireSRWLockShared
ReleaseSRWLockShared
SetEvent
CompareStringEx
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapFree
FormatMessageW
DisableThreadLibraryCalls
InitializeCriticalSection
TlsAlloc
TlsFree
DeleteCriticalSection
LocalReAlloc
LoadLibraryW
CreateThread
FreeLibrary
CloseHandle
WaitForSingleObjectEx
GetModuleHandleW
FreeLibraryAndExitThread
HeapReAlloc
GetCurrentProcess
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
GlobalLock
GlobalUnlock
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
lstrcmpiW
HeapDestroy
HeapSize
EncodePointer
VirtualFree
InterlockedPopEntrySList
FlushInstructionCache
GetProcAddress
VirtualAlloc
DecodePointer
LoadLibraryExA
InterlockedPushEntrySList
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
OutputDebugStringA
FindResourceW
GetCurrentThread
LoadLibraryExW

user32

GetActiveWindow
DialogBoxParamW
RedrawWindow
GetFocus
SetFocus
IsWindowVisible
GetSystemMetrics
IsWindowEnabled
MessageBoxW
LoadImageW
GetWindowLongW
SetWindowLongW
GetAncestor
GetDC
ReleaseDC
RegisterWindowMessageW
GetWindow
GetWindowPlacement
SetWindowPlacement
RegisterClassW
UnregisterClassW
MapDialogRect
SystemParametersInfoW
DestroyIcon
GetDlgCtrlID
GetScrollInfo
SetScrollPos
ScrollWindow
SetScrollInfo
PostMessageW
OffsetRect
MoveWindow
ShowScrollBar
InflateRect
FrameRect
GetSysColorBrush
GetSysColor
DrawFocusRect
EnumDisplaySettingsW
CreateWindowExW
keybd_event
SetTimer
KillTimer
ClientToScreen
RegisterClipboardFormatW
DrawTextW
UnregisterClassA
GetDlgItemTextW
GetWindowRect
GetParent
EnableWindow
MapWindowPoints
SetWindowPos
ShowWindow
DestroyWindow
EndDialog
SetDlgItemTextW
SetWindowTextW
SendDlgItemMessageW
LoadIconW
GetClientRect
GetDlgItem
SendMessageW
LoadCursorW
SetCursor
SetWindowLongPtrW
GetWindowLongPtrW
CallWindowProcW
LoadStringW
DefWindowProcW

gdi32

CreateFontIndirectW
GetObjectW
SetBkMode
SetBkColor
SetTextColor
GetTextExtentPoint32W
SelectObject
DeleteObject

shlwapi

StrRChrW
StrChrW
ord219
ord12
PathAppendW

advapi32

LsaClose
EventUnregister
CopySid
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
LsaFreeMemory
LsaQueryInformationPolicy
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
EventWrite
EqualPrefixSid
AllocateAndInitializeSid
EqualSid
GetLengthSid
IsValidSid
AddAccessAllowedAce
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
AddConditionalAce
LsaOpenPolicy
GetAce
SetThreadToken
AdjustTokenPrivileges
DuplicateTokenEx
OpenThreadToken
GetWindowsAccountDomainSid
LsaLookupSids
GetSidSubAuthority
IsValidAcl
IsValidSecurityDescriptor
IsWellKnownSid
LookupAccountSidW
DeleteAce
LookupAccountNameW
OpenProcessToken
GetSidSubAuthorityCount
LsaGetAppliedCAPIDs
EventRegister

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoGetMalloc
CoTaskMemRealloc
ReleaseStgMedium
CoCreateGuid

oleaut32

SafeArrayAccessData
SysAllocString
SysAllocStringLen
SafeArrayUnaccessData
SysFreeString
SysReAllocStringLen

shell32

ord258
ord6
ord259

ntdsapi

DsFreeNameResultW
DsCrackNamesW
DsUnBindW
DsBindWithSpnExW

xmllite

CreateXmlReader

Exports

Exports

CreateSecurityPage
EditConditionalAceClaims
EditResourceCondition
EditSecurity
EditSecurityAdvanced
GetLocalizedStringForCondition
GetTlsIndexForClaimDictionary
IID_ISecurityInformation

Sections

.text
Size: 499KB - Virtual size: 498KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 463KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44d4315623401862ca0801ba2b348e9a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

gdi32

shlwapi

advapi32

ole32

oleaut32

shell32

ntdsapi

xmllite

Exports

Exports

Sections

.text Size: 499KB - Virtual size: 498KB

.data Size: 15KB - Virtual size: 18KB

.pdata Size: 14KB - Virtual size: 13KB

.idata Size: 12KB - Virtual size: 11KB

.didat Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 21B

.rsrc Size: 463KB - Virtual size: 463KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 499KB - Virtual size: 498KB

.data
Size: 15KB - Virtual size: 18KB

.pdata
Size: 14KB - Virtual size: 13KB

.idata
Size: 12KB - Virtual size: 11KB

.didat
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 21B

.rsrc
Size: 463KB - Virtual size: 463KB

.reloc
Size: 5KB - Virtual size: 5KB