RADCUI[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

RADCUI.dll
Size

276KB
MD5

e43686ca96d5f3f356c2e6cf489c95ba
SHA1

064847ec1a967d31250a8dc3e38ebb2217c38e13
SHA256

2b74fd61f7e165b795f463213e4b8056555aaeaf876ab2a8683962aa08238bc7
SHA512

c92eda346033b222e0ff866deb2b887abeb937884c74dbd3254c4d4264a8049ca0b1374b917042615d901c4e68d15a81a19aa724e6d6e9a8a93e65a67015ece3
SSDEEP

3072:JOqkERKHMrEvIufr5kR04MS5pcZ8tB11lqRuLrSAt6WX+bpnZ4W8TjzEJ5aQ4i:cC0HMrEvLfY9kQvSi6WX+bpO3zEJ5N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RADCUI.dll

Files

RADCUI.dll
.dll windows:6 windows x86 arch:x86

d504df14d4ac6698be612375ddf0a1fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

RADCUI.pdb

Imports

msvcrt

??3@YAXPAX@Z
bsearch
wcsncmp
_wcsnicmp
wcstombs
_wcsicmp
_vsnwprintf
_ftol2_sse
_except_handler4_common
__CxxFrameHandler3
realloc
_errno
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QAE@XZ
calloc
memset
_purecall
?what@exception@@UBEPBDXZ
memmove_s
iswspace
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
memmove
memcpy_s
free
malloc
wcsncpy_s
??_V@YAXPAX@Z
memcpy

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsCreateString

ntdll

WinSqmAddToStream
EtwLogTraceEvent

kernel32

QueryPerformanceCounter
ActivateActCtx
ReleaseActCtx
CreateActCtxW
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleExA
DisableThreadLibraryCalls
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetModuleHandleExW
ReleaseSemaphore
FreeLibraryAndExitThread
ResetEvent
OpenThread
GetProcessHeap
CreateSemaphoreW
GetSystemInfo
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
CreateThread
GetTickCount
OutputDebugStringA
GetVersionExW
CompareStringW
WaitForSingleObject
GetAtomNameW
CreateMutexW
ReleaseMutex
CompareStringOrdinal
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDateFormatW
GetTimeFormatW
SearchPathW
MapViewOfFile
UnmapViewOfFile
GetSystemDefaultUILanguage
GetLocaleInfoW
SetLastError
CreateFileMappingW
GetUserDefaultUILanguage
TerminateThread
SetEvent
SwitchToThread
CreateFileW
CreateEventW
WaitForMultipleObjects
CloseHandle
DeactivateActCtx
TerminateProcess
TlsFree
GetCurrentProcess
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
TlsGetValue
TlsSetValue
LocalAlloc
LocalFree

advapi32

RegNotifyChangeKeyValue
RegQueryValueExW
EventActivityIdControl
EventWrite
RegGetValueW
EventUnregister
EventRegister
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

shlwapi

ord256
ord172
ord156
ord158
ord219
SHStrDupW
ord204
ord174
ord618
ord24
ord278
ord514
ord176
ord199

ole32

CoTaskMemRealloc
CoGetMalloc
CoAllowSetForegroundWindow
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayUnaccessData
VariantInit
SysFreeString
VarUI4FromStr
SysAllocString
VariantClear

user32

TranslateMessage
GetMessageW
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
DestroyIcon
SetCursor
LoadCursorW
CharNextW
UnregisterClassW
GetClassInfoExW
RegisterClassExW
CreateWindowExW
DefWindowProcW
DestroyWindow
PostMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
PostThreadMessageW
DispatchMessageW
LoadStringW
UnregisterClassA
GetFocus

