ActivationManager[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

ActivationManager.dll
Size

572KB
MD5

37d2b3a6707982caa1f28d839acbc43a
SHA1

d33ed89b0f84b5bebc32f01f583895ce22e5d203
SHA256

7a3f0b4a49a620084d0bac15f10cf91f8abfcf1276381304903d7dd310e5e289
SHA512

07c980af02171b6338aa8e36b456200ee8fe38ff5713f8c6959ba72253e53017e2ca2cf4b976a4f17da5b79bef18c16da049d6ebe6d99a5711ce53bff84fd6f6
SSDEEP

12288:SBC+Ct7H+X6SKm0mB0Zyv8wOzjLcWkncwKGo3KAvpOKjBkQfqiO:SB3Ct7yx0FyvOzMcwjclpq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ActivationManager.dll

Files

ActivationManager.dll
.dll windows:10 windows x86 arch:x86

23fd22672bd938c0a83ec5ec56e55d0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ActivationManager.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-string-l1-1-0

memset
memmove_s
wcscspn

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
memmove
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcstok_s
_except_handler4_common
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
wcschr
wcsrchr
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
_o__get_errno
__std_terminate
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
EnterCriticalSection
InitializeSRWLock
OpenEventW
InitializeCriticalSectionEx
CreateEventExW
ReleaseSemaphore
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapAlloc
HeapSize
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoOriginateError
RoTransformError

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolWait
SetThreadpoolWait
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
CreateThread
SetThreadToken
ProcessIdToSessionId
OpenProcessToken
GetCurrentProcessId
TerminateProcess
GetProcessId
CreateProcessAsUserW
GetCurrentThread
OpenThreadToken
OpenThread
GetCurrentThreadId
GetThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

oleaut32

SysFreeString

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
EventActivityIdControl

ntdll

NtOpenProcessToken
NtQueryInformationToken
NtClose
RtlCopySid
RtlAcquireSRWLockShared
RtlIsMultiSessionSku
RtlSleepConditionVariableSRW
RtlCapabilityCheck
RtlReleaseSRWLockShared
RtlWakeAllConditionVariable
RtlReleaseSRWLockExclusive
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlAcquireSRWLockExclusive
RtlInitUnicodeString
NtQueryInformationProcess
NtTerminateProcess
RtlFreeHeap
RtlAllocateHeap
NtQuerySecurityAttributesToken
RtlGetDeviceFamilyInfoEnum
RtlQueryTokenHostIdAsUlong64
RtlNtStatusToDosError
RtlIsParentOfChildAppContainer
NtOpenProcessTokenEx
RtlExpandEnvironmentStrings
RtlLengthSid

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-com-l1-1-0

CoRegisterClassObject
CoRevokeClassObject
CoAddRefServerProcess
CoReleaseServerProcess
CoCreateGuid
CoCancelCall
CoGetApartmentType
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
CoGetCallContext
CoMarshalInterThreadInterfaceInStream
CoResumeClassObjects
CoGetCallerTID
CoCreateFreeThreadedMarshaler
CoGetStdMarshalEx
CoImpersonateClient
CoRevertToSelf
CoDisableCallCancellation
CoInitializeEx
CoEnableCallCancellation
CoTaskMemFree
CoGetMalloc
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoUninitialize
CLSIDFromString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoRevokeActivationFactories
RoGetActivationFactory
RoRegisterActivationFactories

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsConcatString
WindowsStringHasEmbeddedNull
WindowsSubstringWithSpecifiedLength
WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString
WindowsDuplicateString

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount64
GetWindowsDirectoryW
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-appmodel-runtime-internal-l1-1-4

GetExtensionApplicationUserModelId
IsOnDemandRegistrationSupportedForExtensionCategory

api-ms-win-appmodel-runtime-internal-l1-1-1

GetPackageFullNameFromToken
GetPackageStatusForUser
GetPackageStatus

api-ms-win-appmodel-runtime-internal-l1-1-0

GetPackageApplicationContext
GetPackageApplicationPropertyString

appxdeploymentclient

ord68

msvcp_win

?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?exceptions@ios_base@std@@QAEXH@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
??Bios_base@std@@QBE_NXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG0@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?_BADOFF@std@@3_JB
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?_Xlength_error@std@@YAXPBD@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
LocalReAlloc

