UserDataAccountApis[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

UserDataAccountApis.dll
Size

335KB
MD5

6cbecf81089dc06bc845bea03c865dba
SHA1

737d0a2c4cd55ba50353c74bd038575042855aae
SHA256

f21de0a046c2ae6ddb6ceef96eb4b37f20fff7010f0b1a3fdba4ef04fbfa9536
SHA512

e338fc68be3bf20dd1372f1301801a69403d26960888dd0193a339c631e62cf37014bae086b5f6d8036e556b06a3c835970f526791e6223ab1dc012677339bb5
SSDEEP

6144:ls2h6jkvSoJzSVYdb98RMl/hzogKsc2AjOm:lzh6jkvSoJzSVYVkMl/hzGscbX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UserDataAccountApis.dll

Files

UserDataAccountApis.dll
.dll windows:10 windows x86 arch:x86

0810fae74db11d26496b180c3c6bfb7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

UserDataAccountApis.pdb

Imports

msvcrt

memcmp
_vsnwprintf
__CxxFrameHandler3
_onexit
__dllonexit
memmove
_except_handler4_common
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
realloc
wcstoul
free
malloc
memmove_s
wcsncmp
wcscpy_s
_purecall
memcpy_s
memcpy
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
FreeLibrary
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete
Sleep

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
DeleteCriticalSection
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockShared
CreateEventW
CreateMutexExW
CreateSemaphoreExW
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObjectEx
SetEvent
WaitForSingleObject
CreateEventExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
SetThreadToken
GetCurrentThread
OpenThreadToken
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
SetThreadpoolWait
FreeLibraryWhenCallbackReturns
CloseThreadpoolWait
CloseThreadpoolWork
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWork
CreateThreadpoolWait

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

ntdll

RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-winrt-propertysetprivate-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

userdataplatformhelperutil

GetUserContextFromHandle
GetUserTokenFromContext
GenerateUserModeServiceName
RunServicesInProc
IsCommsSystemService
StartAndWaitForServiceForUser

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0810fae74db11d26496b180c3c6bfb7c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-sysinfo-l1-1-0

ntdll

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-winrt-propertysetprivate-l1-1-1

api-ms-win-shcore-stream-winrt-l1-1-0

api-ms-win-core-profile-l1-1-0

userdataplatformhelperutil

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 306KB - Virtual size: 306KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 240B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 306KB - Virtual size: 306KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 240B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 20KB