dui70

?CanSetFocus@XProvider@DirectUI@@UAGJPA_N@Z
?Navigate@XProvider@DirectUI@@UAGJHPA_N@Z
?SetFocus@XProvider@DirectUI@@UAGJPAVElement@2@@Z
?IsDescendent@XProvider@DirectUI@@UAGJPAVElement@2@PA_N@Z
?GetDesiredSize@XProvider@DirectUI@@UAGJHHPAUtagSIZE@@@Z
?SetParameter@XProvider@DirectUI@@UAGJABU_GUID@@PAX@Z
?AddRef@XProvider@DirectUI@@UAGKXZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SGPAUIClassInfo@2@XZ
?SetDefaultButtonTracking@XProvider@DirectUI@@UAGJ_N@Z
?SetHandleEnterKey@XProvider@DirectUI@@IAEX_N@Z
?CreateDUI@XProvider@DirectUI@@UAGJPAVIXElementCP@2@PAPAUHWND__@@@Z
?GetRoot@XProvider@DirectUI@@IAEPAVElement@2@XZ
?Initialize@XProvider@DirectUI@@QAEJPAVElement@2@PAVIXProviderCP@2@@Z
?Create@XResourceProvider@DirectUI@@SGJPAUHINSTANCE__@@PBG11PAPAV12@@Z
?QueryInterface@XProvider@DirectUI@@UAGJABU_GUID@@PAPAX@Z
??1XProvider@DirectUI@@UAE@XZ
?GetCheckedState@TouchCheckBox@DirectUI@@QAE?AW4CheckedStateFlags@2@XZ
?SetCheckedState@TouchCheckBox@DirectUI@@QAEJW4CheckedStateFlags@2@@Z
?Click@TouchButton@DirectUI@@SG?AVUID@@XZ
RegisterPVLBehaviorFactory
?GetClassInfoPtr@TouchCheckBox@DirectUI@@SGPAUIClassInfo@2@XZ
?SetContentAlign@Element@DirectUI@@QAEJH@Z
?Click@Button@DirectUI@@SG?AVUID@@XZ
?Add@Element@DirectUI@@QAEJPAV12@P6AHPBX1@Z@Z
?EndDefer@Element@DirectUI@@QAEXK@Z
?SetClass@Element@DirectUI@@QAEJPBG@Z
??0XProvider@DirectUI@@QAE@XZ
?Destroy@DUIXmlParser@DirectUI@@QAEXXZ
?CreateElement@DUIXmlParser@DirectUI@@QAEJPBGPAVElement@2@1PAKPAPAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QAEJIPAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SGJPAPAV12@P6GPAVValue@2@PBGPAX@Z2P6GX11H2@Z2@Z
?SetAccName@Element@DirectUI@@QAEJPBG@Z
?SetLayoutPos@Element@DirectUI@@QAEJH@Z
?DestroyAll@Element@DirectUI@@QAEJ_N@Z
?SetEnabled@Element@DirectUI@@QAEJ_N@Z
?QueryInterface@Element@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?Register@Element@DirectUI@@SGJXZ
?CreateString@Value@DirectUI@@SGPAV12@PBGPAUHINSTANCE__@@@Z
?SetValue@Element@DirectUI@@QAEJPBUPropertyInfo@2@HPAVValue@2@@Z
?GetClassInfoPtr@Element@DirectUI@@SGPAUIClassInfo@2@XZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UBEXXZ
?GetChildren@ClassInfoBase@DirectUI@@UBEHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UAEXXZ
?AddChild@ClassInfoBase@DirectUI@@UAEXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UBE_NXZ
?FindElementWithShortcutAndDoDefaultAction@XProvider@DirectUI@@UAGHGH@Z
?IsSubclassOf@ClassInfoBase@DirectUI@@UBE_NPAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UBE_NPBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UBEPBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UBEIXZ
?GetPICount@ClassInfoBase@DirectUI@@UBEIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UAEHXZ
?AddRef@ClassInfoBase@DirectUI@@UAEXXZ
??1ClassInfoBase@DirectUI@@UAE@XZ
??0ClassInfoBase@DirectUI@@QAE@XZ
??0Element@DirectUI@@QAE@XZ
?Initialize@ClassInfoBase@DirectUI@@QAEJPAUHINSTANCE__@@PBG_NPBQBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QAEJXZ
?ClassExist@ClassInfoBase@DirectUI@@SG_NPAPAUIClassInfo@2@PBQBUPropertyInfo@2@IPAU32@PAUHINSTANCE__@@PBG_N@Z
??1CritSecLock@DirectUI@@QAE@XZ
?GetFactoryLock@Element@DirectUI@@SGPAU_RTL_CRITICAL_SECTION@@XZ
?Initialize@Element@DirectUI@@QAEJIPAV12@PAK@Z
?IsRTLReading@Element@DirectUI@@UAE_NXZ
?IsContentProtected@Element@DirectUI@@UAE_NXZ
?GetContentStringAsDisplayed@Element@DirectUI@@UAEPBGPAPAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UAEXH_N@Z
?OnInput@Element@DirectUI@@UAEXPAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnDestroy@Element@DirectUI@@UAEXXZ
?OnEvent@Element@DirectUI@@UAEXPAUEvent@2@@Z
?Paint@Element@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z
?GetContentSize@Element@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?Add@Element@DirectUI@@UAEJPAPAV12@I@Z
?Insert@Element@DirectUI@@UAEJPAPAV12@II@Z
