LocationApi[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

LocationApi.dll
Size

316KB
MD5

f430d2f66f3dda5d2b6c2237cd108f6b
SHA1

182c3c3274e27df8460382c9ad976fddcdac9eba
SHA256

9d46876674ce30008d6211863d87ab13acefadbf9dfbb11d6c7766511ca1e006
SHA512

19d1da9e38a1d1c51752dbbccc88236d2259e3b48cd22a9b82347edc5508efb04641eef50c825d65226d076217e479daae1c5f511a432ee4847e1c56887dded4
SSDEEP

3072:nlvJsTf+WYRAAA8llqq/cgRRiOTOCgVXhSjBhAR+acAoWq41EPKVDgWGUZ/3vm7P:lxaf+SFUTa/WUxgnkKFHeuu4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
LocationApi.dll

Files

LocationApi.dll
.dll regsvr32 windows:10 windows x86 arch:x86

584d8629d42b5ca87a621edbb04d8bc1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

LocationApi.pdb

Imports

msvcp110_win

?_Syserror_map@std@@YAPBDH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Winerror_map@std@@YAPBDH@Z
??0id@locale@std@@QAE@I@Z

msvcrt

_wcsicmp
_wmakepath_s
_wsplitpath_s
memmove
memcpy
memcmp
_ftol2
_CxxThrowException
_CIsqrt
??3@YAXPAX@Z
__CxxFrameHandler3
_resetstkoflw
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
realloc
_errno
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
_callnewh
wcsncpy_s
malloc
free
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_purecall
wcscat_s
wcscpy_s
memcpy_s
calloc
_vsnwprintf
??_V@YAXPAX@Z
memset

oleaut32

LPSAFEARRAY_UserSize
LoadRegTypeLi
BSTR_UserFree
UnRegisterTypeLi
LPSAFEARRAY_UserFree
BSTR_UserSize
LPSAFEARRAY_UserUnmarshal
SysFreeString
RegisterTypeLi
SysStringLen
BSTR_UserUnmarshal
VariantInit
VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime
LoadTypeLi
BSTR_UserMarshal
SysAllocString
LPSAFEARRAY_UserMarshal

rpcrt4

CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_CountRefs
NdrDllRegisterProxy
CStdStubBuffer_Invoke
NdrStubForwardingFunction
NdrStubCall2
NdrDllUnregisterProxy
NdrDllGetClassObject
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_AddRef
NdrCStdStubBuffer2_Release
NdrOleAllocate
NdrDllCanUnloadNow
NdrOleFree
CStdStubBuffer_Connect
NdrCStdStubBuffer_Release

api-ms-win-core-com-midlproxystub-l1-1-0

CStdStubBuffer2_Connect
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction4
ObjectStublessClient10
ObjectStublessClient5
ObjectStublessClient13
NdrProxyForwardingFunction6
NdrProxyForwardingFunction5
NdrProxyForwardingFunction3
ObjectStublessClient6
ObjectStublessClient7
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient4
ObjectStublessClient12
ObjectStublessClient14
ObjectStublessClient11
CStdStubBuffer2_CountRefs
ObjectStublessClient3
ObjectStublessClient15
CStdStubBuffer2_Disconnect

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryExW

api-ms-win-core-localization-l1-2-0

GetUserGeoID
SetThreadLocale
FormatMessageW
EnumSystemGeoID
GetGeoInfoW
GetThreadLocale

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyExW
RegSetKeySecurity
RegEnumKeyExW
RegGetKeySecurity

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
DeleteCriticalSection
SetEvent
CreateEventW
EnterCriticalSection
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
OpenEventW
WaitForSingleObjectEx
TryAcquireSRWLockExclusive
CreateMutexW
InitializeSRWLock
LeaveCriticalSection
CreateMutexExW
ReleaseMutex
ReleaseSemaphore
AcquireSRWLockShared
InitializeCriticalSection
ReleaseSRWLockShared
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-com-l1-1-0

CoCreateInstance
PropVariantClear
StringFromGUID2
CoTaskMemFree
PropVariantCopy
CoTaskMemAlloc
CLSIDFromString
CoSetProxyBlanket

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventProviderEnabled
EventRegister
EventWriteTransfer
EventSetInformation

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
CreateThread
TerminateProcess
GetCurrentProcess

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
CloseThreadpoolCleanupGroup
CreateThreadpool
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolWork
SetThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
IsThreadpoolTimerSet
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpool

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64
GetSystemTime

ntdll

RtlGUIDFromString
RtlInitUnicodeString
NtCreateCrossVmEvent
WinSqmAddToStream
toupper
WinSqmIsOptedIn
WinSqmAddToStreamEx
WinSqmAddToAverageDWORD
WinSqmIncrementDWORD

api-ms-win-core-marshal-l1-1-0

HWND_UserSize
HWND_UserFree
HWND_UserUnmarshal
HWND_UserMarshal

user32

UnregisterClassW
DefWindowProcW
TranslateMessage
DestroyWindow
GetMessageW
CreateWindowExW
SetWindowLongW
RegisterClassExW
PostThreadMessageW
IsWindow
EnumWindows
PostMessageW
GetWindowLongW
GetClassNameW
RegisterWindowMessageW
DispatchMessageW
UnregisterClassA

propsys

PropVariantToDouble
PropVariantToBSTR
PropVariantToString
InitPropVariantFromCLSID
InitPropVariantFromFileTime

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
AddAce
InitializeAcl
AddAccessAllowedAceEx
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetLengthSid
CopySid
InitializeSecurityDescriptor
GetAce
GetSecurityDescriptorDacl
GetAclInformation

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

584d8629d42b5ca87a621edbb04d8bc1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp110_win

msvcrt

oleaut32

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

ntdll

api-ms-win-core-marshal-l1-1-0

user32

propsys

api-ms-win-core-apiquery-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 231KB - Virtual size: 231KB

.data Size: 1KB - Virtual size: 5KB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 16B

.rsrc Size: 53KB - Virtual size: 53KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 231KB - Virtual size: 231KB

.data
Size: 1KB - Virtual size: 5KB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 53KB - Virtual size: 53KB

.reloc
Size: 18KB - Virtual size: 18KB