apprepapi[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

apprepapi.dll
Size

159KB
MD5

1f98236f5d803a97b95727aafbc1958d
SHA1

7585e4e16e55485143fce5ce40ef69ca0a5d1a69
SHA256

3c2b043516d5cbd8ee918773994efb695ecc2a644c7dd96904b222964dbf9f3b
SHA512

a3b1d61cc2efff832360e2116c9bdb501bc96a92e1bc0358c534560fb32f2026377878c415236945da06c9d0daf653864a425a95fd6e4963d17903361350e108
SSDEEP

1536:HIZw1PoddJg39brDO2QNrgFA/A3tkrm94bUfMLK4le4LtOmG748AOLaAjwoGwhN:0w1ob69VGgFAId4bUf+YU0mG7xdMoNN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
apprepapi.dll

Files

apprepapi.dll
.dll windows:6 windows x64 arch:x64

68b7c92b68568829530408e104c42f6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

apprepapi.pdb

Imports

msvcrt

memcmp
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
malloc
__C_specific_handler
memset
free
wprintf
_free_locale
_wcsupr_s
_vsnwprintf_l
localeconv
_create_locale
_wtof
time
wcscspn
wcsspn
srand
rand
_wcslwr_s
_ultow_s
_wtoi
wcscpy_s
vswprintf_s
_vscwprintf
iswspace
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
memcpy_s
wcsrchr
memcpy

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmAddToAverageDWORD
WinSqmIncrementDWORD
RtlNtStatusToDosErrorNoTeb
RtlRunOnceExecuteOnce
NtQueryInformationFile
EtwTraceMessage
NtQueryValueKey
NtOpenKey
RtlPrefixUnicodeString
NtQueryVolumeInformationFile
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtClose
NtOpenFile
RtlEqualUnicodeString
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlInitializeSRWLock
RtlInitUnicodeString
NtWaitForSingleObject
RtlAllocateHeap
RtlFreeHeap
NtReadFile

advapi32

EventRegister
EventUnregister
RegCloseKey
RegSetValueExW
EventWrite
OpenProcessToken
GetTokenInformation
RegDeleteKeyExW
RegCreateKeyW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW

crypt32

CertFreeCertificateContext
CertGetCertificateContextProperty
CryptMsgGetParam
CryptFindOIDInfo
CryptSIPRetrieveSubjectGuidForCatalogFile
CryptSIPLoad
CertGetNameStringW

kernel32

RaiseException
DebugBreak
CreateDirectoryW
GetTempFileNameW
ReleaseMutex
OpenMutexW
WaitForSingleObject
CreateMutexW
GetVersionExW
GetCurrentProcess
GetUserDefaultLocaleName
GetSystemTime
MultiByteToWideChar
WideCharToMultiByte
WriteFile
SystemTimeToFileTime
LockResource
InitOnceExecuteOnce
HeapDestroy
GetTickCount
LoadResource
FindResourceExW
GetFinalPathNameByHandleW
ResolveDelayLoadedAPI
DelayLoadFailureHook
LeaveCriticalSection
GetLastError
CreateFileW
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
HeapAlloc
HeapReAlloc
HeapFree
EnterCriticalSection
HeapSize
GetProcessHeap
Sleep
OutputDebugStringA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetFileSizeEx
SizeofResource

ole32

StringFromGUID2
CoCreateGuid
IIDFromString

user32

UnregisterClassA

wininet

InternetCloseHandle
InternetCrackUrlW
HttpOpenRequestW
HttpEndRequestW
InternetOpenW
HttpSendRequestExW
InternetQueryDataAvailable
InternetReadFile
InternetConnectW
InternetSetOptionW

rpcrt4

UuidCreate

profapi

ord104

tbs

GetDeviceIDString

Exports

Exports

AppRepComputeImageHash
AppRepComputeSignatureInfo
AppRepFreeAttributeLib
AppRepInitializeAttributeLib
AppRepParameterCleanup
RepGetFileInformation
RepGetFileReputation
RepInformUserAction

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68b7c92b68568829530408e104c42f6d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

advapi32

crypt32

kernel32

ole32

user32

wininet

rpcrt4

profapi

tbs

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 140KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 6KB - Virtual size: 5KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 288B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 360B

.text
Size: 140KB - Virtual size: 140KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 6KB - Virtual size: 5KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 288B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 360B