SensorsApi[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SensorsApi.dll
Size

305KB
MD5

5af41214b619edd73c6fef28956c5c7f
SHA1

71642b9fc2443f77aba6c05e72bd033d38a142d8
SHA256

aee348f656c928a5c3ab0032ca6585d26433f7d5bfa335084becb38fcaeebbd1
SHA512

554cbc704059f68ebc11bdd415ca8e58b67e5b2a5ea99508d488a6deb788c942429fdbd57dd7ff85adfc1d7e7411db14db1234065ecd6de08835c0eeff082e59
SSDEEP

6144:Fny4FgJ6Ghz8H9b8OevKVibWdJ9yoJMt+h7ut1SaJrJNWRJJJrwC4pxv8vi1vZKo:Fx58m4oJQ+h7ut1YTwaUhKuXH0+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SensorsApi.dll

Files

SensorsApi.dll
.dll regsvr32 windows:10 windows x86 arch:x86

19d2f9e21eecf568eda4fc8c5de66e31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SensorsApi.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
memmove_s

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcsnicmp
_o_calloc
_o_free
_o_malloc
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wmemcpy_s
_except_handler4_common
_CxxThrowException
_o___stdio_common_vswprintf
wcsrchr
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o__errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__std_terminate
__CxxFrameHandler3
memcmp
memcpy

rpcrt4

CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
I_RpcExceptionFilter
NdrClientCall4
RpcBindingFree
RpcBindingBind
RpcBindingCreateW
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
NdrDllUnregisterProxy
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
NdrDllGetClassObject
NdrDllRegisterProxy
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient12
ObjectStublessClient5
ObjectStublessClient14
ObjectStublessClient17
ObjectStublessClient10
ObjectStublessClient4
ObjectStublessClient16
ObjectStublessClient13
ObjectStublessClient7
ObjectStublessClient15
ObjectStublessClient3
ObjectStublessClient11
ObjectStublessClient6

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadLibraryExW
FindResourceExW
LoadResource
LockResource
SizeofResource
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale
FormatMessageW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
AcquireSRWLockExclusive
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
InitializeCriticalSection
CreateEventW
LeaveCriticalSection
ReleaseMutex
CreateMutexExW
InitializeCriticalSectionEx
WaitForMultipleObjectsEx
CreateEventExW
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
ResetEvent

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
HeapSize

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW
RegSetKeySecurity
RegGetKeySecurity
RegSetValueExW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenProcessToken
GetCurrentThreadId
ExitProcess
CreateThread
GetCurrentProcess
TerminateProcess

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFile

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

user32

LoadStringW
DispatchMessageW
LoadCursorW
SetCursor
PostQuitMessage
MsgWaitForMultipleObjectsEx
PeekMessageW
DialogBoxParamW
EndDialog
TranslateMessage
IsWindow
UnregisterClassA

sensorsutilsv2

InitPropVariantFromFloat
PropKeyFindKeyGetDouble
PropKeyFindKeyGetFloat
PropKeyFindKeySetPropVariant
PropKeyFindKeyGetPropVariant
PropKeyFindKeyGetFileTime
CollectionsListCopyAndMarshall
CollectionsListGetMarshalledSize
IsCollectionListSame
IsKeyPresentInCollectionList
PropKeyFindKeyGetUlong
CollectionsListDeserializeFromBuffer
PropKeyFindKeyGetGuid

sensorsnativeapi.v2

SensorOpenByInterfaceV2
SensorGetCapabilitiesCollectionV2
SensorStopV2
SensorStopStateChangeNotificationV2
SensorStartCollectionV2
SensorGetDataFieldPropertiesV2
SensorGetPropertiesV2
SensorGetDataThresholdsV2
SensorGetDataIntervalV2
SensorSetDataThresholdsV2
SensorSetDataIntervalV2
SensorEnableIdleOperationV2
SensorStartStateChangeNotificationV2
SensorGetSupportedDataFieldsV2
SensorGetDataCollectionV2
SensorCloseV2

api-ms-win-core-marshal-l1-1-0

HWND_UserFree
HWND_UserMarshal
HWND_UserSize
HWND_UserUnmarshal

msvcp_win

_Mtx_init_in_situ
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPBD@Z
_Mtx_destroy_in_situ
_Mtx_lock
?_Xbad_function_call@std@@YAXXZ

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CreateThreadpoolWork
SetThreadpoolTimer
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CreateThreadpool
CloseThreadpool
CloseThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolTimer
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolTimerCallbacks

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
GetAce
GetAclInformation
GetLengthSid
AddAccessAllowedAceEx
InitializeAcl
CopySid
CheckTokenMembership
FreeSid
AddAce
GetSecurityDescriptorDacl
IsValidSid
SetSecurityDescriptorDacl
GetTokenInformation
InitializeSecurityDescriptor
IsWellKnownSid

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-psapi-l1-1-0

K32GetModuleBaseNameW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-io-l1-1-0

CancelIoEx
GetOverlappedResult

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

WinSqmAddToStreamEx
WinSqmIsOptedIn

api-ms-win-core-synch-l1-2-0

Sleep

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SensorCloseCOM
SensorEnableIdleOperationCOM
SensorGetAccDataCOM
SensorGetAlsDataCOM
SensorGetAlsDataWithColorCOM
SensorGetBarDataCOM
SensorGetCapabilitiesCollectionCOM
SensorGetDataCollectionCOM
SensorGetDeviceIdCOM
SensorGetFusDataCOM
SensorGetGyrDataCOM
SensorGetMagDataCOM
SensorGetPropertiesCOM
SensorGetPrxDataCOM
SensorGetThresholdsCOM
SensorOpenByInterfaceCOM
SensorPermissionsHandler
SensorPermissionsHandlerA
SensorPermissionsHandlerW
SensorRegisterEventCOM
SensorSetAccThresholdsCOM
SensorSetAlsThresholdsCOM
SensorSetAlsWithColorThresholdsCOM
SensorSetBarThresholdsCOM
SensorSetFusThresholdsCOM
SensorSetGyrThresholdsCOM
SensorSetIntervalCOM
SensorSetMagThresholdsCOM
SensorSetThresholdsCOM
SensorStartCollectionCOM
SensorStopCOM
SensorUnregisterEventCOM

Sections

.text
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19d2f9e21eecf568eda4fc8c5de66e31

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-shcore-unicodeansi-l1-1-0

user32

sensorsutilsv2

sensorsnativeapi.v2

api-ms-win-core-marshal-l1-1-0

msvcp_win

api-ms-win-core-threadpool-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

ntdll

api-ms-win-core-synch-l1-2-0

Exports

Exports

Sections

.text Size: 269KB - Virtual size: 269KB

.data Size: 1024B - Virtual size: 3KB

.idata Size: 10KB - Virtual size: 10KB

.didat Size: 512B - Virtual size: 284B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 269KB - Virtual size: 269KB

.data
Size: 1024B - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 284B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 21KB - Virtual size: 21KB