eapa3hst[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

eapa3hst.dll
Size

208KB
MD5

e9df4365a24defc818ede27618f8e572
SHA1

daddd1fea9b004177981df87d08539bc30193f17
SHA256

c7eb3c87288bdcd750d9167cfa08ee1221920a27a20789dcc74c83c68dd1ac96
SHA512

51092f4bbec59633cf02d9263d316feff12a7e886f6ff36f026ce69c87d9bfdab2967642eb5fcff94d2083ba7fff336fa1c63c3c9fb700ea4ac48cf8088e9f3c
SSDEEP

6144:3Z7G6VINZLtujF5gm7xLC991ZBS/6Qtz:J6DNxtujF5gKg5BSSQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eapa3hst.dll

Files

eapa3hst.dll
.dll regsvr32 windows:6 windows x64 arch:x64

88f18862bd06265c68149890c8d97b9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

eapa3hst.pdb

Imports

msvcrt

??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
realloc
??0exception@@QEAA@AEBQEBDH@Z
wcsncpy_s
?what@exception@@UEBAPEBDXZ
memmove
memset
_purecall
memcpy_s
wcsrchr
memmove_s
_vsnprintf
wcscpy_s
_CxxThrowException
__CxxFrameHandler3
_errno
swprintf_s
_wtol
_vsnwprintf
memcmp
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
??0exception@@QEAA@AEBV0@@Z
memcpy

ntdll

EtwEventWrite
DbgPrint
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwEventRegister
EtwEventUnregister
EtwTraceMessage
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwEventEnabled

kernel32

RaiseException
SetThreadLocale
GetThreadLocale
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessId
GetCurrentProcess
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
DeleteTimerQueueEx
LoadLibraryExW
FindResourceExW
ExpandEnvironmentStringsW
MultiByteToWideChar
FormatMessageW
SizeofResource
LoadResource
lstrcmpiW
CloseHandle
SetLastError
CreateFileMappingW
GetProcAddress
CreateFileW
LoadLibraryW
GetModuleHandleW
FreeLibrary
UnmapViewOfFile
MapViewOfFile
DebugBreak
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetSystemInfo
GetModuleFileNameW
GetVersionExW
HeapFree
GetSystemDirectoryW
GetModuleHandleExW
LocalFree
LocalAlloc
HeapSize
GetLastError
GetProcessHeap
HeapAlloc
OutputDebugStringA

ole32

ObjectStublessClient5
ObjectStublessClient3
ObjectStublessClient10
ObjectStublessClient9
HWND_UserUnmarshal64
ObjectStublessClient6
ObjectStublessClient11
ObjectStublessClient7
HWND_UserMarshal
ObjectStublessClient8
HWND_UserUnmarshal
ObjectStublessClient4
ObjectStublessClient12
CoTaskMemAlloc
CoTaskMemFree
HWND_UserMarshal64
HWND_UserFree
HWND_UserSize64
CoGetClassObject
CLSIDFromString
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
HWND_UserSize
HWND_UserFree64

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString

rpcrt4

IUnknown_QueryInterface_Proxy
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllUnregisterProxy
CStdStubBuffer_AddRef
NdrOleFree
NdrOleAllocate
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Connect

advapi32

RegQueryInfoKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegLoadMUIStringW

user32

GetSystemMetrics
UnregisterClassA
CharNextW

netapi32

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88f18862bd06265c68149890c8d97b9a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

ole32

oleaut32

rpcrt4

advapi32

user32

netapi32

Exports

Exports

Sections

.text Size: 181KB - Virtual size: 181KB

.orpc Size: 512B - Virtual size: 134B

.data Size: 7KB - Virtual size: 10KB

.pdata Size: 7KB - Virtual size: 6KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 181KB - Virtual size: 181KB

.orpc
Size: 512B - Virtual size: 134B

.data
Size: 7KB - Virtual size: 10KB

.pdata
Size: 7KB - Virtual size: 6KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB