CoreShellAPI[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

CoreShellAPI.dll
Size

495KB
MD5

d25c2dea631242e9a35119659fba5111
SHA1

67b7904640a010f27e5ad4d479602c3f83b358f6
SHA256

930c8a2f65fec40f565819fa44d9b50aa202acaec8e7f6e2a7f18f73d83bd8fc
SHA512

1a1f17dc6b26e854fa9d0ce780ac4fcf0fe6819332e3ded74e07fd88ffb9c486cb34d0f70f47c660f7aacda15ff8b57ce4fe1969fca8c92479398256f9e40bb6
SSDEEP

6144:R4RQT9uWnRdajlrqopveS8ji8/qPR7Zjmul97hGqVQ5Zd7WIuYaiYYYdIZuvk:9uWnrajlrhxIqpZjmul9dGPd7vuYafw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CoreShellAPI.dll

Files

CoreShellAPI.dll
.dll windows:10 windows x86 arch:x86

dc23a175f27580cd4194b8e3bf354ddd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CoreShellAPI.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__crt_atexit
_o_ceil
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
_o__cexit
_o__callnewh
_o__beginthreadex
_o__configure_narrow_argv
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_type_info_compare
__std_terminate
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreExW
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForMultipleObjectsEx
InitializeSRWLock
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
CreateMutexExW
CreateEventW
InitializeCriticalSectionAndSpinCount
ResetEvent
DeleteCriticalSection
WaitForSingleObjectEx
ReleaseSemaphore
SetEvent
WaitForSingleObject
ReleaseMutex
CreateEventExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

CreateThread
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
OpenThreadToken
GetCurrentThread
GetCurrentProcessId
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsCreateStringReference
WindowsDeleteString
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateString

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoFailFastWithErrorContext
SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW

oleaut32

SysFreeString
SysAllocString
SysStringLen

api-ms-win-core-com-l1-1-0

CoGetApartmentType
CoCreateInstance
StringFromCLSID
CoIncrementMTAUsage
CoCreateFreeThreadedMarshaler
CoGetObjectContext
CoTaskMemFree
CoTaskMemAlloc
CoDecrementMTAUsage
CLSIDFromString

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

CopySid
GetLengthSid
GetTokenInformation
IsValidSid
AdjustTokenPrivileges

rpcrt4

UuidCreate

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolWait
CreateThreadpoolTimer
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
TrySubmitThreadpoolCallback
CloseThreadpoolTimer

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegGetValueW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW

api-ms-win-core-file-l1-1-0

GetFileAttributesW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveFileSpecW

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

ntdll

RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification

api-ms-win-core-winrt-propertysetprivate-l1-1-0

RoCreateNonAgilePropertySet

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

UnregisterPowerSettingNotification

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-rtcore-ntuser-window-l1-1-0

RegisterClassExW
CreateWindowExW
DestroyWindow
PostMessageW
DefWindowProcW

msvcp_win

?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
??0task_continuation_context@Concurrency@@AAE@XZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
_Thrd_detach
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Cnd_destroy_in_situ
_Cnd_init_in_situ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?__ExceptionPtrRethrow@@YAXPBX@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
_Cnd_wait
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Query_perf_counter
_Query_perf_frequency
?__ExceptionPtrCreate@@YAXPAX@Z
_Cnd_do_broadcast_at_thread_exit
?__ExceptionPtrCurrentException@@YAXPAX@Z
_Xtime_get_ticks
?_Xlength_error@std@@YAXPBD@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCopy@@YAXPAXPBX@Z
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
_Thrd_sleep
_Cnd_broadcast
?_XGetLastError@std@@YAXXZ

api-ms-win-crt-time-l1-1-0

_time32

combase

ord157
SetErrorInfo
ord90
GetErrorInfo

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc23a175f27580cd4194b8e3bf354ddd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

oleaut32

api-ms-win-core-com-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

rpcrt4

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

ext-ms-win-shell32-shellfolders-l1-1-0

api-ms-win-core-winrt-l1-1-0

ntdll

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-power-setting-l1-1-0

api-ms-win-core-winrt-propertysetprivate-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-rtcore-ntuser-window-l1-1-0

msvcp_win

api-ms-win-crt-time-l1-1-0

combase

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

Exports

Exports

Sections

.text Size: 449KB - Virtual size: 449KB

.data Size: 2KB - Virtual size: 4KB

.idata Size: 11KB - Virtual size: 10KB

.didat Size: 512B - Virtual size: 152B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 30KB - Virtual size: 29KB

.text
Size: 449KB - Virtual size: 449KB

.data
Size: 2KB - Virtual size: 4KB

.idata
Size: 11KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 152B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 30KB - Virtual size: 29KB