ExecModelClient[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

ExecModelClient.dll
Size

415KB
MD5

646f90aeb8f979237e8f3e7bbc10ed3c
SHA1

9ed6303b9cc683db7cab6206a539151f20263b9d
SHA256

f4e40a9ae6e5ba24d167dbdb82cd10a3fcb49bd24a62908d3eb8f1533d18fcbf
SHA512

a69c868d964b39ee7aabd3020fb1769bfea1d15e997e46ea3a7f179ddeb9b472ab538a115ed9fa73e3e115b32c08040b4602242594597d7a76ddb1216aa99529
SSDEEP

6144:Zae8c6VyfCADOptAsrFJ8MkpjvNL0Bujo0iKq6VMsLeQ9GahEck1Ra:yU32A88PNYw00iKCsLeQtSckj

Score

1^/10

Malware Config

Signatures

Files

ExecModelClient.dll
.dll windows:10 windows x86 arch:x86

152a2166532241bbdae8c9a025b50871

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:51:4c:28:e9:f9:52:47:59:f6:6e:a0:0a:47:7c:87:38:ae:7e:e0:0d:c2:8a:24:e0:f6:5b:81:10:63:fe:80
Signer

Actual PE Digest

37:51:4c:28:e9:f9:52:47:59:f6:6e:a0:0a:47:7c:87:38:ae:7e:e0:0d:c2:8a:24:e0:f6:5b:81:10:63:fe:80

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ExecModelClient.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ui64tow_s
memmove
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_wcscpy_s
_o_wcstok_s
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o__configure_narrow_argv
_o____lc_codepage_func
__std_terminate
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
FindResourceExW
LoadResource
GetProcAddress
GetModuleHandleExW
GetModuleHandleExA
GetModuleFileNameA
DisableThreadLibraryCalls
FreeLibrary
LockResource

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
CreateEventExW
ReleaseMutex
InitializeSRWLock
WaitForSingleObjectEx
WaitForSingleObject
SetEvent
CreateEventW
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
CreateSemaphoreExW
ReleaseSemaphore
OpenSemaphoreW
EnterCriticalSection
CreateMutexExW
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
OpenProcessToken
CreateThread
GetThreadId
GetCurrentProcessId
GetProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageA
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsConcatString
WindowsCreateStringReference
WindowsDeleteString
WindowsIsStringEmpty
WindowsCreateString
WindowsGetStringLen

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventActivityIdControl
EventUnregister
EventSetInformation

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo
RoTransformError
GetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoCreateInstance
CoTaskMemAlloc
StringFromGUID2
CoCreateInstanceEx
CoUninitialize
CoInitializeEx
CoCreateGuid
CoReleaseMarshalData
CreateStreamOnHGlobal
CoMarshalInterface
CoGetClassObject
CoGetCallContext
CoTaskMemFree
CoWaitForMultipleHandles
CoGetApartmentType
CoResumeClassObjects
CoTaskMemRealloc
CoGetCallerTID
CoCreateFreeThreadedMarshaler
CoRegisterClassObject

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories
RoActivateInstance
RoGetActivationFactory

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
WakeConditionVariable
InitOnceBeginInitialize
InitOnceComplete
WaitOnAddress
InitOnceExecuteOnce
WakeByAddressAll

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead

combase

ord67
ord68
ord66

msvcp_win

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
_Make_dir
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalAlloc
LocalFree

ntdll

RtlRunOnceBeginInitialize
RtlAcquireSRWLockExclusive
RtlGetDeviceFamilyInfoEnum
RtlReleaseSRWLockExclusive
RtlDeriveCapabilitySidsFromName
RtlFreeHeap
RtlInitializeSRWLock
RtlQueryUnbiasedInterruptTime
NtQuerySystemInformation
RtlValidSid
NtQueryInformationToken
RtlCopySid
RtlAllocateHeap
RtlRunOnceExecuteOnce
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlSleepConditionVariableSRW

api-ms-win-core-psm-key-l1-1-0

PsmGetKeyFromProcess

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-security-base-l1-1-0

GetLengthSid
CopySid
EqualSid
GetTokenInformation

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegGetValueW
RegDeleteKeyExW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-1-0

CreateFileW
DeleteFileW
GetFileAttributesExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

CreateForegroundTaskManager
CreateModernVoipPolicy
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
TestHook_CancelShutdown

Sections

.text
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

152a2166532241bbdae8c9a025b50871

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

37:51:4c:28:e9:f9:52:47:59:f6:6e:a0:0a:47:7c:87:38:ae:7e:e0:0d:c2:8a:24:e0:f6:5b:81:10:63:fe:80Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

combase

msvcp_win

api-ms-win-core-heap-l2-1-0

ntdll

api-ms-win-core-psm-key-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-quirks-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-file-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-libraryloader-l1-2-1

Exports

Exports

Sections

.text Size: 366KB - Virtual size: 366KB

.data Size: 1KB - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 408B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 22KB - Virtual size: 22KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

37:51:4c:28:e9:f9:52:47:59:f6:6e:a0:0a:47:7c:87:38:ae:7e:e0:0d:c2:8a:24:e0:f6:5b:81:10:63:fe:80
Signer

.text
Size: 366KB - Virtual size: 366KB

.data
Size: 1KB - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 408B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 22KB - Virtual size: 22KB