AuditNativeSnapIn[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AuditNativeSnapIn.dll
Size

148KB
MD5

f1498450c875a71aad9d8892aed81ebb
SHA1

140aadd6495b24de1aab5b9e90587c688bf68b3a
SHA256

1e9eb284ae2720e309afec2efcf09b4f8114163bae50b198055860fceba806ab
SHA512

38f23ae017c23828bfeb1b2018de655807d3241988cdca458c931da4dbeb23d60f22f9846f6c9cb005e5374b5f8ca69584fb43dd7fb70f3fe372aa817a115bf6
SSDEEP

3072:W477z5Ane0TjSH6Iud+n9d7PxB3m10RgFz/4vB1Tn1H:WO7l10TjSH6Iud/LATn1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AuditNativeSnapIn.dll

Files

AuditNativeSnapIn.dll
.dll windows:10 windows x64 arch:x64

29b0caeb33609e0d658cece2b910c6c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AuditNativeSnapIn.pdb

Imports

msvcrt

_initterm
_purecall
_amsg_exit
_XcptFilter
_callnewh
malloc
free
__C_specific_handler
memset

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree
StringFromCLSID

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FreeResource

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

kernel32

lstrlenW

user32

LoadImageW
LoadIconW
RegisterClipboardFormatW
LoadBitmapW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29b0caeb33609e0d658cece2b910c6c9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-com-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

kernel32

user32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 4KB - Virtual size: 912B

.rsrc Size: 108KB - Virtual size: 106KB

.reloc Size: 4KB - Virtual size: 220B

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 912B

.rsrc
Size: 108KB - Virtual size: 106KB

.reloc
Size: 4KB - Virtual size: 220B