Windows[.]Networking[.]BackgroundTransfer[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Windows.Networking.BackgroundTransfer.dll
Size

398KB
MD5

dfc8919bfeefcbc1fdd82dc5e66bf389
SHA1

ce177f70a898929771fb35e0c04bb814baa2c11a
SHA256

4eff2771fa78c71398445a7188647875a4adf0e63b1b618b1342ff01d6127bd5
SHA512

a08d4dccd64eb7220164afbc6757fd951304829e213b4e330ad8f65cf0475488e824b550aa049fe5aa6e69d5cdd48f9c964db6decee8704a75d11ad964bdc0c0
SSDEEP

6144:WdH+gFlFJf6NX9iBrtoCVqbirJWIjQ15ZLdW/jACI5tXR:WdHRFhf6NzC7rJVjOW/jAth

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Windows.Networking.BackgroundTransfer.dll

Files

Windows.Networking.BackgroundTransfer.dll
.dll regsvr32 windows:6 windows x86 arch:x86

19ceb3a4b754e36d35e8b6f5f7b865ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Windows.Networking.BackgroundTransfer.pdb

Imports

msvcrt

??3@YAXPAX@Z
__dllonexit
_unlock
_lock
__CxxFrameHandler3
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
realloc
free
malloc
memmove_s
_wcsicmp
memcpy
memcmp
_ftol2
_ui64tow_s
_wcstoui64
wcsstr
_purecall
_itow_s
??2@YAPAXI@Z
_onexit
memset

ntdll

RtlNtStatusToDosError
WinSqmAddToStreamEx
RtlInitUnicodeString

api-ms-win-core-file-l1-2-1

FindNextFileW
DeleteFileW
FindFirstFileW
FindClose
SetFilePointer
CreateFileW
WriteFile
GetFileSizeEx
CreateDirectoryW
CompareFileTime
ReadFile
GetTempPathW

api-ms-win-core-errorhandling-l1-1-1

GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

NdrDllCanUnloadNow
CStdStubBuffer_DebugServerRelease
UuidFromStringW
NdrDllRegisterProxy
NdrClientCall2
RpcBindingFree
RpcBindingSetAuthInfoExW
CStdStubBuffer_DebugServerQueryInterface
RpcStringBindingComposeW
RpcBindingFromStringBindingW
NdrCStdStubBuffer_Release
CStdStubBuffer_QueryInterface
CStdStubBuffer_Disconnect
CStdStubBuffer_CountRefs
CStdStubBuffer_Invoke
CStdStubBuffer_AddRef
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
UuidCreate
CStdStubBuffer_Connect
NdrDllUnregisterProxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
NdrOleAllocate
NdrStubCall2
RpcStringFreeW
CStdStubBuffer_IsIIDSupported
UuidFromStringA
UuidToStringW
IUnknown_Release_Proxy

api-ms-win-core-synch-l1-2-0

DeleteCriticalSection
WaitForSingleObject
InitializeSRWLock
InitializeCriticalSection
SetEvent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
EnterCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
LeaveCriticalSection
Sleep
InitOnceExecuteOnce
CreateEventW
WaitForSingleObjectEx
WaitForMultipleObjectsEx

api-ms-win-core-file-l2-1-1

MoveFileExW

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentProcess
OpenProcessToken
OpenThreadToken
GetCurrentThreadId
GetProcessId
GetCurrentThread
GetCurrentProcessId
OpenProcess

api-ms-win-security-base-l1-2-0

ImpersonateSelf
RevertToSelf
AllocateAndInitializeSid
GetTokenInformation
FreeSid

api-ms-win-core-heap-l1-2-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWrite
EventRegister

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimePreciseAsFileTime
GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-threadpool-l1-2-0

CallbackMayRunLong
CreateThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
TrySubmitThreadpoolCallback
FreeLibraryWhenCallbackReturns
SetThreadpoolWait

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
DisableThreadLibraryCalls
LoadStringW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

combase

ord33
ord11
ord16
ord36
ord15
ord13
ord8
ord2
ord34
ord9
ord12
ord10
ord32
ord6
ord14
ord5
ord7
ord90

systemeventsbrokerclient

SebRegisterWellKnownEvent
SebDeleteEvent
SebSignalBackgroundDownloadEvent
SebCreateUnconstrainedBackgroundDownloadEvent
SebCreateBackgroundDownloadEvent

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

minATL
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19ceb3a4b754e36d35e8b6f5f7b865ad

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-file-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-handle-l1-1-0

rpcrt4

api-ms-win-core-synch-l1-2-0

api-ms-win-core-file-l2-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-security-base-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

combase

systemeventsbrokerclient

api-ms-win-core-localization-l1-2-1

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 331KB - Virtual size: 331KB

.orpc Size: 1024B - Virtual size: 930B

.data Size: 4KB - Virtual size: 6KB

.idata Size: 6KB - Virtual size: 5KB

minATL Size: 512B - Virtual size: 52B

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 39KB - Virtual size: 38KB

.text
Size: 331KB - Virtual size: 331KB

.orpc
Size: 1024B - Virtual size: 930B

.data
Size: 4KB - Virtual size: 6KB

.idata
Size: 6KB - Virtual size: 5KB

minATL
Size: 512B - Virtual size: 52B

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 39KB - Virtual size: 38KB