IEAdvpack[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

IEAdvpack.dll
Size

122KB
MD5

20fc752d2dc71a8c5860e6a3902dc802
SHA1

edc8a02a6d1d940e91a39776aa6d09df87cd1d04
SHA256

69e8c303abf975ac3a666a137c7c81660d8aac83de150520e4f9d6683a16111d
SHA512

58a857eaa192d5f0ff4efc37cfae50fa682ad6df80e9e1ed531e28ecffc7734ba0a45f52f20f5387756b1fb4815e7253cdf941863d1ca923c1f381117cc123ea
SSDEEP

3072:0GSjHuJlKr3WHa6SQBWpN7BEH/xQdPjrF06E:YZr3WHxonFqxQdPj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
IEAdvpack.dll

Files

IEAdvpack.dll
.dll windows:10 windows x86 arch:x86

459149be435f4f55a9ab19972f8149c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

IEAdvpack.pdb

Imports

msvcrt

_except_handler4_common
_lock
_unlock
_setjmp3
__dllonexit
_onexit
iswalpha
wcschr
wcsncmp
memmove
_initterm
malloc
free
_amsg_exit
_XcptFilter
_ultow_s
longjmp
_wtoi
memcpy_s
_wtol
_vsnwprintf
_vsnprintf
memset

user32

ExitWindowsEx
IsWindow
SendDlgItemMessageW
PeekMessageW
LoadStringW
CharNextW
SystemParametersInfoW
CharPrevW
MessageBeep
MessageBoxW
DialogBoxParamW
GetDesktopWindow
SetWindowTextW
CharNextA
DestroyWindow
UpdateWindow
SetDlgItemTextW
EndDialog
EnableWindow
GetDlgItem
GetDlgItemTextW
SendMessageW
GetWindowRect
GetDC
ReleaseDC
SetWindowPos
OemToCharA
CharUpperW
MsgWaitForMultipleObjects
DispatchMessageW
GetSystemMetrics
CreateDialogParamW
ShowWindow

gdi32

GetStockObject
DeleteObject
GetDeviceCaps
CreateFontIndirectW

kernel32

IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetModuleFileNameA
CreateSemaphoreExW
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
ReleaseMutex
OutputDebugStringW
MulDiv
GetDiskFreeSpaceW
EnumResourceLanguagesW
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
WaitForSingleObjectEx
OpenSemaphoreW
FindClose
GetLastError
LocalFree
GetDriveTypeW
GetEnvironmentVariableW
GetTempPath2W
GetWindowsDirectoryW
GetTempFileNameW
FindResourceW
SizeofResource
LockResource
LoadResource
WritePrivateProfileStringW
CreateFileW
WriteFile
CloseHandle
LocalAlloc
SetFilePointer
GetModuleFileNameW
DeleteFileW
EnterCriticalSection
LeaveCriticalSection
LocalReAlloc
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
GetFullPathNameW
GetFileAttributesW
CompareStringW
FormatMessageW
GetPrivateProfileIntW
GetCurrentProcess
SearchPathW
GetPrivateProfileStringW
lstrcmpW
FreeLibrary
GetVersionExW
lstrcmpiW
LoadLibraryExW
GetProcAddress
GetShortPathNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetFileSize
GetVolumeInformationW
CreateDirectoryW
SetFileAttributesW
CreateProcessW
CopyFileW
GetPrivateProfileSectionW
LoadLibraryW
CreateFileMappingW
MapViewOfFileEx
SetLastError
UnmapViewOfFile
MoveFileExW
MoveFileW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
GetCurrentProcessId
GetSystemInfo
HeapFree
GetProcessHeap
GetLocalTime
HeapAlloc
lstrcmpiA
GetProfileStringW
WritePrivateProfileSectionW
GetFileTime
ReadFile
SetFileTime
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
CreateMutexExW

advapi32

AllocateAndInitializeSid
RegUnLoadKeyW
RegLoadKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegSetValueExW
OpenProcessToken
RegSaveKeyW
RegFlushKey
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueW
RegDeleteValueW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyW
GetTokenInformation
RegDeleteKeyW
EqualSid
FreeSid
RegQueryInfoKeyW

ole32

OleInitialize
OleUninitialize
CoTaskMemFree

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupOpenInfFileW
SetupOpenAppendInfFileW
SetupInstallFromInfSectionW
SetupCloseFileQueue
SetupCommitFileQueueW
SetupQueueCopyW
SetupDefaultQueueCallbackW
SetupTermDefaultQueueCallback
SetupOpenFileQueue
SetupGetStringFieldW
SetupFindNextLine
SetupFindFirstLineW
SetupGetLineTextW
SetupSetDirectoryIdW
SetupCloseInfFile
SetupInitDefaultQueueCallbackEx

shlwapi

StrChrW
ord217
StrStrIW
PathAddBackslashW
StrRChrW
PathRemoveFileSpecW
PathFileExistsW
PathBuildRootW
PathCombineW
ord215

Exports

Exports

AddDelBackupEntry
AddDelBackupEntryA
AddDelBackupEntryW
AdvInstallFile
AdvInstallFileA
AdvInstallFileW
CloseINFEngine
DelNode
DelNodeA
DelNodeRunDLL32
DelNodeRunDLL32A
DelNodeRunDLL32W
DelNodeW
DoInfInstall
DoInfInstallA
DoInfInstallW
ExecuteCab
ExecuteCabA
ExecuteCabW
ExtractFiles
ExtractFilesA
ExtractFilesW
FileSaveMarkNotExist
FileSaveMarkNotExistA
FileSaveMarkNotExistW
FileSaveRestore
FileSaveRestoreA
FileSaveRestoreOnINF
FileSaveRestoreOnINFA
FileSaveRestoreOnINFW
FileSaveRestoreW
GetVersionFromFile
GetVersionFromFileA
GetVersionFromFileEx
GetVersionFromFileExA
GetVersionFromFileExW
GetVersionFromFileW
IsNTAdmin
LaunchINFSection
LaunchINFSectionA
LaunchINFSectionEx
LaunchINFSectionExA
LaunchINFSectionExW
LaunchINFSectionW
NeedReboot
NeedRebootInit
OpenINFEngine
OpenINFEngineA
OpenINFEngineW
RebootCheckOnInstall
RebootCheckOnInstallA
RebootCheckOnInstallW
RegInstall
RegInstallA
RegInstallW
RegRestoreAll
RegRestoreAllA
RegRestoreAllW
RegSaveRestore
RegSaveRestoreA
RegSaveRestoreOnINF
RegSaveRestoreOnINFA
RegSaveRestoreOnINFW
RegSaveRestoreW
RegisterOCX
RegisterOCXW
RunSetupCommand
RunSetupCommandA
RunSetupCommandW
SetPerUserSecValues
SetPerUserSecValuesA
SetPerUserSecValuesW
TranslateInfString
TranslateInfStringA
TranslateInfStringEx
TranslateInfStringExA
TranslateInfStringExW
TranslateInfStringW
UserInstStubWrapper
UserInstStubWrapperA
UserInstStubWrapperW
UserUnInstStubWrapper
UserUnInstStubWrapperA
UserUnInstStubWrapperW

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

459149be435f4f55a9ab19972f8149c5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

gdi32

kernel32

advapi32

ole32

version

setupapi

shlwapi

Exports

Exports

Sections

.text Size: 106KB - Virtual size: 106KB

.data Size: 512B - Virtual size: 54KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 106KB - Virtual size: 106KB

.data
Size: 512B - Virtual size: 54KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB