Windows[.]Networking[.]Sockets[.]PushEnabledApplication[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Windows.Networking.Sockets.PushEnabledApplication.dll
Size

58KB
MD5

b3ded079b5a86d14b522f3c697ad4a8f
SHA1

0d005cebd17be437d9fddbaa3b7a97aa667f5b38
SHA256

a6fc3dd950747ea67dd60bcf7571eb0b6bbe5b48785fe9e29fbc8e8a98eae450
SHA512

cbc1fe9edc5153db0f9f33a78130236495e7f99205d7c46b29ad53398ce14e0ba4bf45891d3dea90012b569d244d67f865e25f8b7ebe7280fb44bc394b9af5bc
SSDEEP

768:NcKiNmmtogdqCfAmla66PBjWb/2HJAaWc6+B4QWNn+rWOrsphDGk3U:NcKBWqB6rrc7++rWOrsphSk3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Windows.Networking.Sockets.PushEnabledApplication.dll

Files

Windows.Networking.Sockets.PushEnabledApplication.dll
.dll regsvr32 windows:6 windows x86 arch:x86

dab2384e41f9c127eedde78260a50e6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Windows.Networking.Sockets.PushEnabledApplication.pdb

Imports

msvcrt

__dllonexit
_unlock
_onexit
??1type_info@@UAE@XZ
_initterm
_amsg_exit
_except_handler4_common
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
malloc
free
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
memcmp
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
memmove_s
memcpy_s
_lock
_purecall
memset

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsIsStringEmpty
WindowsGetStringLen
WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsCreateString

api-ms-win-core-winrt-error-l1-1-1

RoOriginateError
RoOriginateErrorW

api-ms-win-core-com-l1-1-1

CoTaskMemAlloc
RoGetAgileReference
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoCreateFreeThreadedMarshaler

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWrite

api-ms-win-core-synch-l1-2-0

EnterCriticalSection
DeleteCriticalSection
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockShared
Sleep
LeaveCriticalSection
AcquireSRWLockShared
InitializeCriticalSection
ReleaseSRWLockExclusive

rpcrt4

CStdStubBuffer_Invoke
I_RpcExceptionFilter
NdrClientCall2
RpcBindingCreateW
RpcBindingBind
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
RpcBindingFree
NdrDllGetClassObject
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
IUnknown_QueryInterface_Proxy
NdrDllCanUnloadNow
CStdStubBuffer_CountRefs
NdrCStdStubBuffer_Release
NdrOleFree
NdrOleAllocate

api-ms-win-core-rtlsupport-l1-2-0

RtlCompareMemory

ws2_32

WSAStartup
WSAGetLastError
WSAIoctl
WSACleanup

api-ms-win-security-base-l1-2-0

CreateWellKnownSid

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-heap-l1-2-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

ntdll

RtlSubscribeWnfStateChangeNotification
RtlInitUnicodeString
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlQueryPackageIdentity

combase

ord2
ord3

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 191B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

minATL
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dab2384e41f9c127eedde78260a50e6c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

rpcrt4

api-ms-win-core-rtlsupport-l1-2-0

ws2_32

api-ms-win-security-base-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

ntdll

combase

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.orpc Size: 512B - Virtual size: 191B

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

minATL Size: 512B - Virtual size: 24B

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 40KB - Virtual size: 40KB

.orpc
Size: 512B - Virtual size: 191B

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

minATL
Size: 512B - Virtual size: 24B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB