FlightSettings[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

FlightSettings.dll
Size

853KB
MD5

9d289934073fc96f5d4a506f0abece53
SHA1

dba55ac0ec02ab9f98bbc55b5449a3b0ea94e938
SHA256

68b7c3251f3bab080fab98a97afec913ec205cfd5c36cb6111fe2ee4f8367d51
SHA512

e53bee4c35732247dbbcd708bf5a944841f72829652ee78a737a94440ab23dcc51d7254965dbde1154c4ebef4bdffc49d1abec17a6b6a952e57d52e2ac04110d
SSDEEP

24576:c3VKNxczONV5UOTDKejG5bCfKgZ+vcq7kL:c3VIeIzdfKS+vxO

Score

1^/10

Malware Config

Signatures

Files

FlightSettings.dll
.dll windows:10 windows x86 arch:x86

687d178af60e73512801443d8b717b01

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

de:23:0f:40:b3:41:30:98:0e:da:57:59:78:5d:85:63:9e:c6:47:15:c6:67:37:45:55:28:51:da:35:b4:43:4f
Signer

Actual PE Digest

de:23:0f:40:b3:41:30:98:0e:da:57:59:78:5d:85:63:9e:c6:47:15:c6:67:37:45:55:28:51:da:35:b4:43:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FlightSettings.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wcsicmp
_o__wcstoui64
_o__wcsupr
_o__wtoi
_o__wtol
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_towlower
_o_wcstok_s
_o_wcstoul
_o_wctomb_s
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
wcsrchr
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o__cexit
_o__callnewh
_o__configure_narrow_argv
__std_terminate
__CxxFrameHandler3
memcmp
memcpy
wcsstr
strchr
wcschr

api-ms-win-crt-string-l1-1-0

wcsnlen
wcsncmp
memset

combase

ord154
ord66
ord168
ord69
ord68
ord67

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FreeLibrary
LoadLibraryExW
GetModuleHandleExA
GetProcAddress
GetModuleHandleExW
DisableThreadLibraryCalls
FindStringOrdinal
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateMutexExW
ReleaseSRWLockShared
AcquireSRWLockShared
OpenSemaphoreW
DeleteCriticalSection
InitializeSRWLock
WaitForSingleObjectEx
ReleaseMutex
TryEnterCriticalSection
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
CreateMutexW
CreateEventExW
SetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
OpenThreadToken
OpenProcessToken
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentThread
SetThreadToken
GetCurrentProcessId
GetExitCodeProcess

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetUserDefaultLocaleName
FormatMessageW
GetSystemPreferredUILanguages
GetUserPreferredUILanguages

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileW
MoveFileW
UnregisterWait

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetSystemWindowsDirectoryW

ntdll

RtlPublishWnfStateData
RtlIsStateSeparationEnabled
NtQueryLicenseValue
RtlGetVersion
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlNtStatusToDosError
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlIsMultiUsersInSessionSku
NtQuerySystemInformation
EtwTraceMessage
NtQueryInformationToken
RtlConvertDeviceFamilyInfoToString

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyExW
RegGetValueW

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-string-l2-1-0

CharLowerBuffW
CharUpperBuffW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
CopySid
FreeSid
DuplicateToken
RevertToSelf
ImpersonateLoggedOnUser
AdjustTokenPrivileges
DuplicateTokenEx
IsValidSid
GetTokenInformation
CheckTokenMembership
GetLengthSid
AllocateAndInitializeSid

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrNIW

api-ms-win-core-file-l1-1-0

CreateFileW
FlushFileBuffers
QueryDosDeviceW
WriteFile
CreateDirectoryW
CreateFileA
RemoveDirectoryW
SetFilePointer
GetFileSizeEx
FindNextFileW
DeleteFileW
GetFullPathNameW
SetFileAttributesW
FindFirstFileW
GetFileAttributesW
FindClose
DefineDosDeviceW
ReadFile

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryValueW
GetPersistedRegistryLocationW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
IsThreadpoolTimerSet
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

msvcp_win

_Wcsxfrm
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0_Locinfo@std@@QAE@PBD@Z
??1_Lockit@std@@QAE@XZ
_Wcscoll
??1_Locinfo@std@@QAE@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
??Bid@locale@std@@QAEIXZ
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?_Xbad_alloc@std@@YAXXZ
?id@?$collate@G@std@@2V0locale@2@A
?is@?$ctype@G@std@@QBE_NFG@Z
?tolower@?$ctype@G@std@@QBEGG@Z
?id@?$ctype@G@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?tolower@?$ctype@G@std@@QBEPBGPAGPBG@Z

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchSkipRoot

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 755KB - Virtual size: 754KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

687d178af60e73512801443d8b717b01

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

de:23:0f:40:b3:41:30:98:0e:da:57:59:78:5d:85:63:9e:c6:47:15:c6:67:37:45:55:28:51:da:35:b4:43:4fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

combase

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

ntdll

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-stateseparation-helpers-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-security-base-l1-2-0

msvcp_win

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-file-l1-2-4

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-memory-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

Exports

Exports

Sections

.text Size: 755KB - Virtual size: 754KB

.data Size: 26KB - Virtual size: 29KB

.idata Size: 11KB - Virtual size: 10KB

.didat Size: 1024B - Virtual size: 780B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 40KB - Virtual size: 40KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

de:23:0f:40:b3:41:30:98:0e:da:57:59:78:5d:85:63:9e:c6:47:15:c6:67:37:45:55:28:51:da:35:b4:43:4f
Signer

.text
Size: 755KB - Virtual size: 754KB

.data
Size: 26KB - Virtual size: 29KB

.idata
Size: 11KB - Virtual size: 10KB

.didat
Size: 1024B - Virtual size: 780B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 40KB - Virtual size: 40KB