api-ms-win-core-kernel32-private-l1-1-0[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

api-ms-win-core-kernel32-private-l1-1-0.dll
Size

3KB
MD5

04e51256e50dd625819ef7b36e36072c
SHA1

a406c21d93d36b8c0cb1bc3bdc080b504031f1c2
SHA256

a28f64cb91f2cfbeb425b6ff8b0d3c73d8dc95b47bd3d324f389bbf36b4b94db
SHA512

bad26eab0574bd33bfa58a8804cc6ad808cbb48d2d4cde11fdb3b5d530c6e62d8019c2fb882a9e570eaacc22a7719060612ef2114df2210d66c1381400037237

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
api-ms-win-core-kernel32-private-l1-1-0.dll

Files

api-ms-win-core-kernel32-private-l1-1-0.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

API-MS-Win-Core-Kernel32-Private-L1-1-0.pdb

Exports

Exports

BaseSetLastNTError
CheckElevationEnabled
DosPathToSessionPathW
EnumerateLocalComputerNamesW
RegisterWaitForInputIdle
RemoveLocalAlternateComputerNameW
SetLocalPrimaryComputerNameW
_lclose
_lcreat
_llseek
_lopen
_lread
_lwrite

Sections

.text
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