AppIdPolicyEngineApi[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AppIdPolicyEngineApi.dll
Size

295KB
MD5

b90a7158f5009e44ed9947ac8b812af4
SHA1

5826ba8d0d3e486e316631cac7d39be73953accb
SHA256

0b031fc0b0c052d9d8e9706359a8830c1f6cae07539424a6030056ea34822d23
SHA512

e0b6819017dbd0d057286d86decd1d31995db59633416912d2fce9cae83719df57a9198a71a0b94662c6c21279d141ade1fca599fa7e3bbfa97c27f04a9037a2
SSDEEP

3072:cdvlFPw/FGIG2O5+zibMnWIHXEmvnGANwI3QuaUZwbh2uR3JUt7ktuYgL+/:AlFyq2c+zOMWcbnGANwoQ72unUt7ktV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AppIdPolicyEngineApi.dll

Files

AppIdPolicyEngineApi.dll
.dll windows:6 windows x64 arch:x64

b02144740ed5d327d6c1fb34db9f7493

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppIdPolicyEngineApi.pdb

Imports

msvcrt

wcsncpy_s
memcmp
__RTDynamicCast
__C_specific_handler
memmove_s
memset
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
_onexit
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_errno
realloc
_ui64tow_s
__CxxFrameHandler3
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
_lock
_unlock
wcstol
__dllonexit
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_purecall
memcpy_s
free
malloc
_wtoi
_wtof
tolower
towupper
_vsnwprintf_s
memcpy

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW

user32

CharNextW
UnregisterClassA

kernel32

DelayLoadFailureHook
ResolveDelayLoadedAPI
SetLastError
CloseHandle
CreateFileW
GetSystemWindowsDirectoryW
LocalFree
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
RegDeleteTreeW
UnhandledExceptionFilter
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
Sleep
DisableThreadLibraryCalls
DeleteCriticalSection
RaiseException
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
RegQueryValueExW

advapi32

SetSecurityDescriptorSacl
RegEnumKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSidToSidW
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
RegCreateKeyW
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetAce

rpcrt4

UuidCompare
UuidCreate
RpcStringFreeW
UuidToStringW
UuidFromStringW

authz

AuthzFreeContext
AuthzInitializeResourceManager
AuthzInitializeContextFromSid
AuthziModifySecurityAttributes
AuthziAccessCheckEx
AuthzFreeResourceManager

appidapi

AppIDEncodeAttributeString
AppIDDecodeAttributeString
AppIDConstructAppxAttributes
AppIDGetAppxFileAttributes
AppIDGetFileAttributes
AppIDReleaseAppxFileAttributes
AppIDReleaseFileAttributes
AppIDFreeAttributeString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-path-l1-1-0

PathCchAppend

shlwapi

SHCreateStreamOnFileEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b02144740ed5d327d6c1fb34db9f7493

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-registry-l1-1-0

user32

kernel32

advapi32

rpcrt4

authz

appidapi

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-path-l1-1-0

shlwapi

Exports

Exports

Sections

.text Size: 261KB - Virtual size: 261KB

.data Size: 6KB - Virtual size: 8KB

.pdata Size: 10KB - Virtual size: 9KB

.idata Size: 5KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 176B

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 261KB - Virtual size: 261KB

.data
Size: 6KB - Virtual size: 8KB

.pdata
Size: 10KB - Virtual size: 9KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 176B

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 1KB - Virtual size: 1KB