EventAggregation[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

EventAggregation.dll
Size

27KB
MD5

cbc993e7d52bd25b1ef29c51d372fd97
SHA1

d4cd60654e8a21cd286a8730e8971d8aa9c9486a
SHA256

5ddf57e7e9ac23c2094dca55f08d47f653ff84e99660411df99db951f1c820fc
SHA512

6841ed2e04d857370bdf8c857d440c51110dd80564e54507e5a36804d2bc87225a641e35b1b579cc6a5ec2941ab8c29534967801f2144d61f1d43711d15ccf91
SSDEEP

384:POh1p9TcQb9JOLwPDr8Oj/V1Xs7qOukoakABGMQaFgmTHtqkd+RIAmickbB0pLMX:sDJV7YOjdVOuBIvgq+fmFkbBiYAPT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EventAggregation.dll

Files

EventAggregation.dll
.dll windows:6 windows x64 arch:x64

d8d6f81b7811c20c5d605f39d6af29c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

EventAggregation.pdb

Imports

msvcrt

__CxxFrameHandler3
??1exception@@UEAA@XZ
_initterm
free
_XcptFilter
memcpy
??1type_info@@UEAA@XZ
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_onexit
__dllonexit
_unlock
_lock
_amsg_exit
malloc
__C_specific_handler
_CxxThrowException
??0exception@@QEAA@XZ
??_V@YAXPEAX@Z
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??3@YAXPEAX@Z

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlSubscribeWnfStateChangeNotification
RtlAllocateWnfSerializationGroup
NtQueryWnfStateData
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
TraceMessage
GetTraceEnableLevel

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter

Exports

Exports

EACreateAggregateEvent
EADeleteAggregateEvent
EAEnumerateAggregateEvents
EAQueryAggregateEventData

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8d6f81b7811c20c5d605f39d6af29c0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 100B

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 100B