?Remove@Element@DirectUI@@UAEJPAPAV12@I@Z
?GetAdjacent@Element@DirectUI@@UAEPAV12@PAV12@HPBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UAE_NHHHH@Z
?SetKeyFocus@Element@DirectUI@@UAEXXZ
?AddBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?RemoveBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?MessageCallback@Element@DirectUI@@UAEIPAUtagGMSG@@@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UAEXPAUtagRECT@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MAEXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MAE?AUtagSIZE@@HHPAVSurface@2@@Z
?OnHosted@Element@DirectUI@@MAEXPAV12@@Z
?OnUnHosted@Element@DirectUI@@MAEXPAV12@@Z
?UpdateTooltip@Element@DirectUI@@MAEXPAV12@@Z
?ActivateTooltip@Element@DirectUI@@MAEXPAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MAEXPAV12@@Z
?GetKeyFocused@Element@DirectUI@@UAE_NXZ
?GetAccessibleImpl@Element@DirectUI@@UAEJPAPAUIAccessible@@@Z
?DefaultAction@Element@DirectUI@@UAEJXZ
?GetUIAElementProvider@Element@DirectUI@@UAEJABU_GUID@@PAPAX@Z
?GetElementProviderImpl@Element@DirectUI@@UAEJPAVInvokeHelper@2@PAPAVElementProvider@2@@Z
?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?GetHostedElementID@XProvider@DirectUI@@UAGJPAG@Z
?ForceThemeChange@XProvider@DirectUI@@UAGJIJ@Z
?ClickDefaultButton@XProvider@DirectUI@@UAGHXZ
?SetRegisteredDefaultButton@XProvider@DirectUI@@UAGJPAVElement@2@@Z
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UAGJ_N@Z
?CreateXBaby@XProvider@DirectUI@@UAEJPAVIXElementCP@2@PAUHWND__@@PAVElement@2@PAKPAPAUIXBaby@2@@Z
?GetValue@Element@DirectUI@@QAEPAVValue@2@PBUPropertyInfo@2@HPAUUpdateCache@2@@Z
InitProcessPriv
InitThread
UnInitProcessPriv
UnInitThread
?Init@NavReference@DirectUI@@QAEXPAVElement@2@PAUtagRECT@@@Z
?GetStringNull@Value@DirectUI@@SGPAV12@XZ
?SetActive@Element@DirectUI@@QAEJH@Z
?GetUnset@Value@DirectUI@@SGPAV12@XZ
?GetModule@ClassInfoBase@DirectUI@@UBEPAUHINSTANCE__@@XZ
?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
?HandleUiaEventListener@Element@DirectUI@@UAEXPAUEvent@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UAEPAV12@XZ
??1Element@DirectUI@@UAE@XZ
?GetAtomZero@Value@DirectUI@@SGPAV12@XZ
?GetChildren@Element@DirectUI@@QAEPAV?$DynamicArray@PAVElement@DirectUI@@$0A@@2@PAPAVValue@2@@Z
?Release@Value@DirectUI@@QAEXXZ
?SetVisible@Element@DirectUI@@QAEJ_N@Z
?SetContentString@Element@DirectUI@@QAEJPBG@Z
?GetContentString@Element@DirectUI@@QAEPBGPAPAVValue@2@@Z
?SetReadOnly@TouchEditBase@DirectUI@@QAEJ_N@Z
?Enter@TouchEditBase@DirectUI@@SG?AVUID@@XZ
?Destroy@Element@DirectUI@@QAEJ_N@Z
?PasteText@TouchEdit2@DirectUI@@QAEJPBG@Z
?AddListener@Element@DirectUI@@QAEJPAUIElementListener@2@@Z
StrToID
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z

propsys

PSPropertyBag_ReadType
PSPropertyBag_WriteUnknown
PSPropertyBag_ReadStr
InitVariantFromBuffer
PSPropertyBag_ReadInt

tsworkspace

ord2
ord1

windows.ui.immersive

ord101
ord100

shell32

SHBindToObject
ord25
ord18
ord155
SHParseDisplayName
ShellExecuteExW
ord152
SHGetIDListFromObject
SHCreateItemFromParsingName

wininet

InternetCrackUrlW
InternetCanonicalizeUrlW

Exports

Exports

DUIRemoveSubscriptionDialogModal
DUISubscribeWizardModal
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d504df14d4ac6698be612375ddf0a1fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

ntdll

kernel32

advapi32

shlwapi

ole32

oleaut32

user32

dui70

propsys

tsworkspace

windows.ui.immersive

shell32

wininet

Exports

Exports

Sections

.text Size: 169KB - Virtual size: 168KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 14KB - Virtual size: 14KB

.rsrc Size: 69KB - Virtual size: 68KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 169KB - Virtual size: 168KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 69KB - Virtual size: 68KB

.reloc
Size: 21KB - Virtual size: 20KB