efslsaext[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

efslsaext.dll
Size

54KB
MD5

bc5b86fae08e531b313f12a3b787f40d
SHA1

0db21c0edaf4ebb52164c8912957cf7d24c4e707
SHA256

2eb7e95e26e30ff99fb49fb11fa7af6781ce30b9d4f46b88d7d715f05e3e0837
SHA512

b12cd77d6accc41bbe0aa534901cbccdd278acdb1bdcd58750316be6d63b37406a02e2836a42b87f57f3e712439e0c5d808b8ba4446ca6df1bf3c4449420cd50
SSDEEP

768:c32TIwsM2kuXIisM2kJQQlLHPrwW+2T94lwHd0np/zSpbwEj59K5LtPqsTLF:xkFgQyW+C430bwG9iLx3H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efslsaext.dll

Files

efslsaext.dll
.dll windows:6 windows x64 arch:x64

853f2545321b1e9eca7aea47d252789d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

efslsaext.pdb

Imports

msvcrt

memcpy
__C_specific_handler
_initterm
malloc
free
_amsg_exit
memcmp
_wcsnicmp
_wcsicmp
_XcptFilter
memset

ntdll

NtWriteFile
NtReadFile
NtFsControlFile
RtlNtStatusToDosError
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
NtQueryVolumeInformationFile
NtClose
NtQueryInformationFile
NtCreateFile
RtlFreeHeap
RtlAllocateHeap
RtlLengthSid
RtlValidSid
EtwEventWrite
EtwEventEnabled
EtwEventUnregister
EtwEventRegister
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-2

SetThreadToken
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
OpenThreadToken
GetCurrentProcess

rpcrt4

RpcServerRegisterIfEx
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoW
NdrClientCall3
I_RpcBindingIsClientLocal
RpcRevertToSelf
RpcStringFreeW
RpcBindingToStringBindingW
RpcImpersonateClient
RpcStringBindingParseW
RpcRaiseException
NdrServerCallAll
NdrServerCall2
I_RpcExceptionFilter
RpcBindingInqAuthClientW
RpcBindingFree

kernel32

CompareStringW
GetComputerNameW
GetDriveTypeW
GetVolumePathNameW
DeleteFileW
RemoveDirectoryW
SleepEx
GetCurrentThread
ResolveDelayLoadedAPI
GetComputerNameExW
LocalAlloc
LocalFree
VirtualFree
VirtualAlloc
GetLastError
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetFileAttributesW
CreateFileW
DelayLoadFailureHook

api-ms-win-security-base-l1-2-0

RevertToSelf
AdjustTokenPrivileges

Exports

Exports

InitializeLsaExtension

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

853f2545321b1e9eca7aea47d252789d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-processthreads-l1-1-2

rpcrt4

kernel32

api-ms-win-security-base-l1-2-0

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 44KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 120B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 988B

.text
Size: 44KB - Virtual size: 44KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 120B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 988B