aclui[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aclui.dll
Size

866KB
MD5

9cb8ead1ec267291be820a66774d6eb6
SHA1

69ce708c3b229bc2145e8abc926dd842d41a0c85
SHA256

1318de39d2e79685d7921c771359515983c77dcfbfea282968d95a5b74491b86
SHA512

b9485f0adab94ef66dd9d80364d7f42affb54560a7978bb2ef09ce71cb178db8cfd30d5285f9e46d9276c593bc07483402fe3649a6803e57f6ff23afee2da543
SSDEEP

24576:pWExaP34hE5MUOaj+hY0t1b8Ci1Sj57nyTTzgSNJ:pXh0bj+hY01blVjlnwMSN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aclui.dll

Files

aclui.dll
.dll windows:6 windows x86 arch:x86

384f6881b060117aedb9b7d36e225017

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

aclui.pdb

Imports

msvcrt

_ui64tow_s
wcstok_s
_i64tow_s
_wcstoi64
_CxxThrowException
__RTDynamicCast
_ftol2_sse
floor
memcmp
_except_handler4_common
realloc
_errno
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
__CxxFrameHandler3
?terminate@@YAXXZ
iswctype
_ultow
_wcsnicmp
wcstoul
wcsncpy_s
swprintf_s
_initterm
_amsg_exit
_XcptFilter
memset
wcsrchr
malloc
wcscpy_s
iswspace
memmove
wcspbrk
wcscspn
wcsspn
??0exception@@QAE@XZ
memcpy_s
??0exception@@QAE@ABV0@@Z
_wcstoui64
_ultow_s
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
wcsncmp
_vsnwprintf
memmove_s
wcschr
wcsnlen
free
_itow_s
memcpy

ntdll

EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlLengthSid
RtlCreateUnicodeString
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlEqualUnicodeString
RtlGetNtProductType
RtlInitUnicodeString
RtlAddScopedPolicyIDAce
RtlCreateAcl
RtlGetAce
RtlSubAuthoritySid
RtlConvertSidToUnicodeString
RtlAddAccessDeniedAceEx
RtlAddAce
RtlSetDaclSecurityDescriptor
RtlEqualSid
RtlCopySid
RtlFirstFreeAce
RtlValidAcl
RtlAddAuditAccessObjectAce
RtlValidSid
RtlGetSaclSecurityDescriptor
RtlAddAccessDeniedObjectAce
RtlSetGroupSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedObjectAce
RtlGetDaclSecurityDescriptor
RtlInitializeSid
RtlAddAccessAllowedAceEx
RtlSubAuthorityCountSid
RtlGetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAuditAccessAceEx
RtlSetOwnerSecurityDescriptor
RtlInitializeCriticalSectionEx
RtlDeleteCriticalSection
EtwTraceMessage
RtlNtStatusToDosErrorNoTeb
RtlRunOnceExecuteOnce
WinSqmIsOptedIn
WinSqmEndSession
WinSqmSetString
WinSqmStartSession
WinSqmIsOptedInEx
WinSqmSetDWORD
WinSqmIncrementDWORD
WinSqmAddToStream
RtlIsCapabilitySid
RtlIsPackageSid

kernel32

ResolveDelayLoadedAPI
DelayLoadFailureHook
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
LoadLibraryExW
LocalAlloc
LocalFree
TlsGetValue
GetCurrentProcess
FlushInstructionCache
SetLastError
EnterCriticalSection
GetCurrentThreadId
RaiseException
GetProcessHeap
HeapAlloc
CompareStringW
GetLastError
CheckElevationEnabled
CreateThreadpoolWait
SetThreadpoolWait
AcquireSRWLockShared
ReleaseSRWLockShared
SetEvent
CompareStringEx
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapFree
FormatMessageW
DisableThreadLibraryCalls
InitializeCriticalSection
TlsFree
DeleteCriticalSection
LocalReAlloc
LoadLibraryW
CreateThread
FreeLibrary
CloseHandle
WaitForSingleObjectEx
GetModuleHandleW
FreeLibraryAndExitThread
HeapReAlloc
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
GlobalLock
GlobalUnlock
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
lstrcmpiW
HeapDestroy
HeapSize
VirtualFree
InterlockedPopEntrySList
IsProcessorFeaturePresent
VirtualAlloc
InterlockedPushEntrySList
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
OutputDebugStringA
FindResourceW
GetCurrentThread
GetProcAddress
TlsAlloc
lstrcmpW
LeaveCriticalSection

