aelupsvc[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

aelupsvc.dll
Size

209KB
MD5

bcd58dacaa1eaaadc115edd940478f6d
SHA1

828cf07e98acb780ed98ee12872bb4738a4bd90c
SHA256

f31613f583c302f62a00e6766b031531c9e193caed563689b178ba257715b992
SHA512

5a78ae4ac8772a04b3fdb7c8d778c873e22795b6a15435df424e1fcee107cc4cf1943db3d55784812be09381f3e61033a57690deb6b695a67344d73b70ca5ea6
SSDEEP

3072:QORLNs3BSQQ0EKoioHK1swFj9M2eqpl1hciEAIAx+E1frlNitBXJ1Yn:fLrxKgK1sKMkpl1hcAOElrlNc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aelupsvc.dll

Files

aelupsvc.dll
.dll windows:6 windows x64 arch:x64

d86e5bf846daeb1469281aa534b6089e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aelupsvc.pdb

Imports

msvcrt

strncmp
wcspbrk
_vsnprintf
wcsspn
wcscat_s
qsort
strspn
strpbrk
wcsstr
isdigit
toupper
__C_specific_handler
memcmp
memcpy
_wcsicmp
wcschr
_itow_s
_wsplitpath_s
wcscpy_s
swscanf_s
memset
strchr
_wcsupr_s
_vsnwprintf
wcsrchr
memmove
_wcsnicmp

ntdll

EtwTraceMessage
RtlValidateHeap
RtlSizeHeap
RtlAdjustPrivilege
RtlNtStatusToDosError
RtlCheckTokenMembership
NtQueryValueKey
NtOpenKey
NtOpenFile
NtQueryInformationFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlDeleteCriticalSection
EtwEventUnregister
EtwEventRegister
RtlInitializeCriticalSectionAndSpinCount
RtlLeaveCriticalSection
RtlEnterCriticalSection
NtWaitForSingleObject
NtCreateEvent
RtlExitUserThread
NtSetEvent
NtAlpcCancelMessage
AlpcInitializeMessageAttribute
NtAlpcAcceptConnectPort
NtResumeThread
RtlCreateUserThread
NtAlpcOpenSenderProcess
RtlFreeUnicodeString
RtlReleaseRelativeName
RtlDosPathNameToRelativeNtPathName_U
NtApphelpCacheControl
NtAlpcSendWaitReceivePort
NtAlpcCreatePort
RtlInitUnicodeStringEx
RtlFreeSid
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlLengthSid
RtlAllocateAndInitializeSid
EtwEventWrite
NtClose
RtlGetVersion
RtlImageRvaToVa
RtlImageDirectoryEntryToData
RtlInitUnicodeString
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
DbgPrintEx
RtlFormatCurrentUserKeyPath
RtlDowncaseUnicodeString
NlsMbCodePageTag
NtQueryKey
NtEnumerateValueKey
RtlExpandEnvironmentStrings_U
RtlAnsiStringToUnicodeString
NtMapViewOfSection
RtlInitAnsiString
RtlInitString
NtQueryInformationProcess
NtQueryDirectoryFile
NtUnmapViewOfSection
RtlQueryEnvironmentVariable_U
RtlxAnsiStringToUnicodeSize
NtCreateFile
RtlGetNativeSystemInformation
RtlUnicodeStringToInteger
RtlDoesFileExists_U
RtlGetFullPathName_U
NtCreateSection
RtlDosPathNameToNtPathName_U
LdrResFindResource
RtlUpcaseUnicodeString
RtlCopyUnicodeString
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeToMultiByteN
RtlGUIDFromString
AlpcGetMessageAttribute
RtlFreeHeap
RtlAllocateHeap

api-ms-win-service-core-l1-1-1

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-errorhandling-l1-1-1

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-2-1

CreateFileW
GetFinalPathNameByHandleW
GetFileAttributesW
GetDriveTypeW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetProcessId
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolThreadMinimum
CreateThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
CloseThreadpoolWork
CreateThreadpool
SubmitThreadpoolWork
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolWork

api-ms-win-core-registry-l1-1-0

RegGetValueW

apphelp

ord2
ord1
ord17
ApphelpCheckRunAppEx
ApphelpDebugPrintf

kernel32

ReadFile
DisableThreadLibraryCalls
GetFileSize
CreateFileMappingW
ExpandEnvironmentStringsW
GetFileTime
VirtualQuery
GetFileSizeEx
GetFileInformationByHandle
GetVolumeNameForVolumeMountPointW
GetVolumeInformationW
GetVolumePathNameW
GetSystemWindowsDirectoryW
LocalFree
MoveFileExW
DeleteFileW
GetFileAttributesExW
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetBinaryTypeW
IsWow64Process
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetLongPathNameW
OutputDebugStringW
GetEnvironmentVariableW
FindNextFileW
FindClose
UnregisterWaitEx
SetFilePointerEx
SetErrorMode
SetFilePointer
FindFirstFileW
ReleaseActCtx
QueryActCtxW
CreateActCtxW
GetProcAddress
GetModuleHandleW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d86e5bf846daeb1469281aa534b6089e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-service-core-l1-1-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-registry-l1-1-0

apphelp

kernel32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-version-l1-1-0

Exports

Exports

Sections

.text Size: 181KB - Virtual size: 180KB

.data Size: 6KB - Virtual size: 6KB

.pdata Size: 9KB - Virtual size: 8KB

.idata Size: 8KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 168B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 684B

.text
Size: 181KB - Virtual size: 180KB

.data
Size: 6KB - Virtual size: 6KB

.pdata
Size: 9KB - Virtual size: 8KB

.idata
Size: 8KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 168B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 684B