ActionCenter[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

ActionCenter.dll
Size

874KB
MD5

ba7cc36be0c05e55da584f40da948e2a
SHA1

c64eb30f895885adeb265a6266bfcc3a9674a62e
SHA256

055d71308e2078d627963f81d8a85a508bb77bb29862a1d9ec7ab534f1732aa5
SHA512

de7055c6c0eda398f1709d4e6bd0b0607a708d54f486a5b1b390d5780c38289bb2e49f7dec3ca88dc6023013d5c725cbcbfbb7c3ef8fd184311a8aa0fb497851
SSDEEP

12288:klV4d971A1JoKG+UWaqq2GokUuMx0GM78fFCZW7SG7cD3p:GVu710UjFoj0V7wFCZW+6E3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ActionCenter.dll

Files

ActionCenter.dll
.dll windows:6 windows x64 arch:x64

e7b25b9b7555297b5c2c613c4c10a6ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ActionCenter.pdb

Imports

msvcrt

memcpy
isdigit
_purecall
memcmp
_vsnwprintf
strchr
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memset
wcscmp

kernel32

HeapFree
GetCurrentThread
DisableThreadLibraryCalls
FreeLibrary
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetLastError
AcquireSRWLockShared
ReleaseSRWLockShared
CompareStringOrdinal
SetLastError
DeactivateActCtx
LoadLibraryW
CloseHandle
ExpandEnvironmentStringsW
LocalAlloc
LocalFree
GetUserDefaultUILanguage
GetLocaleInfoW
GetModuleHandleW
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleFileNameW
GetModuleHandleExW
QueryActCtxW
OutputDebugStringA
GetProcAddress
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
FormatMessageW
HeapAlloc
GetProcessHeap
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

shlwapi

ord278
ord219
SHRegGetValueW
ord635
ord631
StrStrW
PathParseIconLocationW
StrChrW
ord158

advapi32

EventWrite
OpenThreadToken
RegCloseKey
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
EventUnregister
EventRegister

user32

PostQuitMessage
SendMessageW
PostMessageW
GetWindowLongPtrW
DefWindowProcW
KillTimer
SetPropW
NotifyWinEvent
RemovePropW
AdjustWindowRectEx
GetWindowRect
InflateRect
CalculatePopupWindowPosition
SetWindowPos
DestroyWindow
FindWindowW
RegisterClassExW
GetMessageW
SendNotifyMessageW
IsWindowVisible
GetAncestor
SetWindowLongPtrW
DispatchMessageW
LoadCursorW
TranslateMessage
GetDoubleClickTime
GetProcessDefaultLayout
SetTimer
ShowWindow
DestroyIcon
LoadMenuW
GetSubMenu
LoadStringW
DestroyMenu
TrackPopupMenuEx
SetForegroundWindow
PtInRect
GetCursorPos

ntdll

WinSqmIncrementDWORD
WinSqmAddToStream
WinSqmAddToStreamEx

rpcrt4

NdrDllGetClassObject
NdrDllCanUnloadNow
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
NdrOleFree
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
NdrCStdStubBuffer_Release
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
NdrOleAllocate

ole32

HWND_UserUnmarshal64
HWND_UserFree64
ObjectStublessClient10
ObjectStublessClient3
ObjectStublessClient5
ObjectStublessClient9
StringFromGUID2
CoCreateInstance
ObjectStublessClient13
ObjectStublessClient11
ObjectStublessClient7
HWND_UserMarshal
ObjectStublessClient8
HWND_UserUnmarshal
ObjectStublessClient4
ObjectStublessClient12
ObjectStublessClient14
HWND_UserMarshal64
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
HWND_UserSize
HWND_UserSize64
ObjectStublessClient6
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoGetMalloc
CoTaskMemFree
HWND_UserFree

oleaut32

SysAllocString

shell32

ShellExecuteExW
SHQueryUserNotificationState
ord100
Shell_NotifyIconGetRect
Shell_NotifyIconW
ord723