user32

IsWindowVisible
GetSystemMetrics
IsWindowEnabled
MessageBoxW
LoadImageW
GetAncestor
GetDC
ReleaseDC
RegisterWindowMessageW
GetWindow
GetWindowPlacement
SetWindowPlacement
RegisterClassW
UnregisterClassW
MapDialogRect
SystemParametersInfoW
DestroyIcon
GetDlgCtrlID
DefWindowProcW
GetScrollInfo
SetScrollPos
ScrollWindow
SetScrollInfo
LoadCursorW
OffsetRect
MoveWindow
ShowScrollBar
SetFocus
FrameRect
GetDlgItemTextW
GetSysColor
DrawFocusRect
EnumDisplaySettingsW
CreateWindowExW
keybd_event
SetTimer
KillTimer
ClientToScreen
RegisterClipboardFormatW
DrawTextW
UnregisterClassA
SetCursor
SetWindowLongW
GetWindowLongW
LoadStringW
GetFocus
RedrawWindow
DialogBoxParamW
GetActiveWindow
InflateRect
PostMessageW
GetParent
EnableWindow
SetWindowPos
MapWindowPoints
GetWindowRect
ShowWindow
DestroyWindow
EndDialog
SetWindowTextW
SetDlgItemTextW
SendDlgItemMessageW
LoadIconW
GetClientRect
SendMessageW
GetSysColorBrush
GetDlgItem
CallWindowProcW

gdi32

DeleteObject
GetTextExtentPoint32W
SetTextColor
CreateFontIndirectW
GetObjectW
SetBkMode
SetBkColor
SelectObject

shlwapi

ord12
PathAppendW
StrRChrW
StrChrW
ord219

advapi32

GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
AddAccessAllowedAce
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
AddConditionalAce
LsaOpenPolicy
GetSidSubAuthorityCount
OpenProcessToken
CopySid
EventUnregister
EventRegister
GetAce
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
EventWrite
EqualPrefixSid
IsValidSid
GetLengthSid
EqualSid
SetThreadToken
AdjustTokenPrivileges
DuplicateTokenEx
OpenThreadToken
GetWindowsAccountDomainSid
LsaLookupSids
GetSidSubAuthority
IsValidAcl
IsValidSecurityDescriptor
IsWellKnownSid
LookupAccountSidW
DeleteAce
LookupAccountNameW
LsaGetAppliedCAPIDs
AllocateAndInitializeSid

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoGetMalloc
CoTaskMemRealloc
ReleaseStgMedium
CoCreateGuid

oleaut32

SafeArrayAccessData
SysAllocString
SysAllocStringLen
SafeArrayUnaccessData
SysFreeString
SysReAllocStringLen

shell32

ord258
ord6
ord259

ntdsapi

DsFreeNameResultW
DsCrackNamesW
DsUnBindW
DsBindWithSpnExW

xmllite

CreateXmlReader

Exports

Exports

CreateSecurityPage
EditConditionalAceClaims
EditResourceCondition
EditSecurity
EditSecurityAdvanced
GetLocalizedStringForCondition
GetTlsIndexForClaimDictionary
IID_ISecurityInformation

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 463KB - Virtual size: 462KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

384f6881b060117aedb9b7d36e225017

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

gdi32

shlwapi

advapi32

ole32

oleaut32

shell32

ntdsapi

xmllite

Exports

Exports

Sections

.text Size: 344KB - Virtual size: 343KB

.data Size: 14KB - Virtual size: 16KB

.idata Size: 9KB - Virtual size: 8KB

.tls Size: 512B - Virtual size: 13B

.rsrc Size: 463KB - Virtual size: 462KB

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 344KB - Virtual size: 343KB

.data
Size: 14KB - Virtual size: 16KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 463KB - Virtual size: 462KB

.reloc
Size: 34KB - Virtual size: 34KB