CSystemEventsBrokerClient[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

CSystemEventsBrokerClient.dll
Size

20KB
MD5

7b775d7dbb208eda6e62c78c3acd238a
SHA1

f98330c6a8ba8ca5dd317eb91e73def9f32c1f32
SHA256

4008cf1b7896d8e84d1a93bb13ac3b15eb0ed927cb282304e45b3b170fb13e5c
SHA512

646a68e7546ad4f898e92aca4cf87179176c65b76b8d7b949eeb1a91d4d545e686baf925d7b33b1f0b9204e508327a9fd5c9af79c1fd90310f62dad028c3b170
SSDEEP

384:TkhDlC80kVubPC1X5jFngmFMqTA6AMMtZEWpSW:TkJ88WzC1BT17iZr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CSystemEventsBrokerClient.dll

Files

CSystemEventsBrokerClient.dll
.dll windows:6 windows x64 arch:x64

237e9212d190c403f0acda19bc176513

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CSystemEventsBrokerClient.pdb

Imports

msvcrt

_lock
_unlock
__C_specific_handler
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
malloc
_CxxThrowException
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
__CxxFrameHandler3
memset
??3@YAXPEAX@Z

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlReleaseSRWLockShared
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
NtDeleteWnfStateName
RtlAcquireSRWLockExclusive
RtlAcquireSRWLockShared
RtlLookupFunctionEntry

rpcrt4

RpcBindingFree
RpcBindingBind
RpcBindingCreateW
NdrClientCall3

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

Exports

Exports

CSebCreatePrivateEvent
CSebCreateWellKnownEvent
CSebDeleteEvent
CSebEnumerateEvents
CSebQueryEventData

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

237e9212d190c403f0acda19bc176513

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

rpcrt4

api-ms-win-core-heap-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 636B

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 152B

.text
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 636B

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 152B