logoncli[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

logoncli.dll
Size

261KB
MD5

189d604d30604fcae6e33dc167680843
SHA1

1d3e0cff090367ea7f90618c02bdb76ee01880ed
SHA256

61523303fe415bc9dd7f4fc3563b044bfd0652745ce88be2bc8ed476e8b8bf48
SHA512

0cdf66ce17cc5dcb8c72a976a2125babf2ff623203972bdae039e778bb63a3f45ac8eb5da63cfd5d4508720b474a003a6a0fe95d09cdd95519b2a3c5ebd50a51
SSDEEP

3072:4HpAiCn3E8KnOvCIbguD4GpresfKle1G/qYmFBzhIzApwAflSLtYRE:4HpAiC0qvCegktTrFzwklSd

Score

1^/10

Malware Config

Signatures

Files

logoncli.dll
.dll windows:10 windows x64 arch:x64

5d0db85893a29647e8977f5ab3d29dff

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:3f:78:e8:0f:35:62:d0:5c:af:4e:ae:90:46:c2:e4:33:d3:4b:7f:97:9a:48:38:18:40:e0:f8:32:b4:80:ae
Signer

Actual PE Digest

36:3f:78:e8:0f:35:62:d0:5c:af:4e:ae:90:46:c2:e4:33:d3:4b:7f:97:9a:48:38:18:40:e0:f8:32:b4:80:ae

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

logoncli.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
_o__stricmp
_o__strnicmp
_o__cexit
memmove
_o__ultow_s
_o__wcsicmp
_o_qsort
_o_strcpy_s
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstoul
_o___std_type_info_destroy_list
wcsrchr
__C_specific_handler
memcmp
wcsstr
_o___stdio_common_vswprintf
wcschr
_o___stdio_common_vsprintf
memcpy

api-ms-win-crt-string-l1-1-0

memset

rpcrt4

RpcExceptionFilter
RpcEpResolveBinding
UuidCreate
UuidEqual
UuidToStringA
RpcStringFreeA
I_RpcBindingCreateNP
RpcStringBindingComposeW
RpcBindingFromStringBindingW
NdrClientCall3
RpcBindingFree
RpcBindingSetAuthInfoW
RpcStringFreeW
I_RpcExceptionFilter
UuidToStringW
I_RpcMapWin32Status
RpcBindingSetAuthInfoExW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegOpenKeyExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockExclusive
EnterCriticalSection
ReleaseSRWLockShared
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
ReadFile

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-kernel32-legacy-l1-1-0

CreateMailslotA
SetMailslotInfo

ntdll

RtlxUnicodeStringToOemSize
RtlUpcaseUnicodeStringToOemString
RtlOemStringToUnicodeString
RtlInitString
RtlInsertElementGenericTableAvl
RtlxUnicodeStringToAnsiSize
NtOpenEvent
RtlInitUnicodeString
RtlLookupElementGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlNtStatusToDosError
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlUnicodeStringToAnsiString
RtlCopySid
RtlSubAuthorityCountSid
RtlValidSid
RtlGetNtProductType
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlLengthSid
RtlEqualUnicodeString
NtWaitForSingleObject
EtwTraceMessage
NtQuerySystemTime
RtlUniform
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlInitUnicodeStringEx
RtlInitAnsiString
RtlCompareMemoryUlong
RtlCompareUnicodeString
RtlFreeHeap
RtlAllocateHeap
RtlEqualSid
RtlSubAuthoritySid
RtlLengthRequiredSid
NtCreateEvent
NtClose

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AuthzrExtAccessCheck
AuthzrExtFreeContext
AuthzrExtFreeResourceManager
AuthzrExtGetInformationFromContext
AuthzrExtInitializeCompoundContext
AuthzrExtInitializeContextFromSid
AuthzrExtInitializeRemoteResourceManager
AuthzrExtModifyClaims
DsAddressToSiteNamesA
DsAddressToSiteNamesExA
DsAddressToSiteNamesExW
DsAddressToSiteNamesW
DsDeregisterDnsHostRecordsA
DsDeregisterDnsHostRecordsW
DsEnumerateDomainTrustsA
DsEnumerateDomainTrustsW
DsGetDcCloseW
DsGetDcNameA
DsGetDcNameW
DsGetDcNameWithAccountA
DsGetDcNameWithAccountW
DsGetDcNextA
DsGetDcNextW
DsGetDcOpenA
DsGetDcOpenW
DsGetDcSiteCoverageA
DsGetDcSiteCoverageW
DsGetForestTrustInformationW
DsGetSiteNameA
DsGetSiteNameW
DsMergeForestTrustInformationW
DsValidateSubnetNameA
DsValidateSubnetNameW
I_DsUpdateReadOnlyServerDnsRecords
I_NetAccountDeltas
I_NetAccountSync
I_NetChainSetClientAttributes
I_NetChainSetClientAttributes2
I_NetDatabaseDeltas
I_NetDatabaseRedo
I_NetDatabaseSync
I_NetDatabaseSync2
I_NetExtendMachinePasswordExpirationTimeout
I_NetGetDCList
I_NetGetForestTrustInformation
I_NetLogonControl
I_NetLogonControl2
I_NetLogonGetCapabilities
I_NetLogonGetDomainInfo
I_NetLogonSamLogoff
I_NetLogonSamLogon
I_NetLogonSamLogonEx
I_NetLogonSamLogonWithFlags
I_NetLogonSendToSam
I_NetLogonUasLogoff
I_NetLogonUasLogon
I_NetQuerySecureChannelDCInfo
I_NetServerAuthenticate
I_NetServerAuthenticate2
I_NetServerAuthenticate3
I_NetServerGetTrustInfo
I_NetServerPasswordGet
I_NetServerPasswordSet
I_NetServerPasswordSet2
I_NetServerReqChallenge
I_NetServerTrustPasswordsGet
I_NetlogonComputeClientDigest
I_NetlogonComputeClientSignature
I_NetlogonComputeServerDigest
I_NetlogonComputeServerSignature
I_NetlogonGetTrustRid
I_RpcExtInitializeExtensionPoint
NetAddServiceAccount
NetEnumerateServiceAccounts
NetEnumerateTrustedDomains
NetGetAnyDCName
NetGetDCName
NetIsServiceAccount
NetLogonGetTimeServiceParentDomain
NetLogonSetServiceBits
NetQueryServiceAccount
NetRemoveServiceAccount
NlBindingAddServerToCache
NlBindingRemoveServerFromCache
NlBindingSetAuthInfo
NlSetDsIsCloningPDC

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d0db85893a29647e8977f5ab3d29dff

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

36:3f:78:e8:0f:35:62:d0:5c:af:4e:ae:90:46:c2:e4:33:d3:4b:7f:97:9a:48:38:18:40:e0:f8:32:b4:80:aeSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

rpcrt4

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 127KB - Virtual size: 127KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 6KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 456B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

36:3f:78:e8:0f:35:62:d0:5c:af:4e:ae:90:46:c2:e4:33:d3:4b:7f:97:9a:48:38:18:40:e0:f8:32:b4:80:ae
Signer

.text
Size: 127KB - Virtual size: 127KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 6KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 456B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB