UserMgrProxy[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

UserMgrProxy.dll
Size

187KB
MD5

1ee41b25a310441c023decce50c92f56
SHA1

9e0255a1d08564c6b1ee4356acd4057c7bf9f7e1
SHA256

300479a2582c34dbad407139f504bb61c97e98271e6ea114b35880f13215b6b8
SHA512

20834eab9291b18b2bf69ae596641ec850ce412f44b9db36f485350d6b07f524880c7da43d122f09fbc4a94ceae1e605bc4decfe70c222e7146dda9bd8649654
SSDEEP

3072:H8iwPqKCh5ZJlfwcA7bDzXLP2MIwoMvDFw4q+fvezk5aTdrVJMoJirjkes6RU8qU:Hv4q9Rhh6XOuA/y1r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UserMgrProxy.dll

Files

UserMgrProxy.dll
.dll windows:10 windows x86 arch:x86

80402215afea80348977e136ddbb0529

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

UserMgrProxy.pdb

Imports

msvcrt

__dllonexit
_initterm
memmove
memcpy
_onexit
??1type_info@@UAE@XZ
_except_handler4_common
_unlock
_CxxThrowException
malloc
?what@exception@@UBEPBDXZ
_XcptFilter
_amsg_exit
??0exception@@QAE@ABQBDH@Z
?terminate@@YAXXZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_lock
_vsnprintf_s
wcschr
_set_errno
_get_errno
_vscwprintf
??1exception@@UAE@XZ
_purecall
_callnewh
??3@YAXPAX@Z
memcpy_s
_vsnwprintf
memcmp
__CxxFrameHandler3
free
memset

rpcrt4

CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
NdrOleAllocate
NdrClientCall4
I_RpcExceptionFilter
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrStubForwardingFunction
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
NdrStubCall2

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
GetModuleFileNameA
FreeLibrary
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
EnterCriticalSection
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateEventExW
ReleaseSRWLockExclusive
InitializeSRWLock
CreateSemaphoreExW
CreateMutexExW
ReleaseMutex
LeaveCriticalSection
WaitForSingleObject
OpenSemaphoreW
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseSemaphore
SetEvent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsCreateStringReference
HSTRING_UserUnmarshal
WindowsDeleteString
WindowsStringHasEmbeddedNull
HSTRING_UserSize
WindowsCreateString
WindowsIsStringEmpty
HSTRING_UserMarshal
HSTRING_UserFree
WindowsCompareStringOrdinal

api-ms-win-core-com-l1-1-0

CoSwitchCallContext
CoTaskMemAlloc
CoWaitForMultipleHandles
CoGetStandardMarshal
CoCreateFreeThreadedMarshaler
CoCopyProxy
CoRevertToSelf
CoSetProxyBlanket
PropVariantClear
CreateStreamOnHGlobal
CoReleaseMarshalData
CoTaskMemFree
CoCreateInstance
CoImpersonateClient

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentProcessId

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
GetRestrictedErrorInfo
RoTransformError
RoOriginateErrorW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

ntdll

RtlInitUnicodeString
RtlIsMultiSessionSku
RtlNtStatusToDosError
NtSetSecurityObject
RtlCreateSecurityDescriptor
NtQuerySecurityObject
RtlFreeHeap
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlAddAce
RtlGetAce
RtlCreateAcl
RtlAllocateHeap
RtlLengthSid
RtlQueryInformationAcl
RtlGetDaclSecurityDescriptor
RtlCapabilityCheck

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient18
ObjectStublessClient10
ObjectStublessClient15
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient6
NdrProxyForwardingFunction5
NdrProxyForwardingFunction4
ObjectStublessClient17
ObjectStublessClient16
CStdStubBuffer2_QueryInterface
ObjectStublessClient22
ObjectStublessClient13
ObjectStublessClient7
CStdStubBuffer2_Disconnect
ObjectStublessClient3
ObjectStublessClient23
ObjectStublessClient26
ObjectStublessClient24
CStdStubBuffer2_CountRefs
ObjectStublessClient11
ObjectStublessClient14
ObjectStublessClient12
CStdStubBuffer2_Connect
ObjectStublessClient25
ObjectStublessClient21
NdrProxyForwardingFunction3
ObjectStublessClient20
ObjectStublessClient19

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoActivateInstance
RoGetActivationFactory
RoInitialize

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

GetAce
GetTokenInformation
CreateWellKnownSid
EqualSid

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalAlloc
LocalFree

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream
CreateRandomAccessStreamOverStream

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

combase

ord148

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantInit

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-file-l1-1-0

GetFileSizeEx
CreateFileW
ReadFile

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80402215afea80348977e136ddbb0529

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

ntdll

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-processthreads-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-shcore-stream-winrt-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-apiquery-l1-1-0

combase

oleaut32

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 159KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 9KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 116B

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 160KB - Virtual size: 159KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 9KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 116B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 15KB - Virtual size: 15KB