SensApi[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SensApi.dll
Size

1.9MB
MD5

3fec80467dab1428254da9acb1e8677f
SHA1

6ca6f0716527695e61c553e32806b4afb90bab8f
SHA256

bc5e565f3fbcc829ca85edff4e11e3117be80049846d1a286dbddef05c33ac77
SHA512

6f98656cd34ea9f9a5a086f0b5693f07754b11aba7a345b3778b52659b470849f38b6c82410f7984ed7cc2ee1c99c704b5e4d631981db38afb3a4cc41a57c111
SSDEEP

49152:pLbVkg26M9R/2LU5WNDPbu3Ug9gqjEea4wFYAQpa2F2:pPB1M9R/2LU54DPbuvdta4rp72

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SensApi.dll

Files

SensApi.dll
.dll windows:5 windows x86 arch:x86

b399e51a947e793f861568c6ba605bfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\trunk\trunk_1\CSP\out\win32\release\cprevchk.pdb

Imports

msi

ord8
ord70
ord141
ord96

advapi32

RegOpenKeyExW
SetThreadToken
RevertToSelf
OpenThreadToken
CryptVerifySignatureW
CryptGetHashParam
CryptContextAddRef
CryptReleaseContext
RegQueryValueExW
CryptAcquireContextA
CryptCreateHash
RegEnumValueW
CryptDestroyKey
CryptDestroyHash
RegCloseKey
CryptHashData
CryptAcquireContextW
RegQueryInfoKeyW
CryptGetProvParam
CryptGenRandom
CryptEnumProviderTypesA
CryptEnumProvidersA
CryptVerifySignatureA

crypt32

CertFindCRLInStore
CertFreeCRLContext
CertFindCertificateInStore
CertFreeCertificateContext
CertOpenStore
CertAddCertificateContextToStore
CertCreateCRLContext
CertFindCertificateInCRL
CryptFindOIDInfo
CertCompareCertificateName
CertGetIssuerCertificateFromStore
CryptVerifyCertificateSignatureEx
CertFreeCertificateChain
CertFindExtension
CertGetIntendedKeyUsage
CryptUnregisterDefaultOIDFunction
CertCloseStore
CertGetCertificateChain
CertGetCertificateContextProperty
CryptGetDefaultOIDDllList
CertDuplicateStore
CryptInitOIDFunctionSet
CryptEncodeObjectEx
CertDuplicateCertificateContext
CertVerifyTimeValidity
CertAddStoreToCollection
CryptRegisterDefaultOIDFunction
CertEnumCertificatesInStore
CertVerifyCertificateChainPolicy
CertCreateCertificateContext
CertEnumCertificateContextProperties
CertSetCertificateContextProperty
CertVerifyRevocation
CertOIDToAlgId
CryptEncodeObject
CryptImportPublicKeyInfo
CryptDecodeObject
CryptVerifyCertificateSignature
CertAddEncodedCertificateToStore
CertAddEncodedCRLToStore
CryptEnumOIDInfo
CertAlgIdToOID
CryptImportPublicKeyInfoEx

msvcrt

_isatty
_write
_lseeki64
_fileno
_read
__pioinfo
__badioinfo
wcstombs
iswctype
ferror
wctomb
_itoa
_snprintf
_iob
isleadbyte
__mb_cur_max
mbtowc
isdigit
_amsg_exit
_initterm
_XcptFilter
__uncaught_exception
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
memmove
memcpy
memset
_resetstkoflw
ungetwc
fputwc
fgetwc
__CxxFrameHandler
wcsstr
calloc
strchr
strtoul
tolower
strcspn
localeconv
memchr
_strtoi64
_strtoui64
isxdigit
fclose
fseek
toupper
fwrite
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
setvbuf
fsetpos
fgetc
fflush
fgetpos
ungetc
isspace
fputc
_CxxThrowException
setlocale
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
___lc_handle_func
islower
___mb_cur_max_func
__crtLCMapStringW
__crtGetStringTypeW
__iob_func
abort
isalnum
sprintf
gmtime
sscanf
mktime
localtime
wcschr
_snwprintf
time
getenv
strncpy
_mbscmp
_time64
_localtime64
realloc
wcscspn
wcsspn
iswalnum
strrchr
wcsftime
_mbsstr
_msize
malloc
free
_wtoi
??8type_info@@QBEHABV0@@Z
_gmtime64
_vscwprintf
_mktime64
_wcsicmp
_purecall
strncmp
??_U@YAPAXI@Z
??_V@YAXPAX@Z
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
??2@YAPAXI@Z
??3@YAXPAX@Z
_errno
strtol

winhttp

WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpReadData
WinHttpQueryAuthSchemes
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpConnect
WinHttpOpen
WinHttpSetCredentials
WinHttpCloseHandle

kernel32

HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetSystemTime
FormatMessageA
FormatMessageW
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
GetModuleFileNameA
lstrcmpW
WriteFile
GetLocalTime
SetFilePointer
OpenEventA
SetEvent
GetPrivateProfileStringW
GetCurrentThread
LockResource
GetModuleHandleA
FindNextFileW
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
FileTimeToLocalFileTime
lstrlenA
SystemTimeToFileTime
GetModuleHandleW
GetSystemTimeAsFileTime
lstrlenW
OutputDebugStringW
LoadLibraryA
FindClose
EnterCriticalSection
GetProcAddress
VerifyVersionInfoW
MultiByteToWideChar
CreateFileW
ReadFile
FileTimeToSystemTime
LeaveCriticalSection
SizeofResource
WideCharToMultiByte
TlsSetValue
InitializeCriticalSection
VerSetConditionMask
LoadResource
FreeLibrary
FindResourceW
InterlockedDecrement
InterlockedIncrement
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
VirtualAlloc
HeapFree
RaiseException
GetCurrentProcess
GlobalFree
GetVersion
OutputDebugStringA
GetModuleFileNameW
GetFileAttributesW
FindResourceExW
TlsGetValue
FindFirstFileW
GetFileSize
GetEnvironmentVariableW
GetLastError
LocalFree
LocalAlloc
SetLastError
TlsFree
TlsAlloc
GetProcessHeap
HeapAlloc

user32

UnregisterClassA

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
VarBstrFromDate
VariantClear

shlwapi

PathAppendW
PathFindFileNameW

shell32

SHGetFolderPathW
ord165

Exports

Exports

IsNetworkAlive
IsNetworkAlive
IsNetworkAlive
IsNetworkAlive
DllInstall
IsNetworkAlive
IsNetworkAlive
IsNetworkAlive
IsNetworkAlive
IsNetworkAlive

Sections

.text
Size: 923KB - Virtual size: 924KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 925KB - Virtual size: 925KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b399e51a947e793f861568c6ba605bfd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

advapi32

crypt32

msvcrt

winhttp

kernel32

user32

ole32

oleaut32

shlwapi

shell32

Exports

Exports

Sections

.text Size: 923KB - Virtual size: 924KB

.rdata Size: 133KB - Virtual size: 136KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 925KB - Virtual size: 925KB

.text
Size: 923KB - Virtual size: 924KB

.rdata
Size: 133KB - Virtual size: 136KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 925KB - Virtual size: 925KB