APMonUI[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

APMonUI.dll
Size

41KB
MD5

1f4e2a780ba5802fc240e69d3cb4c932
SHA1

c7731ffba433d958816e1531d96139a036092321
SHA256

67422106707469feb190f6fba2344a5232a303fe8e613812226eb1db054de3f0
SHA512

5c52743752543e57c4fc6e992972ca33364c173dcab61257595a1b29425c6981a4066d74c7ea8d91d86c2aee7adcbf57f6b9b135e0b33b90e2365dc19311958d
SSDEEP

768:Sbxprrp6Y0IYj9rp0CAzR/9U+RnIh4G/Z2c8vYZQGWWu8z:Sbxprd6Y0IYjBp0CAzR/GMnIDokQRR8z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
APMonUI.dll

Files

APMonUI.dll
.dll windows:10 windows x86 arch:x86

521a9cbb92bfbbd50e81993a035e4bcd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

APMonUI.pdb

Imports

msvcrt

free
_callnewh
malloc
_purecall
memmove_s
memcpy_s
_amsg_exit
swscanf_s
wcschr
_XcptFilter
_initterm
_lock
_unlock
__dllonexit
_onexit
_vsnwprintf
_except_handler4_common
memcmp
memset

kernel32

SetUnhandledExceptionFilter
WideCharToMultiByte
LoadLibraryExW
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
Sleep
GetProcAddress
GetLastError
SetLastError
FormatMessageW
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetModuleHandleW
IsDebuggerPresent
OutputDebugStringW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
CloseHandle
ReleaseSemaphore
ReleaseMutex
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
OpenSemaphoreW
CreateThreadpoolTimer
LoadLibraryW
FreeLibrary
DisableThreadLibraryCalls
LocalFree
GetCurrentProcessId
CreateMutexExW
CreateSemaphoreExW
LeaveCriticalSection

user32

MessageBeep
SendMessageW
GetDlgItem
SetWindowTextW
LoadCursorW
SetCursor
GetWindowTextW
GetWindowLongW
LoadStringW
MessageBoxW
SetWindowLongW

winspool.drv

ClosePrinter
OpenPrinterW

ws2_32

inet_addr
WSAStartup
FreeAddrInfoW
WSAGetLastError
WSACleanup
GetAddrInfoW

shlwapi

StrStrW

wininet

InternetCrackUrlW
InternetCreateUrlW

Exports

Exports

InitializePrintMonitorUI
LocalConfigurePortUI

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

521a9cbb92bfbbd50e81993a035e4bcd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

winspool.drv

ws2_32

shlwapi

wininet

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB