WABSyncProvider[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

WABSyncProvider.dll
Size

54KB
MD5

b772eedd958c4e82e42726d2313dd04e
SHA1

89a52c72869e471f344d63ef83c2f3411ff1e859
SHA256

a495af76788e97f0557040c3566d6c49a6a1eedc5f14f1a5add33bd28d668a61
SHA512

a3f6010f7c34c043ab7d831e8377feafd44d634a3fa3c1ff14edbcd954e14739141c9a4810033a8edff6d18e8a6ff67fedc6cd54f2189c52b6105cd68e878516
SSDEEP

768:hJJNUK2wbQNvFeR2tAYydsA7jlWUjr4jX1jPdZuZpbvzHFX:7TUuQxFeRGAYyCA7js0r4ztvwvzHFX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WABSyncProvider.dll

Files

WABSyncProvider.dll
.dll regsvr32 windows:6 windows x86 arch:x86

b2436b217c49588af33feaeab375355e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WABSyncProvider.pdb

Imports

msvcrt

wcstok_s
iswspace
_except_handler4_common
iswdigit
_initterm
memcpy
free
_amsg_exit
_XcptFilter
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_vsnwprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler3
_purecall
_ftol2
malloc
memcmp
memmove
memset

winsync

ord1

winsyncproviders

ord1

winsyncmetastore

ord1

kernel32

CompareFileTime
GetFileAttributesExW
FileTimeToSystemTime
SystemTimeToFileTime
DeleteFileW
WaitForSingleObject
CreateMutexExW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetNativeSystemInfo
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetLastError
EnterCriticalSection
DeleteCriticalSection
FreeLibrary
GetModuleHandleExW
LoadLibraryW
SetLastError
GetProcAddress
ReleaseMutex
CloseHandle
GetUserDefaultLCID
WideCharToMultiByte
GetModuleFileNameW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId

user32

LoadStringW

ole32

CoTaskMemFree
CoTaskMemAlloc
PropVariantCopy
StringFromGUID2
PropVariantClear
CoCreateGuid
CoCreateInstance

shlwapi

ord219
SHRegGetValueW
SHDeleteKeyW

advapi32

UnregisterTraceGuids
RegSetValueExW
RegisterTraceGuidsW
RegCloseKey
GetTraceEnableLevel
EventRegister
EventWrite
GetTraceLoggerHandle
EventUnregister
GetTraceEnableFlags
RegCreateKeyExW
TraceMessage

shell32

SHGetKnownFolderPath
SHCreateDirectoryExW

propsys

PSCreateMemoryPropertyStore
PropVariantChangeType
PropVariantToString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2436b217c49588af33feaeab375355e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

winsync

winsyncproviders

winsyncmetastore

kernel32

user32

ole32

shlwapi

advapi32

shell32

propsys

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.data Size: 2KB - Virtual size: 3KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 36KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 3KB - Virtual size: 3KB