AppXDeploymentClient[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AppXDeploymentClient.dll
Size

263KB
MD5

245c60d17184d617c06f3eeb746ba782
SHA1

e6f0fda72edecac863f680e9d37b7e17d92e3206
SHA256

148dfdef4ea5b2a5def5d1cc09d1504a0adf3e1cc6affcdc36da7bda7bbb3af2
SHA512

6e50007c841d02c7a8f700a786b9d105016ce9cec1be2213295ba17b15f98cc0f0723fac3c5803bb67ab66e02035b85166654b3231bdb0faaed5b81806f27029
SSDEEP

6144:XquRNIBmnB9B+SQvuYd321ExyrHb8JUDLW20pyHIjkePw:PQWYdUSyjb8JUe20RBP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AppXDeploymentClient.dll

Files

AppXDeploymentClient.dll
.dll windows:6 windows x64 arch:x64

ae1e85f0a02078d6168625d9662203a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppXDeploymentClient.pdb

Imports

api-ms-win-core-crt-l1-1-0

memset
__C_specific_handler
memmove
memcmp
memcpy
wcsrchr
memmove_s

api-ms-win-core-crt-l2-1-0

_onexit
_purecall
_initterm_e
_initterm
__dllonexit3

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlReleaseSRWLockShared
RtlUnsubscribeWnfStateChangeNotification
RtlAcquireSRWLockShared
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlAllocateWnfSerializationGroup
NtOpenFile
RtlReleaseRelativeName
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtSetInformationFile
NtQueryInformationFile
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlNtStatusToDosError
RtlGetLastWin32Error
NtQuerySystemInformation
RtlReportException
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
EtwEventRegister
EtwEventWrite
NtQueryInformationThread
EtwEventUnregister
NtCreateSection
NtClose
RtlNtStatusToDosErrorNoTeb
NtMapViewOfSection
NtUnmapViewOfSection
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlInitializeSRWLock

rpcrt4

RpcBindingCreateW
RpcBindingBind
RpcAsyncCompleteCall
RpcAsyncCancelCall
RpcAsyncInitializeHandle
I_RpcExceptionFilter
NdrDllGetClassObject
CStdStubBuffer_DebugServerRelease
NdrStubCall3
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerQueryInterface
NdrClientCall3
Ndr64AsyncClientCall
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
NdrOleAllocate
NdrStubForwardingFunction
NdrOleFree
IUnknown_QueryInterface_Proxy
CStdStubBuffer_AddRef
RpcBindingUnbind
RpcBindingFree

api-ms-win-core-heap-l1-2-0

HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc

api-ms-win-core-com-l1-1-1

CoTaskMemAlloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoGetCallContext
CoGetApartmentType
CoUninitialize
CoInitializeEx
CoCreateInstance

api-ms-win-core-winrt-error-l1-1-1

SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoSetErrorReportingFlags
RoReportFailedDelegate
IsErrorPropagationEnabled
RoTransformError
RoOriginateErrorW
RoOriginateError
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-synch-l1-2-0

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
InitializeCriticalSection
InitOnceExecuteOnce
ReleaseSRWLockShared
CreateEventW
ReleaseSRWLockExclusive
InitializeSRWLock
SleepEx
AcquireSRWLockShared
CreateEventExW
AcquireSRWLockExclusive

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableLevel
TraceMessage
UnregisterTraceGuids

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventUnregister
EventActivityIdControl
EventRegister

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
OpenProcessToken
GetCurrentThread
GetCurrentProcessId
OpenThreadToken
TerminateProcess
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
FreeLibrary
LoadStringW
GetProcAddress
LoadLibraryExA

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-file-l1-2-1

FindClose
SetFileAttributesW
RemoveDirectoryW
CreateFileW
FindFirstFileW
GetFileAttributesW
FindNextFileW
DeleteFileW

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW
StartServiceW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW
QueryServiceStatusEx

api-ms-win-security-base-l1-2-0

CopySid
GetTokenInformation
InitializeSecurityDescriptor
AddAccessAllowedAceEx
ImpersonateLoggedOnUser
GetLengthSid
InitializeAcl
RevertToSelf
SetSecurityDescriptorDacl

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

combase

ord34
ord8
ord18
ord2
ord9
ord5
ord20
ord15
ord10
ord32
ord17
ord6
ord14
ord7
ord16
ord11
ord33
ord13
ord12
ord19

api-ms-win-core-debug-l1-1-1

DebugBreak

api-ms-win-core-memory-l1-1-2

VirtualProtect
VirtualQuery

Exports

Exports

AppxAddPackageToAllUserStoreForPbr
AppxDeletePackageFiles
AppxGetPackageType
AppxPackageRepositoryRecoverStagedPackages
AppxPackageRepositoryRecoverUserInstalls
AppxPreRegisterPackage
AppxPreStageCleanupRunTask
AppxRecoverUserInstallsForUpgrade
AppxRequestRemovePackageForUser
AppxValidatePackages
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetApplicability
GetPackageApplicabilityForUserLogon
IsPackageInstalled
RDSRecoverRequests
ReArmAppxPreStageCleanupTask

Sections

.text
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae1e85f0a02078d6168625d9662203a9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-crt-l1-1-0

api-ms-win-core-crt-l2-1-0

ntdll

rpcrt4

api-ms-win-core-heap-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-heap-obsolete-l1-1-0

combase

api-ms-win-core-debug-l1-1-1

api-ms-win-core-memory-l1-1-2

Exports

Exports

Sections

.text Size: 222KB - Virtual size: 222KB

.orpc Size: 512B - Virtual size: 284B

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 10KB - Virtual size: 10KB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 288B

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 222KB - Virtual size: 222KB

.orpc
Size: 512B - Virtual size: 284B

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 10KB - Virtual size: 10KB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 288B

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 5KB - Virtual size: 4KB