SyncController[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

SyncController.dll
Size

501KB
MD5

79ec9894b46196e101f1ca6c63a2e4da
SHA1

19a238a89e65881fed6f888d39e8368fa0c1fecd
SHA256

23340be74cd113af149edc4b5bfb49e455e4139a95d2fa5feb724b8a92ecf826
SHA512

5ddaa12d20858e2a4ce39d97d6133966bdbb5b6e96956a394e7b142181f1b29e1e0f0348dcab978859042e4b50bd65de23cb032b4d21ab3ed508f7b6626cc9ba
SSDEEP

12288:El5rNvYYmJffZvEXA//zBjSpKj0w4eRT:MrNvYYmJfh86zBjSwj0w4e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SyncController.dll

Files

SyncController.dll
.dll windows:10 windows x86 arch:x86

6db57c753e012aa37f60bb65be68632f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SyncController.pdb

Imports

msvcrt

wcschr
memmove
__CxxFrameHandler3
_wcsnicmp
_wcsicmp
_ftol2
ceil
memcmp
_vsnwprintf
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
malloc
wcscpy_s
free
memset
_purecall
memcpy_s
memcpy

ntdll

RtlNtStatusToDosError
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlReportException
RtlCaptureContext
RtlGetDeviceFamilyInfoEnum

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
GetProcAddress
LockResource
GetModuleHandleExW
FindResourceExW
LoadResource
GetModuleFileNameA
LoadLibraryExW
FreeLibrary

api-ms-win-core-synch-l1-2-0

DeleteCriticalSection
CreateMutexExW
EnterCriticalSection
LeaveCriticalSection
InitOnceComplete
InitOnceBeginInitialize
ReleaseSRWLockShared
WaitForSingleObject
InitializeCriticalSection
ReleaseSRWLockExclusive
InitializeSRWLock
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeCriticalSectionEx
ReleaseMutex
CreateEventW
CreateSemaphoreExW
SetEvent
Sleep
ReleaseSemaphore
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-2

GetCurrentThread
SetThreadPriority
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetThreadPriority

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-debug-l1-1-1

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

oleaut32

VariantTimeToSystemTime
VariantChangeType
SystemTimeToVariantTime
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SysFreeString
VariantInit
SafeArrayUnlock
SafeArrayLock
SafeArrayCreate
SysAllocString
SafeArrayDestroy
BSTR_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
SysAllocStringLen
SysStringLen
SafeArrayGetDim
VariantClear

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventWrite

api-ms-win-core-com-l1-1-1

CoTaskMemFree
StringFromCLSID
CoCreateGuid
CoFreeUnusedLibrariesEx
StringFromGUID2
CLSIDFromString
CoUninitialize
CoInitializeEx
CoCreateInstance

api-ms-win-core-sysinfo-l1-2-1

GetSystemTime
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-registry-l1-1-0

RegFlushKey
RegGetValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegDeleteTreeW
RegEnumValueW
RegOpenKeyExW

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

rpcrt4

RpcServerInterfaceGroupClose
NdrServerCall2
RpcServerRegisterIf3
RpcServerUnregisterIf
RpcEpRegisterW
RpcServerUseProtseqW
RpcServerInqDefaultPrincNameW
RpcStringFreeW
RpcServerRegisterAuthInfoW
RpcServerInqBindings
RpcBindingVectorFree
RpcEpUnregister
RpcServerUnregisterIfEx
I_RpcBindingInqLocalClientPID

api-ms-win-core-file-l1-2-1

CompareFileTime

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

pimstore

?Submit@AccountProviderHostJobBase@@QAEJPAK@Z
GetAppointmentUniqueId
GetAppointmentFromUniqueId
GetPartnerGUID
POutlookAppManager_CreateInstance
?SubmitSynchronously@AccountProviderHostJobBase@@QAEJPAXKPAT_SNJobOutParams@@@Z

syncutil

ord36
GetGoldenPartnershipId
ord288
ord290
UpdateYahooAccountType
ord27
ord10
ord26
ord475
WaitForSignalOrShutdown
ord511
IsFirstSyncEver
ord44
ord742
InitializeCredVault
ord506
ord504
TryGetDefaultSignInAccountInfo
RegisterSsoAccountsCallback
IsAutoConfigurationAllowed
ord30
IsScreenOn
IsACOn
ord291
CredVaultRead
ord23
ord24
GetDefaultMsaWebAccountId
ord720
ord87
ord721
ord722
CredVaultWrite
ord31
SetMonitorDisplayState
ord37
ord21
ord109
WritePasswordForPartnership
DeletePwd
IsPwdSaved
CreateDataStoreLock
ord61
ord111
ord257
ord9
ord39
ord363
ord307
ord241
ord271
ord270
ord705
HasNeverSyncedSuccessfully
CloseDataStoreLock
WriteOAuthRefreshTokenForPartnership
DeleteOAuthRefreshTokenForPartnership
GetAuthCertHash
SetAuthCertHash
DeleteAuthCertHash
ord29
AcquireDataStoreLock
ord255
ord275
ord274
ord700
ord14
ord733
ord49
ord283
ord277
ord281
ord38
ord48
ord52
ord56
ord441
ReleaseDataStoreLock
ord242
ord50
ord13
GetWebAccountId
GetWebAccountProviderFromProviderId
VerifyDataStoreLockOwner
WaitForServerReady
ord51
ord451
ord272
LoadHeartbeatValues
GetGalSearchResultsFolderAndPartnerGuidEx
ord299

aphostclient

CreateAPHostClient

accountaccessor

UpdateWebDavAccountProperties
CreateSsoPartnership
FindMatchingPartnership
LoadGoldenPartnershipAccessor
UpdateGoogleAccountConversationFlags

dsclient

DSOpenSharedFile

mccspal

ord27
ord9
ord13
ord15
ord10
ord11
ord14
ord12

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-power-base-l1-1-0

PowerUnregisterSuspendResumeNotification
PowerRegisterSuspendResumeNotification

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

userdatalanguageutil

InitializeLanguageUtil
UninitializeLanguageUtil

Exports

Exports

AccountsMgmtAdviseAccount
AccountsMgmtConvertWebAccountIdFromAppSpecificId
AccountsMgmtConvertWebAccountIdToAppSpecificId
AccountsMgmtCreateAccount
AccountsMgmtDeleteAccount
AccountsMgmtDiscoverExchangeServerConfig
AccountsMgmtEnumAccounts
AccountsMgmtGetNotifications
AccountsMgmtMayIgnoreInvalidServerCertificate
AccountsMgmtQueryAccountProperties
AccountsMgmtSaveAccountProperties
AccountsMgmtSyncAccount
AccountsMgmtSyncAccountAndWaitForCompletion
AccountsMgmtUnadviseAccount
AccountsMgmtVerifyExchangeMailBoxTokenAuth
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6db57c753e012aa37f60bb65be68632f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

rpcrt4

api-ms-win-core-file-l1-2-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-heap-l2-1-0

pimstore

syncutil

aphostclient

accountaccessor

dsclient

mccspal

api-ms-win-core-threadpool-l1-2-0

api-ms-win-power-setting-l1-1-0

api-ms-win-power-base-l1-1-0

api-ms-win-core-delayload-l1-1-1

userdatalanguageutil

Exports

Exports

Sections

.text Size: 435KB - Virtual size: 435KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 9KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 312B

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 435KB - Virtual size: 435KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 9KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 312B

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 26KB - Virtual size: 25KB