TileDataRepository[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

TileDataRepository.dll
Size

424KB
MD5

20339c1bec7ffc2c7e0390c3f001c481
SHA1

65c7be6e42a69a60b149b1a6074727d30d2e7dfc
SHA256

145f61874694b27ada01450565915cc39ff085d4d1ec4b1e357dd308bc625f69
SHA512

83a9bca3e9899cb9cdbf26b1bcf43ef63afb6f7dcb05f606853cf983ce59b5c19fbfa12f7be0245131d4632450b56c6b256928427abcf76938784f257ec022cf
SSDEEP

12288:G6XDFDJXPmGayMHEqZt/eUk1qPpBZChZw:1dXPmGayMHEqZt/eUk4PprCh6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TileDataRepository.dll

Files

TileDataRepository.dll
.dll windows:10 windows x86 arch:x86

54044b721e068c7ea8e08cd03ea4dc1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

TileDataRepository.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-string-l1-1-0

memmove_s
memset

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__ultow_s
_o__wcsicmp
memmove
_o_free
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
_o_toupper
__CxxFrameHandler3
_except_handler4_common
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__get_errno
_o__crt_atexit
_o__configure_narrow_argv
__std_terminate
wcschr
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
WaitForSingleObject
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
CreateEventW
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
InitializeSRWLock
CreateMutexExW
OpenSemaphoreW
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
OpenProcessToken
ProcessIdToSessionId
GetCurrentProcess
TerminateProcess
OpenThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
GetRestrictedErrorInfo
RoOriginateError
SetRestrictedErrorInfo
RoOriginateErrorW

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsCreateString
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoGetCallContext
CoGetApartmentType
CoTaskMemRealloc
CoTaskMemFree
CoMarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoGetInterfaceAndReleaseStream

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventActivityIdControl
EventWriteTransfer
EventProviderEnabled

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-security-base-l1-1-0

CopySid
GetLengthSid
CreateWellKnownSid
GetTokenInformation

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW

ntdll

RtlGetDeviceFamilyInfoEnum
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlAllocateHeap
RtlCompareUnicodeString
NtQueryInformationFile
RtlInitializeGenericTableAvl
NtQueryInformationThread
NtAccessCheck
RtlFreeHeap
NtQueryInformationProcess
RtlDeleteCriticalSection
RtlConvertSidToUnicodeString
RtlInitUnicodeString
RtlLookupElementGenericTableAvl
RtlFreeUnicodeString
RtlValidSid
RtlLengthSid
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlAcquireSRWLockExclusive
RtlInitializeCriticalSection
RtlInsertElementGenericTableAvl
RtlNtStatusToDosErrorNoTeb
RtlReleaseSRWLockExclusive

staterepository.core

sqlite3_db_filename
sqlite3_changes
sqlite3_last_insert_rowid
sqlite3_next_stmt
sqlite3_errcode
sqlite3_shutdown
sqlite3_close
sqlite3_errmsg
sqlite3_log
sqlite3_prepare_v2
sqlite3_stmt_busy
sqlite3_get_autocommit
sqlite3_exec
sqlite3_free
sqlite3_db_handle
sqlite3_clear_bindings
sqlite3_bind_int
sqlite3_vfs_unregister
sqlite3_expanded_sql
sqlite3_snprintf
sqlite3_config
sqlite3_step
sqlite3_reset
sqlite3_finalize
sqlite3_sql
sqlite3_column_blob
sqlite3_column_text16
sqlite3_column_bytes
sqlite3_column_int64
sqlite3_column_int
sqlite3_bind_blob
sqlite3_bind_text16
sqlite3_bind_int64

windows.staterepository

StateRepository_DataAccessLayer_DatabaseCache_Get
StateRepository_DataAccessLayer_DatabaseCache_Add
StateRepository_Shutdown
StateRepository_Initialize

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-file-l1-1-0

GetFileAttributesW
WriteFile
CreateFileW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-security-lsalookup-l1-1-0

LsaLookupClose
LsaLookupGetDomainInfo
LsaLookupFreeMemory
LsaLookupOpenLocalPolicy

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 389KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54044b721e068c7ea8e08cd03ea4dc1e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-registry-l1-1-0

ntdll

staterepository.core

windows.staterepository

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-security-lsalookup-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-windowserrorreporting-l1-1-1

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 389KB - Virtual size: 388KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 10KB - Virtual size: 10KB

.didat Size: 512B - Virtual size: 64B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 389KB - Virtual size: 388KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 10KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 64B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 20KB