ConfigureExpandedStorage[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

ConfigureExpandedStorage.dll
Size

66KB
MD5

b07a1655eebb5dbb4036579d42581e81
SHA1

70dbd8cc63c7d6e17d70464e56149d827a33e51c
SHA256

ff2b7dc0666d228679cd095a994fbaeca4bae042b5bd25dbfb6910a146b041bc
SHA512

aeb785f558311a1265d6a5560d9b5d7e5db758b63ed5ee5b3cfc221be03c0b38b2eba5659db060af3b52a79f0431a48cd261d8845c4f7acec9c95927e15388cb
SSDEEP

768:m/SQ/NvNyZRE+gV1vrYYRb6eaAwx34aCTl49HNOFx0pgZmM1HbqB/RZv+Vsb1gdS:pQ/DrrAei46tSd3bkeU+lBPT8QuL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ConfigureExpandedStorage.dll

Files

ConfigureExpandedStorage.dll
.dll windows:6 windows x64 arch:x64

12e8b8a27f1de54bb7a79829e0250e9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ConfigureExpandedStorage.pdb

Imports

msvcrt

_vsnwprintf
memset
_purecall
??3@YAXPEAX@Z
_set_errno
_get_errno
_XcptFilter
_amsg_exit
free
malloc
_initterm
__C_specific_handler
_lock
_unlock
__dllonexit
_onexit
??2@YAPEAX_K@Z
__CxxFrameHandler3

kernel32

CloseThreadpoolTimer
TlsGetValue
FreeLibrary
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateDirectoryW
GetModuleHandleExW
WaitForSingleObject
SetEvent
ReleaseSRWLockExclusive
GetTickCount
AcquireSRWLockExclusive
TlsSetValue
OpenProcess
Sleep
InitOnceExecuteOnce
RaiseException
FreeLibraryAndExitThread
GetLastError
CreateSemaphoreW
FreeLibraryWhenCallbackReturns
CreateEventExW
CreateThreadpoolTimer
CallbackMayRunLong
OpenSemaphoreW
TlsAlloc
TrySubmitThreadpoolCallback
CloseHandle
GetCurrentProcessId
TlsFree
CreateThread
EncodePointer
GetProcessHeap
ReleaseSRWLockShared
DecodePointer
AcquireSRWLockShared
QueryPerformanceCounter
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ReleaseSemaphore
GetCurrentThreadId

ole32

CoUninitialize
CoTaskMemRealloc
CreateStreamOnHGlobal
CoReleaseMarshalData
RoGetAgileReference
CoWaitForMultipleHandles
CoCopyProxy
CoGetMalloc
CoGetApartmentType
CoTaskMemAlloc
CoInitializeEx
CoMarshalInterface
CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree
CoCreateFreeThreadedMarshaler

shell32

SHCreateItemFromParsingName
SHGetKnownFolderItem
ord850

secur32

GetUserNameExW

api-ms-win-core-path-l1-1-0

PathAllocCombine

api-ms-win-core-winrt-error-l1-1-1

RoOriginateError
RoTransformError
IsErrorPropagationEnabled
RoOriginateErrorW
SetRestrictedErrorInfo
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
GetRestrictedErrorInfo

api-ms-win-core-processthreads-l1-1-2

OpenProcessToken

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsCreateString
WindowsCreateStringReference
WindowsStringHasEmbeddedNull

api-ms-win-security-base-l1-2-0

GetTokenInformation

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-heap-l1-2-0

HeapFree

shlwapi

SHGetThreadRef
PathFileExistsW
SHSetThreadRef
SHCreateThreadRef

user32

TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx
DispatchMessageW
PostThreadMessageW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12e8b8a27f1de54bb7a79829e0250e9d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

ole32

shell32

secur32

api-ms-win-core-path-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-heap-l1-2-0

shlwapi

user32

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 54KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 2KB

.idata Size: 5KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1016B

.text
Size: 54KB - Virtual size: 54KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1016B