dui70

?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?SetActive@Element@DirectUI@@QEAAJH@Z
?SetClass@Element@DirectUI@@QEAAJPEBG@Z
?SetDirection@Element@DirectUI@@QEAAJH@Z
?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?SetAccRole@Element@DirectUI@@QEAAJH@Z
?SetAccState@Element@DirectUI@@QEAAJH@Z
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
?IsMSAAEnabled@HWNDElement@DirectUI@@UEAA_NXZ
?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetParentSizeControl@HWNDElement@DirectUI@@QEAAX_N@Z
?SetWrapKeyboardNavigate@HWNDElement@DirectUI@@QEAAJ_N@Z
?GetClassInfoW@HWNDElement@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?_OnUIStateChanged@HWNDElement@DirectUI@@MEAAXGG@Z
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UEAAXPEAPEBGPEAI@Z
?WndProc@HWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
?CreateStyleParser@HWNDElement@DirectUI@@UEAAJPEAPEAVDUIXmlParser@2@@Z
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?Release@Value@DirectUI@@QEAAXXZ
?SetLayout@Element@DirectUI@@QEAAJPEAVLayout@2@@Z
?ShowFocus@HWNDElement@DirectUI@@QEAA_NXZ
?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnWmSettingChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UEAAXPEAUtagMSG@@PEA_J@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UEAAXPEAUKeyboardEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z
?GetAccessibleImpl@HWNDElement@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?ActivateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@K@Z
?UpdateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?OnDestroy@HWNDElement@DirectUI@@UEAAXXZ
?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?GetID@Element@DirectUI@@QEAAGXZ
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?GetActive@Element@DirectUI@@QEAAHXZ
?GetLayoutPos@Element@DirectUI@@QEAAHXZ
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?GetParent@Element@DirectUI@@QEAAPEAV12@XZ
?RemoveTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?Create@FillLayout@DirectUI@@SAJPEAPEAVLayout@2@@Z
?Initialize@HWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
UnInitThread
InitThread
GetElementDataEntry
?OnEvent@HWNDElement@DirectUI@@UEAAXPEAUEvent@2@@Z
?KeyboardNavigate@Element@DirectUI@@SA?AVUID@@XZ
?Click@Button@DirectUI@@SA?AVUID@@XZ
?OnInput@HWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?SetDataEngine@Repeater@DirectUI@@QEAAXPEAUIDataEngine@2@@Z
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
InitProcessPriv
UnInitProcessPriv
?GetClassInfoPtr@Macro@DirectUI@@SAPEAUIClassInfo@2@XZ
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
StrToID
??0IDataEntry@DirectUI@@QEAA@XZ
??1IDataEntry@DirectUI@@UEAA@XZ
??0IDataEngine@DirectUI@@QEAA@XZ
??1IDataEngine@DirectUI@@UEAA@XZ
??0HWNDElement@DirectUI@@QEAA@XZ
??1HWNDElement@DirectUI@@UEAA@XZ
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z

dwmapi

DwmSetWindowAttribute
DwmIsCompositionEnabled

ext-ms-win-ntuser-private-l1-1-1

GetWindowBand
CreateWindowInBand

comctl32

ord328
ord336
ord335
ord329
ord386
ord334
ord332

wevtapi

EvtNext
EvtSeek
EvtQuery
EvtCreateRenderContext
EvtRender
EvtCreateBookmark
EvtUpdateBookmark
EvtSubscribe
EvtClose

crypt32

CryptProtectData
CryptUnprotectData

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 606KB - Virtual size: 606KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7b25b9b7555297b5c2c613c4c10a6ae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

shlwapi

advapi32

user32

ntdll

rpcrt4

ole32

oleaut32

shell32

dui70

dwmapi

ext-ms-win-ntuser-private-l1-1-1

comctl32

wevtapi

crypt32

Exports

Exports

Sections

.text Size: 233KB - Virtual size: 233KB

.orpc Size: 1024B - Virtual size: 536B

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 7KB - Virtual size: 7KB

.idata Size: 15KB - Virtual size: 14KB

.rsrc Size: 606KB - Virtual size: 606KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 233KB - Virtual size: 233KB

.orpc
Size: 1024B - Virtual size: 536B

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 7KB - Virtual size: 7KB

.idata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 606KB - Virtual size: 606KB

.reloc
Size: 7KB - Virtual size: 6KB