appinfo[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

appinfo.dll
Size

107KB
MD5

d43279294fd5c1fd70e301a57a35097e
SHA1

da9a18c558d1f39876916cbae386c0168b486f67
SHA256

e28265635ab506200a9fb56522f8fdf8aeda9763a4912bf5d5604b888d8148f8
SHA512

3840d804bbfd74b2354395e9260735dd5c7282a25a4d117573276aef988b165d1055fb9a57aacea4fa99cb3a9a97d5278fb1a70a65d83ddf70a1ece1f9f805ea
SSDEEP

3072:pqpV9Vd6CjHcVFWBPjyOpv8+kwhGTgv9vHVx:pSBqFWBPjy7+khid

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
appinfo.dll

Files

appinfo.dll
.dll windows:6 windows x64 arch:x64

130a0148c7c9e4adf80db1811a00d0a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

appinfo.pdb

Imports

msvcrt

_vsnprintf
wcspbrk
wcsspn
strchr
isdigit
_wcsupr_s
strpbrk
strspn
memcmp
memcpy
swprintf_s
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnwprintf
bsearch
_wcsnicmp
_wcsicmp
wcscat_s
wcsstr
wcsrchr
wcschr
wcscpy_s
memmove
memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlCreateServiceSid
NtSetSecurityObject
NtQuerySecurityObject
RtlInitUnicodeStringEx
RtlReleaseRelativeName
RtlPrefixUnicodeString
RtlFreeUnicodeString
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlQueryEnvironmentVariable
NtOpenProcess
NtQueryInformationToken
RtlSetEnvironmentVar
LdrOpenImageFileOptionsKey
RtlExpandEnvironmentStrings
LdrQueryImageFileKeyOption
RtlCreateEnvironmentEx
NtOpenThreadToken
RtlInitUnicodeString
RtlDestroyEnvironment
RtlReleaseSRWLockShared
RtlDeregisterWaitEx
NtDuplicateObject
RtlReleaseSRWLockExclusive
NtDuplicateToken
RtlRemovePrivileges
NtOpenProcessToken
RtlRegisterWait
RtlNtStatusToDosErrorNoTeb
NtReadVirtualMemory
RtlAcquireSRWLockExclusive
NtClose
RtlNtStatusToDosError
NtSetInformationToken
NtQueryInformationProcess
NtQuerySystemInformation
NtOpenKey
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
NtQueryValueKey
DbgPrintEx
RtlFormatCurrentUserKeyPath
RtlExpandEnvironmentStrings_U
RtlAnsiStringToUnicodeString
NtMapViewOfSection
RtlFreeHeap
RtlInitAnsiString
RtlGetVersion
NtQueryInformationFile
NtUnmapViewOfSection
NtCreateFile
RtlAllocateHeap
RtlGetNativeSystemInformation
RtlUnicodeStringToInteger
NtCreateSection
RtlDeregisterWait
RtlImageNtHeaderEx
RtlAcquireSRWLockShared
EtwEventWrite
RtlInitializeSRWLock
EtwGetTraceLoggerHandle
EtwUnregisterTraceGuids
EtwEventUnregister
EtwRegisterTraceGuidsW
EtwTraceMessage
EtwEventRegister
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegGetValueW

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
InitializeProcThreadAttributeList
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
ResumeThread
DeleteProcThreadAttributeList
GetCurrentProcess
UpdateProcThreadAttribute
CreateProcessAsUserW

api-ms-win-security-base-l1-2-0

SetTokenInformation
GetTokenInformation
GetSidSubAuthority
CheckTokenMembership
RevertToSelf
ImpersonateLoggedOnUser
InitializeSid
GetSidLengthRequired

api-ms-win-service-core-l1-1-1

SetServiceStatus
RegisterServiceCtrlHandlerExW

rpcrt4

RpcRevertToSelf
I_RpcBindingInqLocalClientPID
RpcImpersonateClient
RpcAsyncCompleteCall
RpcEpUnregister
RpcServerUnregisterIf
RpcBindingVectorFree
RpcServerUseProtseqW
RpcEpRegisterW
RpcServerInqBindings
RpcServerRegisterIfEx
NdrServerCallAll
Ndr64AsyncServerCallAll
NdrServerCall2
NdrAsyncServerCall

api-ms-win-core-appcompat-l1-1-1

BaseFreeAppCompatDataForProcess
BaseReadAppCompatDataForProcess

kernel32

CreateEventW
GetSystemWow64DirectoryW
GetSystemDirectoryW
CreateActCtxW
QueryActCtxSettingsW
UnmapViewOfFile
MapViewOfFile
GetEnvironmentVariableW
DuplicateHandle
CreateFileW
GetFileAttributesW
CheckElevationEnabled
CheckElevation
GetFullPathNameW
ReleaseMutex
ReadProcessMemory
CreateMutexW
LocalFree
CloseHandle
LocalAlloc
GetLastError
GetTickCount
SetEvent
ResolveDelayLoadedAPI
DelayLoadFailureHook
WaitForSingleObject
UnregisterWait
ReleaseActCtx
GetLongPathNameW
CreateFileMappingW
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
OutputDebugStringW
GetTempPathW

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

130a0148c7c9e4adf80db1811a00d0a1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-security-base-l1-2-0

api-ms-win-service-core-l1-1-1

rpcrt4

api-ms-win-core-appcompat-l1-1-1

kernel32

Exports

Exports

Sections

.text Size: 85KB - Virtual size: 84KB

.data Size: 4KB - Virtual size: 4KB

.pdata Size: 3KB - Virtual size: 3KB

.idata Size: 7KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 104B

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 788B

.text
Size: 85KB - Virtual size: 84KB

.data
Size: 4KB - Virtual size: 4KB

.pdata
Size: 3KB - Virtual size: 3KB

.idata
Size: 7KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 104B

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 788B