ActiveSyncProvider[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

ActiveSyncProvider.dll
Size

1.6MB
MD5

c13cc0ddfd39f697300a39be18eb14ab
SHA1

594acae099767ebed43c9d804c0a7f9f7c38e2b8
SHA256

a91b0115b661177578634b21a9822f0697d133d5affd7c856344010da2e81ef9
SHA512

f62c794ca8c0b35c68c5915c73eb717ff4c5a9e2785c00910ea03a44cbe0a2abf98f5d5cf3072de238db79d87975971519a3814766d5593f37ebf3b5ebbe0959
SSDEEP

24576:nEjgbqTiUgsPDJCR0qGdHwAxQcbRqHuptKoDgkjbKWoVQ1cktsVJnlnO5eHW:EjszqgSRqHuL3bKeCjjHW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ActiveSyncProvider.dll

Files

ActiveSyncProvider.dll
.dll windows:10 windows x86 arch:x86

a3ada8a602c9aa712bbbd4da35a49e3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ActiveSyncProvider.pdb

Imports

msvcrt

strnlen
_vsnprintf
wcstol
_wcstoi64
_wcstoui64
wcstod
_i64tow_s
iswspace
iswcntrl
_wcsdup
memmove_s
__CxxFrameHandler3
strchr
swscanf
_wcsnicmp
_vswprintf_p_l
_vscwprintf_p_l
_vsprintf_p_l
memmove
_wtol
_vscprintf_p_l
wcsnlen
memcmp
iswdigit
free
wcstok_s
_vsnprintf_s
wcspbrk
wcsstr
_vsnwprintf_s
malloc
??0exception@@QAE@XZ
_ftol2
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_callnewh
wcschr
_snwprintf_s
wcsncmp
_ltow_s
_itow_s
_CxxThrowException
_XcptFilter
_amsg_exit
towupper
wcsrchr
memset
_purecall
memcpy_s
_initterm
swscanf_s
_lock
_unlock
__dllonexit
_wcsicmp
_onexit
_errno
realloc
??1type_info@@UAE@XZ
_vsnwprintf
_except_handler4_common
_ultow_s
wcstoul
_wtoi
_vscwprintf
memchr
memcpy

ntdll

RtlGetDeviceFamilyInfoEnum
NtQueryInformationToken
RtlReportException
RtlCaptureContext

syncutil

ord44
ord451
ord275
ord410
AcquireDataStoreLockEx
ReleaseDataStoreLock
ord34
ord268
ord35
ord48
ord52
ord51
IsFirstSyncEver
ord21
ord453
DeviceNeedsProvisioning
ord89
AcquireDataStoreLock
ord470
ord28
ord26
ord118
ord121
ord120
CreateAuthHandler
ord442
GetAuthCertTargetAndUser
CredVaultDelete
CredVaultWrite
CredVaultRead
ord702
IsMatchingClientCertificateEx
ord94
ord31
ord22
ord274
ord273
ord701
ord66
ord67
ord256
ord17
ord18
CoCreateInstanceElevated
GetAADToken
ord502
ord500
ord503
ord501
ord505
ord109
ord30
ord269
GetGoldenPartnershipId
ord23
ord461
ord464
GetDefaultStoreDirty
SetDefaultStoreDirty
GetMsaCustomerId
InitializeMeContact
ord462
ord463
HasNeverSyncedSuccessfully
ord242
ord33
ord296
ord744
ord743
ord745
ReadPasswordForPartnership
ord747
ord746
ord452
ord440
InitializeMsaStore
VerifyDataStoreLockOwner
ord9
DeleteHttpTransport
ord10
ord86
ord88
ord56
ord739
ord15
ord93
ord29
ord103
ord411
ord105
ord413
ord412
ord79
ord77
ord69
ord68
ord82
ord257
ord287
ord81
ord471
ord27
ord87
ord285
ord53
ord106
SyncSqmUpdateStats
InitializeSyncStatus
ord111

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadLibraryExW
FreeLibraryAndExitThread
GetModuleHandleW
FreeLibrary
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
GetModuleFileNameW

api-ms-win-core-synch-l1-2-0

ReleaseSemaphore
ReleaseSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitOnceComplete
CreateEventW
Sleep
CreateMutexExW
DeleteCriticalSection
CreateSemaphoreExW
InitOnceBeginInitialize
AcquireSRWLockShared
ReleaseSRWLockShared
OpenSemaphoreW
SetEvent
CreateEventExW
ResetEvent
InitializeSRWLock
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-2-0

HeapDestroy
HeapCompact
HeapCreate
HeapValidate
HeapSize
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-1

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-com-l1-1-1

CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize
IIDFromString
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateGuid
CoGetMalloc
CoGetApartmentType
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoWaitForMultipleObjects

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventActivityIdControl
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
OpenThreadToken
CreateThread
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
OpenProcessToken

api-ms-win-core-localization-l1-2-1

FormatMessageW
GetLocaleInfoW
GetSystemDefaultLCID

api-ms-win-core-debug-l1-1-1

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VariantTimeToSystemTime
VarBstrCat
SysAllocStringByteLen
SafeArrayGetElement
SystemTimeToVariantTime
SafeArrayLock
SafeArrayUnlock
SafeArrayCreateVector
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SysStringByteLen
SafeArrayDestroy
VariantChangeType
VariantCopyInd
SysAllocString
SafeArrayPutElement
SysAllocStringLen
SysStringLen
SafeArrayRedim
SafeArrayCreate
VariantInit
VariantCopy
VariantClear
SysFreeString

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-sysinfo-l1-2-1

GetSystemTime
GetSystemTimeAsFileTime
GetTickCount64
GetVersionExW
GetLocalTime
GetTickCount

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegCloseKey
RegGetValueW
RegQueryValueExW
RegDeleteTreeW

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryW

api-ms-win-core-memory-l1-1-2

VirtualAlloc
VirtualFree

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalFree

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-file-l1-2-1

CompareFileTime
FileTimeToLocalFileTime

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-winrt-error-l1-1-1

RoTransformError
RoOriginateError

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsCreateString
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

cemapi

MAPIUninitialize
GetMAPIStorePropTags
IsMessageClassReadRequest
SetConversationId
MAPIInitialize
MAPIFreeBuffer
FreeProws
HrGetOneProp
HrSetOneProp
GetMsgClassEnum
GetNamedPropTag
MAPIAllocateBuffer
USOIDfromCEENTRYID
MAPILogonEx

userdatalanguageutil

GetWideSzAlloc
ConvertToWideStream
UninitializeLanguageUtil
InitializeLanguageUtil
GetMultiLanguage2
IsLocalePseudoLoc
GetNarrowSzCodepage

userdatatimeutil

FileTimeToVariantTime
ConvertVariantTimeToFileTime
ConvertLocalVariantTimeToFileTime
LocalFileTimeToFileTimeEx
DaysBetweenFT
FileTimeToTzSpecificVariantTime
FileTimeToLocalFileTimeEx
MinutesBetweenFT
ConvertFileTimeToLocalVariantTime
GetCurrentLocalTime
FileTimeAdjustUTCToTz
AdjustForAllDayAppts
AdjustGMTForAllDayAppts

userdatatypehelperutil

BytesToDigits
TrimWhiteSpaces
EcUidToGlobalObjId
SplitString
StringToBytes
ReadStreamContent
CompressWhitespaceNW
EcGlobalObjIdToUid
GetStreamSize

networkhelper

CHttpTransport_CreateInstance
SyncWerReportGenerator
ReportSyncProgress
GetOrCreateNullPowerDependencyCoordinatorManager
SyncPdcReference_WatchdogsEnabled

pimstore

GetAppointmentUniqueId
GetBlankName
CreateOutlookApp

mccspal

ord30
ord23
ord32
ord31

api-ms-win-security-base-l1-2-0

CheckTokenMembership
CreateWellKnownSid
GetTokenInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

api-ms-win-core-datetime-l1-1-1

GetTimeFormatW
GetDateFormatW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathMatchSpecW

policymanager

PolicyManager_GetPolicyInt

Exports

Exports

CreateMassObject
CreateSyncServiceLayer
DllCanUnloadNow
DllGetClassObject
DownloadEmailAttachment
DownloadEmailBody
GetActiveSyncServerProbeInstance
GetConversationSyncEnabled
GetOutlookExtensionSupportForAccount
GetOutlookExtensionSupportFromAccessor
GetUserInfoForUnconfiguredAccount
HandleEasMeetingResponseForAppointment
HandleEasMeetingResponseForMeetingNotification
InitializeSyncStatus
IsErrorCatastrophic
IsValidOutlookExtensionVersion
MarkPeopleFolderForResync
OneStopFactory
SyncGetMAPISession
SyncGetMessageStore
SyncGetSpecialFolder
SyncMgrPurgeFolderProvider
SyncMgrPurgeProviderStore
SyncMgrRemovePolicy
SyncSqmUpdateStats
UpdateEasTrackingSchema
WriteStoreCapabilityProps
WriteStoreContentTypesProps

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3ada8a602c9aa712bbbd4da35a49e3f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

syncutil

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-string-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-memory-l1-1-2

api-ms-win-core-heap-l2-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

cemapi

userdatalanguageutil

userdatatimeutil

userdatatypehelperutil

networkhelper

pimstore

mccspal

api-ms-win-security-base-l1-2-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-shlwapi-legacy-l1-1-0

policymanager

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.data Size: 2KB - Virtual size: 5KB

.idata Size: 11KB - Virtual size: 10KB

.didat Size: 512B - Virtual size: 232B

.rsrc Size: 37KB - Virtual size: 37KB

.reloc Size: 79KB - Virtual size: 78KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 2KB - Virtual size: 5KB

.idata
Size: 11KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 232B

.rsrc
Size: 37KB - Virtual size: 37KB

.reloc
Size: 79KB - Virtual size: 78KB