LogonController[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

LogonController.dll
Size

514KB
MD5

de3bf6b90458e04974a6ebf362ecff25
SHA1

075877e606eb64b6ad6b1bce4ff067fab2f41298
SHA256

2fc1dffb9b38edbb564e6d9017e929bf3abf2a65699d5334430386458fd6f6db
SHA512

5913a004379443e4c93f1774337e077e9e4e2604a8dbb2c6f8cd7f09f1a73fc7f65e676970f296a03d7ce9dbfd99ef257d0c63d25ca39ec2def045589c6bbc72
SSDEEP

6144:qPgGPBiZHNbEn5D2gzlqPlmKT9tK9YHgyko+Qpib9JbENzqs2:q4GPWY5NzlqlnK9IgBo+fRJbwF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
LogonController.dll

Files

LogonController.dll
.dll windows:10 windows x86 arch:x86

6ec2eed2214e2ac67acf83944f4c17c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

logoncontroller.pdb

Imports

msvcrt

_get_errno
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_set_errno
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
_vsnprintf_s
wcschr
memmove_s
_wtoi
wcstoul
_callnewh
memmove
_vsnwprintf
_wcsicmp
_CxxThrowException
__CxxFrameHandler3
_ftol2_sse
realloc
memcmp
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
_amsg_exit
_XcptFilter
free
_purecall
memcpy_s
memcpy
memset

shcore

SHCreateThread
SHGetThreadRef
SHCreateThreadRef
SHSetThreadRef
CreateRandomAccessStreamOverStream
SHCreateMemStream
SHCreateThreadWithHandle
IsOS
SHDeleteValueW
ord190

shlwapi

ord197
PathFileExistsW

api-ms-win-core-localization-l1-2-1

FormatMessageW
GetSystemPreferredUILanguages

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetExitCodeProcess
OpenProcess
OpenProcessToken
TlsSetValue
CreateProcessW
TlsAlloc
GetCurrentProcess
GetCurrentThreadId
TlsGetValue
TlsFree
GetCurrentProcessId
CreateThread

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleHandleW
FreeLibraryAndExitThread
GetModuleFileNameA
LockResource
GetModuleHandleExW
DisableThreadLibraryCalls
LoadResource
FindResourceExW
LoadLibraryExW

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-debug-l1-1-1

OutputDebugStringW
CheckRemoteDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-synch-l1-2-0

WaitForSingleObject
OpenSemaphoreW
ReleaseSRWLockExclusive
InitOnceBeginInitialize
InitOnceComplete
ReleaseSRWLockShared
CreateSemaphoreExW
CreateMutexExW
Sleep
AcquireSRWLockShared
SetEvent
CreateEventExW
AcquireSRWLockExclusive
WaitForSingleObjectEx
WaitForMultipleObjectsEx
InitializeSRWLock
InitOnceExecuteOnce
CreateEventW
ReleaseMutex
InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
InitializeCriticalSection
OpenEventW

api-ms-win-core-heap-l1-2-0

HeapSize
HeapSetInformation
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventRegister
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-winrt-error-l1-1-1

GetRestrictedErrorInfo
RoTransformError
SetRestrictedErrorInfo
RoOriginateError
IsErrorPropagationEnabled
RoOriginateErrorW
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsCreateString
WindowsGetStringLen
WindowsIsStringEmpty
WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsDeleteString

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetWindowsDirectoryW
GetProductInfo
GetTickCount64
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-com-l1-1-1

CoCreateFreeThreadedMarshaler
CoMarshalInterface
CreateStreamOnHGlobal
CoDecrementMTAUsage
CoIncrementMTAUsage
CoGetMalloc
CoCancelCall
CoTaskMemAlloc
CoEnableCallCancellation
CoDisableCallCancellation
CoTaskMemRealloc
CoUninitialize
CoInitializeEx
CoWaitForMultipleHandles
PropVariantClear
CoCreateInstance
CoGetApartmentType
RoGetAgileReference
CoReleaseMarshalData
CLSIDFromString
StringFromGUID2
CoCreateGuid
CoTaskMemFree

api-ms-win-core-threadpool-l1-2-0

FreeLibraryWhenCallbackReturns
CallbackMayRunLong
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
TrySubmitThreadpoolCallback
SetThreadpoolWait
SetThreadpoolTimer