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegDeleteTreeW
RegOpenCurrentUser
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryValueExW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-com-private-l1-1-0

CoRegisterRacActivationToken
CoRevokeRacActivationToken
CoSetErrorInfo
CoGetErrorInfo

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_SetSite
IUnknown_QueryService

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf
GetAce
GetTokenInformation
CopySid
GetLengthSid
IsWellKnownSid
DuplicateTokenEx
CreateWellKnownSid

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-psm-key-l1-1-1

PsmCreateKeyWithDynamicId

api-ms-win-core-psm-key-l1-1-0

PsmCreateKey
PsmGetKeyFromProcess
PsmGetKeyFromToken

api-ms-win-service-management-l1-1-0

OpenServiceW
StartServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-propertysetprivate-l1-1-1

RoCreatePropertySetSerializer

rpcrt4

RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcAsyncCompleteCall
I_RpcBindingInqLocalClientPID
I_RpcExceptionFilter
RpcBindingFree
RpcServerInqCallAttributesW
RpcRevertToSelf
RpcImpersonateClient
NdrAsyncClientCall
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcAsyncInitializeHandle
RpcAsyncCancelCall

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpLogicalW
StrCmpIW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-appmodel-identity-l1-2-0

AppXGetOSMaxVersionTested

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

coremessaging

CoreUICreateEx
MsgRelease
MsgBlobCreateShared
CoreUICreate
MsgStringCreateShared

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathIsPrefixW
PathIsRelativeW

api-ms-win-core-winrt-registration-l1-1-0

RoGetActivatableClassRegistration

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
UnregisterWaitEx
DeleteTimerQueueTimer

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W

profapi

ord102
ord101

api-ms-win-core-path-l1-1-0

PathAllocCombine

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW

api-ms-win-security-sddlparsecond-l1-1-0

LocalGetStringForCondition

mpr

WNetGetConnectionW

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

combase

ord140
ord65
ord159
ord79

twinapi.appcore

ord2
ord3

api-ms-win-shcore-stream-l1-1-0

IStream_Write

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-appmodel-state-l1-2-0

OpenStateExplicit
GetSystemAppDataKey
CloseState

Exports

Exports

DisableAppXDebuggingForPackage
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
EnableAppXDebuggingForPackage
FreeAppXLaunchContext
PostCreateProcessAppXActivation
PrepareAppXActivation
RegisterAppXPackageIfNecessary

Sections

.text
Size: 519KB - Virtual size: 518KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23fd22672bd938c0a83ec5ec56e55d0f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-eventing-provider-l1-1-0

ntdll

api-ms-win-core-util-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-appmodel-runtime-internal-l1-1-4

api-ms-win-appmodel-runtime-internal-l1-1-1

api-ms-win-appmodel-runtime-internal-l1-1-0

appxdeploymentclient

msvcp_win

api-ms-win-core-heap-l2-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-synch-l1-2-1

api-ms-win-core-com-private-l1-1-0

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-security-capability-l1-1-0

api-ms-win-core-psm-key-l1-1-1

api-ms-win-core-psm-key-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-winrt-propertysetprivate-l1-1-1

rpcrt4

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-quirks-l1-1-0

api-ms-win-appmodel-identity-l1-2-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

coremessaging

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-winrt-registration-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-wow64-l1-1-1

profapi

api-ms-win-core-path-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-security-sddlparsecond-l1-1-0

mpr

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-wow64-l1-1-0

.text
Size: 519KB - Virtual size: 518KB

.data
Size: 1024B - Virtual size: 3KB

.idata
Size: 17KB - Virtual size: 16KB

.didat
Size: 512B - Virtual size: 324B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 31KB