eappgnui[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

eappgnui.dll
Size

100KB
MD5

4e32c419a8b3cc19fcd2cacdef1bd492
SHA1

0d8bc056ccc7acf517c9be6d953e6f362ad41559
SHA256

54552b87f2ceb506760c4a4251467e1430d661ccb0125c3e7b81a4335a6eb1f2
SHA512

213f8a110f5f1e75e26e8f125ab6a6655f0aa26c19c2c51b24af022185584aa65856e73d80e640fbbf9512f8c595616da4ff9689c0e1fd7d7af9ecaaa0bdddf9
SSDEEP

1536:kLMXBv4P8HfWDd7/7j8AUTRe/zInqsMzM3kqWWqyjPm1Kn:cYAZDd7f8xlCInqsMzqkqsyjPM4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eappgnui.dll

Files

eappgnui.dll
.dll regsvr32 windows:6 windows x64 arch:x64

a0ba67364302584870f7e3d2a9ac2e07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

eappgnui.pdb

Imports

msvcrt

_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
_initterm
_XcptFilter
__CxxFrameHandler3
__C_specific_handler
memset
??0exception@@QEAA@AEBQEBDH@Z
memmove
wcsrchr
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
memcpy_s
malloc
free
wcscpy_s
memcmp
_CxxThrowException
_amsg_exit
wcscat_s
memcpy

ntdll

EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwEventRegister
EtwEventUnregister
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DbgPrint
EtwEventWrite
EtwTraceMessage

kernel32

GetSystemTimeAsFileTime
DebugBreak
IsDebuggerPresent
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetSystemInfo
GetVersionExW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
GetCurrentProcess
HeapAlloc
GetLastError
GetModuleHandleW
DisableThreadLibraryCalls
FreeLibrary
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
RaiseException
SetThreadLocale
GetThreadLocale
EnterCriticalSection
DeleteCriticalSection
LocalFree
LoadLibraryW
FormatMessageW
GetSystemDirectoryW
HeapFree
GetProcessHeap
HeapSize
GetModuleHandleExW

ole32

StringFromGUID2
CoCreateInstance

user32

GetWindowTextW
EndDialog
GetWindowLongPtrW
DialogBoxParamW
UnregisterClassA
GetDlgItem
SendMessageW
SetWindowTextW
SetWindowLongPtrW
EnableWindow

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EapPeerFreeErrorMemory
EapPeerFreeMemory
EapPeerInvokeIdentityUI

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0ba67364302584870f7e3d2a9ac2e07

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

ole32

user32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 43KB

.data Size: 4KB - Virtual size: 6KB

.pdata Size: 2KB - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 45KB - Virtual size: 45KB

.reloc Size: 512B - Virtual size: 240B

.text
Size: 43KB - Virtual size: 43KB

.data
Size: 4KB - Virtual size: 6KB

.pdata
Size: 2KB - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 45KB - Virtual size: 45KB

.reloc
Size: 512B - Virtual size: 240B