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-security-base-l1-2-0

IsWellKnownSid
CopySid
GetLengthSid
CreateWellKnownSid
GetTokenInformation

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegOpenCurrentUser
RegCloseKey
RegEnumValueW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-2-1

FindNextFileW
DeleteFileW
CreateFileW
FindFirstFileExW
FindClose

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchCombine

api-ms-win-core-file-l2-1-2

CopyFileW

userenv

GetProfilesDirectoryW

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification

api-ms-win-power-base-l1-1-0

PowerDeterminePlatformRoleEx

api-ms-win-core-memory-l1-1-2

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-kernel32-legacy-l1-1-1

UnregisterWait
RegisterWaitForSingleObject
GetComputerNameW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-security-lsapolicy-l1-1-0

LsaClose
LsaStorePrivateData
LsaRetrievePrivateData
LsaQueryInformationPolicy
LsaOpenPolicy
LsaFreeMemory

api-ms-win-mm-playsound-l1-1-0

PlaySoundW

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

api-ms-win-rtcore-ntuser-window-l1-1-0

PostThreadMessageW
TranslateMessage
DispatchMessageW
GetDesktopWindow
SendNotifyMessageW
GetWindowThreadProcessId
GetClassInfoW
DefWindowProcW
RegisterClassW
CreateWindowExW
SetWindowLongW
DestroyWindow
UnregisterClassW
GetWindowLongW
PostMessageW
FindWindowW
PeekMessageW

ntdll

NtQueryValueKey
RtlGetSuiteMask
RtlRunOnceExecuteOnce
RtlGetNtProductType
NtOpenKey
RtlUnsubscribeWnfStateChangeNotification
NtOpenProcess
NtQueryInformationToken
NtClose
NtOpenProcessToken
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceExclusive
RtlInitializeResource
RtlInitUnicodeString
RtlNtStatusToDosError
NtSetInformationProcess
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlInitString
NtPowerInformation
RtlPublishWnfStateData
NtQuerySystemInformation
NtQueryWnfStateData

slc

SLGetWindowsInformationDWORD

user32

ActivateKeyboardLayout
UnloadKeyboardLayout
CloseDesktop
UnregisterPowerSettingNotification
GetRawInputDeviceList
RegisterPowerSettingNotification
LoadKeyboardLayoutW
RegisterBSDRWindow
LoadCursorW
ShowCursor
GetDC
ReleaseDC
OpenDesktopW
OpenInputDesktop
SetThreadDesktop
CopyRect
SetSysColors

cfgmgr32

DevGetObjects
DevFreeObjects

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW

rpcrt4

RpcBindingVectorFree
RpcEpUnregister
RpcServerListen
RpcEpRegisterW
UuidFromStringW
RpcServerInqBindings
RpcServerRegisterIfEx
RpcServerUseProtseqW
RpcServerUnregisterIf
I_RpcBindingIsClientLocal
RpcBindingInqAuthClientW
NdrServerCall2
I_RpcBindingInqLocalClientPID

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

api-ms-win-core-registry-l2-2-0

RegDeleteKeyW

api-ms-win-core-misc-l1-1-0

lstrlenW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 473KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ec2eed2214e2ac67acf83944f4c17c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

shcore

shlwapi

api-ms-win-core-localization-l1-2-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-synch-l1-2-1

api-ms-win-security-base-l1-2-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-file-l2-1-2

userenv

api-ms-win-power-setting-l1-1-0

api-ms-win-power-base-l1-1-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-security-lsapolicy-l1-1-0

api-ms-win-mm-playsound-l1-1-0

api-ms-win-rtcore-ntuser-synch-l1-1-0

api-ms-win-rtcore-ntuser-window-l1-1-0

ntdll

slc

user32

cfgmgr32

api-ms-win-eventing-classicprovider-l1-1-0

rpcrt4

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-registry-l2-2-0

api-ms-win-core-misc-l1-1-0

Exports

Exports

Sections

.text Size: 473KB - Virtual size: 473KB

.data Size: 1024B - Virtual size: 3KB

.idata Size: 12KB - Virtual size: 11KB

.didat Size: 512B - Virtual size: 436B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 473KB - Virtual size: 473KB

.data
Size: 1024B - Virtual size: 3KB

.idata
Size: 12KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 436B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 23KB