AppxAllUserStore[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AppxAllUserStore.dll
Size

163KB
MD5

a12e33f36d82011b80f0078e0a2491e3
SHA1

8d585df548d43a61f847d9f6988f522cfd6a1bc9
SHA256

6fccac03041466674ce21420108c81bb4ecfa6bf410e4c271ff776b00abddd8a
SHA512

f2bda8e9ca7a2f3eef4629bd6f42fe80d287de576d2464aa82d8427f81634ed89fc828e398765a1cb4fc91748995dafd383e4400356652b0e709660a34db69a2
SSDEEP

3072:cbtlj6Q8L07qSMh+fJq7K8AOfwxt7u3o5UigoUp9YEXn5qj9w2v+srJG8QBWss5X:su+fJq7it7uY2doUp9YEXn5T2v3G8QBu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AppxAllUserStore.dll

Files

AppxAllUserStore.dll
.dll windows:6 windows x64 arch:x64

8a69bb632605132b95608663ef2dbba6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxAllUserStore.pdb

Imports

msvcrt

_initterm
__C_specific_handler
_lock
_wcsicmp
__dllonexit
malloc
_onexit
free
memset
_amsg_exit
memcpy
memcmp
_vsnwprintf_s
wcsstr
_XcptFilter
wcschr
_unlock
memmove
_wcsnicmp
wcscmp

ntdll

RtlFreeUnicodeString
RtlValidSid
RtlAllocateAndInitializeSid
RtlDowncaseUnicodeString
RtlInitUnicodeString
RtlDeleteCriticalSection
NtQuerySystemInformation
RtlReportException
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeSid

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
RegisterTraceGuidsW
GetTraceEnableLevel
UnregisterTraceGuids

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWrite
EventActivityIdControl

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegGetValueW
RegCopyTreeW
RegDeleteTreeW
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
GetSidSubAuthorityCount
GetSidSubAuthority
CopySid
RevertToSelf
ImpersonateLoggedOnUser
CreateWellKnownSid
CheckTokenMembership
GetTokenInformation
GetLengthSid

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-libraryloader-l1-1-0

LoadLibraryExW
GetProcAddress
FreeLibrary

api-ms-win-core-file-l1-1-0

CreateFileW
CreateDirectoryW
GetFileAttributesW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegOpenKeyW

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoInitializeEx

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

DebugBreak

api-ms-win-core-processsecurity-l1-1-0

OpenProcessToken
OpenThreadToken

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-security-provider-l1-1-0

SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

oleaut32

GetErrorInfo
SysFreeString
VariantClear
SysAllocString
SysStringLen

Exports

Exports

AddPackageToRegistryStore
AddStagedPackageToRegistryStore
CheckPackagePreinstallPolicy
CommitTakeOwnershipSession
DeleteAllPackagesFromMainPackageArray
DeleteAllPackagesFromPackageArray
DeletePackageInfo
DeleteUserRegistryKeyFromAllUserStore
DidAppSurviveOSUpgradeForUser
DoesPerUserStoreExist
FamilyMonikerStringToSid
FindExistingVersionInRegistryStore
GetAllNonInboxPackagesFromRegistryStore
GetAllPackagesToBeInstalledForUser
GetAllStagedPackagesForMainPackageFromRegistryStore
GetAppxProvisionFactory
HasStagedPackages
IsEnterprisePolicyEnabled
IsInboxPackage
IsNonInboxAllUserPackage
IsPackageInUpgradeKey
IsSystemInAuditBoot
MarkStatusOfMainPackageForUser
PackageFamilyNameFromId
PackageIdBasicFromFullName
PackageSidToPackageCapabilitySid
RemovePackageFromRegistryStore
RemoveStagedPackageFromRegistryStore
RollbackTakeOwnershipSession
TakeOwnershipOnFolder
UpdateFrameworkPackageInRegistryStore
UpdatePackageInRegistryStore

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a69bb632605132b95608663ef2dbba6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processsecurity-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

oleaut32

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 148KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 5KB - Virtual size: 5KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 392B

.text
Size: 148KB - Virtual size: 148KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 5KB - Virtual size: 5KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 392B