Windows[.]ApplicationModel[.]Store[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Windows.ApplicationModel.Store.dll
Size

218KB
MD5

8da2fa69a4f544b092db43e9b3d558e4
SHA1

e735ded1ff9fb53eb17e3bb3d5862dd00bd76db7
SHA256

7bd7446e6a8d95dffddaf87d8bb9cf5445655a2da9247f3d32db12a6741f9218
SHA512

1061e147700e8cf56ac801ef8cf4d9fdb6d35b4019a0d16e60e310228b3c31b03d5be24dcabd0f60a1115fdeb440bb915f86fe236f5f91406b496fa7593c79b8
SSDEEP

3072:ShwTLjYCBkVz1fSAlMfSfHMvOJatAsM6XSguqnP63OLONtUfjjUjo/OBAD6ofpjM:ShIe7fkp2h6PgeHUs/Ul/y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Windows.ApplicationModel.Store.dll

Files

Windows.ApplicationModel.Store.dll
.dll windows:6 windows x86 arch:x86

3e65c3f97c6709186b2420b62dbad517

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Windows.ApplicationModel.Store.pdb

Imports

msvcrt

_lock
memmove
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_vsnwprintf
_unlock
__dllonexit
??3@YAXPAX@Z
_onexit
_initterm
memmove_s
memcpy
memcmp
??2@YAPAXI@Z
__CxxFrameHandler3
_except_handler4_common
malloc
free
_amsg_exit
_XcptFilter
_purecall
realloc
_ftol2
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
WaitForSingleObject
CancelWaitableTimer
SetEvent
CreateEventW
Sleep
CreateWaitableTimerExW
SetWaitableTimer
WaitForMultipleObjectsEx
CreateEventExW
AcquireSRWLockShared
InitOnceExecuteOnce
InitializeSRWLock

api-ms-win-core-winrt-error-l1-1-1

RoOriginateErrorW
RoOriginateError
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoReportFailedDelegate
RoTransformError

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
HSTRING_UserSize
WindowsDeleteString
HSTRING_UserUnmarshal
HSTRING_UserFree
WindowsDuplicateString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsGetStringLen
WindowsGetStringRawBuffer
HSTRING_UserMarshal
WindowsCreateString

rpcrt4

NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
NdrCStdStubBuffer2_Release
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
NdrDllGetClassObject
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
NdrStubCall2
CStdStubBuffer_CountRefs
NdrStubForwardingFunction
NdrOleFree
IUnknown_QueryInterface_Proxy
CStdStubBuffer_AddRef
NdrOleAllocate

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
CreateThread
TerminateProcess
GetCurrentProcessId
OpenProcess
OpenProcessToken
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
RaiseException

wsclient

WSLicenseRefreshLicense
WSLicenseRetrieveMachineID
WSCheckForConsumable
WSLicenseClose
WSLicenseOpen
GetApplicationURL

wsshared

?GetCallingAppWindowHandle@CWSSharedUtils@@SGJPAPAUHWND__@@@Z
?GetAuthBrokerContext@CWSSharedUtils@@SGJW4AuthBrokerScenarioName@@KPAUHWND__@@PAPAX@Z
?GetCallingAppPackageFamilyName@CWSSharedUtils@@SGJPAPAG@Z
?GetDataFromProductReceipt@CWSSharedUtils@@SGJPBDIPAU_GUID@@PAEPAPAG@Z
?FreeAuthBrokerContext@CWSSharedUtils@@SGJPAX@Z
?GetProductInformationFromWeb@CWSSharedUtils@@SGJPAUHWND__@@U_GUID@@PBGPAXPAPAUtagStoreAppInformation@@@Z
??1tagStoreAppInformation@@QAE@XZ
?WSFetchReceipt@CWSSharedUtils@@SGJPAU_GUID@@PAPAG0PAUHWND__@@@Z
?GetUnfulfilledConsumablesFromAppReceipt@CWSSharedUtils@@SGJPBDIPAV?$CArray@PAUUnfulfilledConsumableData@@PAU1@VCAdaptorDefault@@VCPoliciesDefault@@@@@Z
?GetProductFulfillmentUrlInfo@CWSSharedUtils@@SGJPAU_GUID@@PAPAUHSTRING__@@0PAPBG22@Z
?GetAuthResponse@CWSSharedUtils@@SGJPBG0PAPAG1@Z
?GetFormattedPrice@CWSSharedUtils@@SGJPBG0000PAPAG@Z

wssync

WSFulfillProduct
WSLicenseInitialize

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory
RoUninitialize
RoInitialize

api-ms-win-appmodel-runtime-l1-1-1

GetCurrentPackageFamilyName

combase

ord13
ord33
ord11
ord16
ord15
ord34
ord8
ord2
ord9
ord5
ord12
ord10
ord32
ord6
ord7
ord14

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-file-l1-2-1

CompareFileTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte

oleaut32

SysFreeString

api-ms-win-security-base-l1-2-0

GetTokenInformation

ntdll

RtlUpcaseUnicodeChar

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

kernel32

ResolveDelayLoadedAPI
DelayLoadFailureHook
QueueUserWorkItem

api-ms-win-core-localization-l1-2-1

LCMapStringW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 815B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e65c3f97c6709186b2420b62dbad517

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

rpcrt4

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

wsclient

wsshared

wssync

api-ms-win-core-winrt-l1-1-0

api-ms-win-appmodel-runtime-l1-1-1

combase

api-ms-win-core-heap-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-string-l1-1-0

oleaut32

api-ms-win-security-base-l1-2-0

ntdll

api-ms-win-core-heap-obsolete-l1-1-0

kernel32

api-ms-win-core-localization-l1-2-1

Exports

Exports

Sections

.text Size: 190KB - Virtual size: 189KB

.orpc Size: 1024B - Virtual size: 815B

.data Size: 3KB - Virtual size: 3KB

.idata Size: 6KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 52B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 190KB - Virtual size: 189KB

.orpc
Size: 1024B - Virtual size: 815B

.data
Size: 3KB - Virtual size: 3KB

.idata
Size: 6KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 52B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB