api-ms-win-downlevel-kernel32-l1-1-0[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

api-ms-win-downlevel-kernel32-l1-1-0.dll
Size

20KB
MD5

53b3e0a84be27f657c98fe8b4b6a88a1
SHA1

ceb831b4a6599f3cb6ae6b0ffcf2bd316b804a56
SHA256

b9b0e3ee61bf33e220c9b3a0336015df6c18c90a388965f5b71c28a902d95afe
SHA512

d47c9a1ef487e931a933219db4c4145e4f3d1331c50e0da08d9bd23e024ebe7d336cb83ce521b4e9588dbb594c89d28409cf2907aae5d159f54d1b06064dad8f
SSDEEP

384:MhR+9UgyifKAX/YvkYUCALdNtpMon8oOyUStfxd3TSftYxyN3gG1RVtCp5OjRgpW:FFyifhYvoXLdTpMo8C6YoRVm5MRkBVZH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
api-ms-win-downlevel-kernel32-l1-1-0.dll

Files

api-ms-win-downlevel-kernel32-l1-1-0.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-kernel32-l1-1-0.pdb

Exports

Exports

AcquireSRWLockExclusive
AcquireSRWLockShared
AddSIDToBoundaryDescriptor
AddVectoredContinueHandler
AddVectoredExceptionHandler
AllocConsole
AllocateUserPhysicalPages
AllocateUserPhysicalPagesNuma
AttachConsole
Beep
CallbackMayRunLong
CancelIo
CancelIoEx
CancelSynchronousIo
CancelThreadpoolIo
CancelWaitableTimer
ChangeTimerQueueTimer
CheckRemoteDebuggerPresent
ClearCommBreak
ClearCommError
CloseHandle
ClosePrivateNamespace
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CompareFileTime
CompareStringA
CompareStringEx
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
ContinueDebugEvent
ConvertDefaultLocale
CopyFileExW
CreateBoundaryDescriptorW
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateFileA
CreateFileMappingNumaW
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateMemoryResourceNotification
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateNamedPipeW
CreatePipe
CreatePrivateNamespaceW
CreateProcessA
CreateProcessW
CreateRemoteThread
CreateRemoteThreadEx
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpool
CreateThreadpoolCleanupGroup
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateTimerQueue
CreateTimerQueueTimer
CreateWaitableTimerExW
DebugActiveProcess
DebugActiveProcessStop
DebugBreak
DecodePointer
DecodeSystemPointer
DefineDosDeviceW
DeleteBoundaryDescriptor
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeleteProcThreadAttributeList
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeleteVolumeMountPointW
DeviceIoControl
DisableThreadLibraryCalls
DisassociateCurrentThreadFromCallback
DisconnectNamedPipe
DuplicateHandle
EncodePointer
EncodeSystemPointer
EnterCriticalSection
EnumLanguageGroupLocalesW
EnumResourceLanguagesExA
EnumResourceLanguagesExW
EnumResourceNamesExA
EnumResourceNamesExW
EnumResourceTypesExA
EnumResourceTypesExW
EnumSystemFirmwareTables
EnumSystemGeoID
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumSystemLocalesEx
EnumSystemLocalesW
EnumUILanguagesW
EscapeCommFunction
ExitProcess
ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileW
FindFirstVolumeW
FindNLSString
FindNLSStringEx
FindNextChangeNotification
FindNextFileA
FindNextFileW
FindNextVolumeW
FindResourceExW
FindStringOrdinal
FindVolumeClose
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushConsoleInputBuffer
FlushFileBuffers
FlushInstructionCache
FlushProcessWriteBuffers
FlushViewOfFile
FoldStringW
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
FreeResource
FreeUserPhysicalPages
GenerateConsoleCtrlEvent
GetACP
GetCPInfo
GetCPInfoExW
GetCalendarInfoEx
GetCalendarInfoW
GetCommConfig
GetCommMask
GetCommModemStatus
GetCommProperties
GetCommState
GetCommTimeouts
GetCommandLineA
GetCommandLineW
GetCompressedFileSizeA
GetCompressedFileSizeW
GetComputerNameExA
GetComputerNameExW
GetConsoleCP
GetConsoleCursorInfo
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleScreenBufferInfoEx
GetConsoleTitleW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentProcessorNumberEx
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatEx
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetDynamicTimeZoneInformation
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetErrorMode
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileMUIInfo
GetFileMUIPath
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleA
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetGeoInfoW
GetHandleInformation
GetLargePageMinimum
GetLargestConsoleWindowSize
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalDrives
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLongPathNameA
GetLongPathNameW
GetMemoryErrorHandlingCapabilities
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNLSVersion
GetNLSVersionEx
GetNamedPipeClientComputerNameW
GetNativeSystemInfo
GetNumaHighestNodeNumber
GetNumaNodeProcessorMaskEx
GetNumberFormatW
GetNumberOfConsoleInputEvents
GetOEMCP
GetOverlappedResult
GetPhysicallyInstalledSystemMemory
GetPriorityClass
GetProcAddress
GetProcessGroupAffinity
GetProcessHandleCount
GetProcessHeap
GetProcessHeaps
GetProcessId
GetProcessIdOfThread
GetProcessPreferredUILanguages
GetProcessPriorityBoost
GetProcessTimes
GetProcessVersion
GetProcessWorkingSetSizeEx
GetProductInfo
GetQueuedCompletionStatus
GetQueuedCompletionStatusEx
GetShortPathNameW
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLCID
GetSystemDefaultLangID
GetSystemDefaultLocaleName
GetSystemDefaultUILanguage
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemFileCacheSize
GetSystemFirmwareTable
GetSystemInfo
GetSystemPreferredUILanguages
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetSystemTimes
GetSystemWindowsDirectoryA
GetSystemWindowsDirectoryW
GetTempFileNameW
GetTempPathW
GetThreadContext
GetThreadGroupAffinity
GetThreadIOPendingFlag
GetThreadId
GetThreadIdealProcessorEx
GetThreadInformation
GetThreadLocale
GetThreadPreferredUILanguages
GetThreadPriority
GetThreadPriorityBoost
GetThreadTimes
GetThreadUILanguage
GetTickCount
GetTickCount64
GetTimeFormatA
GetTimeFormatEx
GetTimeFormatW
GetTimeZoneInformation
GetTimeZoneInformationForYear
GetUILanguageInfo
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultLocaleName
GetUserDefaultUILanguage
GetUserGeoID
GetUserPreferredUILanguages
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationByHandleW
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetVolumePathNamesForVolumeNameW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetWriteWatch
GlobalMemoryStatusEx
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapLock
HeapQueryInformation
HeapReAlloc
HeapSetInformation
HeapSize
HeapUnlock
HeapValidate
HeapWalk
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
InitOnceInitialize
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
IsDBCSLeadByte
IsDBCSLeadByteEx
IsDebuggerPresent
IsNLSDefinedString
IsProcessInJob
IsProcessorFeaturePresent
IsThreadAFiber
IsThreadpoolTimerSet
IsValidCodePage
IsValidLanguageGroup
IsValidLocale
IsValidLocaleName
IsWow64Process
LCIDToLocaleName
LCMapStringA
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LeaveCriticalSectionWhenCallbackReturns
LoadLibraryExA
LoadLibraryExW
LoadResource
LocalFileTimeToFileTime
LocaleNameToLCID
LockFile
LockFileEx
LockResource
MapUserPhysicalPages
MapViewOfFile
MapViewOfFileEx
MoveFileExW
MoveFileWithProgressW
MultiByteToWideChar
NeedCurrentDirectoryForExePathA
NeedCurrentDirectoryForExePathW
OpenEventA
OpenEventW
OpenFileMappingW
OpenMutexW
OpenPrivateNamespaceW
OpenProcess
OpenSemaphoreW
OpenThread
OpenWaitableTimerW
OutputDebugStringA
OutputDebugStringW
PeekConsoleInputA
PeekConsoleInputW
PeekNamedPipe
PostQueuedCompletionStatus
ProcessIdToSessionId
PurgeComm
QueryDepthSList
QueryDosDeviceW
QueryFullProcessImageNameA
QueryFullProcessImageNameW
QueryIdleProcessorCycleTime
QueryIdleProcessorCycleTimeEx
QueryMemoryResourceNotification
QueryPerformanceCounter
QueryPerformanceFrequency
QueryProcessAffinityUpdateMode
QueryProcessCycleTime
QueryThreadCycleTime
QueryThreadpoolStackInformation
QueryUnbiasedInterruptTime
QueueUserAPC
QueueUserWorkItem
RaiseException
ReOpenFile
ReadConsoleA
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleOutputA
ReadConsoleOutputAttribute
ReadConsoleOutputCharacterA
ReadConsoleOutputCharacterW
ReadConsoleOutputW
ReadConsoleW
ReadDirectoryChangesW
ReadFile
ReadFileEx
ReadFileScatter
ReadProcessMemory
RegisterBadMemoryNotification
ReleaseMutex
ReleaseMutexWhenCallbackReturns
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
ReleaseSemaphoreWhenCallbackReturns
RemoveDirectoryA
RemoveDirectoryW
RemoveVectoredContinueHandler
RemoveVectoredExceptionHandler
ReplaceFileW
ResetEvent
ResetWriteWatch
ResolveLocaleName
RestoreLastError
ResumeThread
ScrollConsoleScreenBufferA
ScrollConsoleScreenBufferW
SearchPathA
SearchPathW
SetCalendarInfoW
SetCommBreak
SetCommConfig
SetCommMask
SetCommState
SetCommTimeouts
SetComputerNameExW
SetConsoleActiveScreenBuffer
SetConsoleCP
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleOutputCP
SetConsoleScreenBufferInfoEx
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetConsoleTitleW
SetConsoleWindowInfo
SetCriticalSectionSpinCount
SetCurrentDirectoryA
SetCurrentDirectoryW
SetDynamicTimeZoneInformation
SetEndOfFile
SetEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetEventWhenCallbackReturns

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

PDB Paths

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 18KB

.rsrc Size: 1024B - Virtual size: 1008B

.text
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 1024B - Virtual size: 1008B