ActionsShim[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

ActionsShim.dll
Size

2.3MB
MD5

7abbf9f2106c2dd1e69110c6c6b8dbc6
SHA1

05cf0a54c0e62d170b6ff9bb0108b70164a0e681
SHA256

44f5ebb4facaba45274f08437a1f980bbbdb209cbd016ead76e4ec1afaca4dc2
SHA512

b577338b86d082f4f87e58342c54d5c2c80e17aa9bc983e558904aaaf8a23a6c780c5627e935c39bcabe63e3776310529f3066b06776a0f7869eff721a8bd3fd
SSDEEP

49152:tR3rKKPT0xXxBg7KNvBtFXTM6utS1vdPUGu5hOAxNMQwR:fLeFDMb8F2Gu/fzwR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ActionsShim.dll

Files

ActionsShim.dll
.dll windows:6 windows x64 arch:x64

7654de49588e8164879719d356bd8735

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\JENKINS\workspace\N_CleanActions\bin\x64\Release\ActionsShim.pdb

Imports

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertFreeCertificateContext
CertOpenStore
CertCloseStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore

kernel32

GetFileAttributesW
SetLastError
GetCurrentThreadId
SetEndOfFile
GetStdHandle
FindNextFileW
FindClose
GetModuleHandleA
GetCurrentDirectoryW
SetEvent
ResetEvent
ReleaseMutex
CreateMutexW
CreateEventW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetStartupInfoW
GetSystemTimeAsFileTime
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentVariableW
SetEnvironmentVariableW
GetFileType
DeleteFiber
QueryPerformanceCounter
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
WriteConsoleW
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetLocalTime
GetTickCount
GetFileSize
HeapAlloc
GetProcessHeap
WaitForSingleObject
QueryDosDeviceW
GetLogicalDriveStringsW
FindFirstFileW
HeapFree
GetFileInformationByHandle
WriteFile
ReadFile
GetFileSizeEx
FlushFileBuffers
CreateFileW
GetWindowsDirectoryW
GetCurrentProcess
GetModuleFileNameW
FileTimeToSystemTime
MultiByteToWideChar
WideCharToMultiByte
LocalFree
FormatMessageW
DeleteCriticalSection
DecodePointer
InitializeCriticalSectionEx
VirtualQueryEx
GetModuleHandleW
Module32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcessId
GetLastError
CloseHandle
GetProcAddress
FreeLibrary
LoadLibraryW
GetACP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
HeapReAlloc
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFilePointerEx
GetConsoleOutputCP
PeekNamedPipe
GetDriveTypeW
SetConsoleCtrlHandler
ExitProcess
GetModuleHandleExW
EnterCriticalSection
LoadLibraryExW
RtlPcToFileHeader
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
RaiseException
OutputDebugStringW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetCPInfo
LCMapStringEx
EncodePointer
GetStringTypeW
Sleep
SwitchToThread
LeaveCriticalSection

user32

GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptDestroyHash
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource

oleaut32

VariantClear

psapi

GetProcessImageFileNameW

bcrypt

BCryptImportKeyPair
BCryptHashData
BCryptDestroyHash
BCryptGenRandom
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptVerifySignature
BCryptGetProperty
BCryptDestroyKey

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

recv
WSAGetLastError
WSAStartup
WSACleanup
send
closesocket
WSASetLastError

Exports

Exports

ActionsShim_CancelAllOperations
ActionsShim_Create
ActionsShim_Destroy
ActionsShim_FinishUpdate
ActionsShim_GetDetectedThreats
ActionsShim_GetDetectedThreatsV2
ActionsShim_GetMajorAPIVersion
ActionsShim_GetMinorAPIVersion
ActionsShim_InitTargetDLL
ActionsShim_IsDLLNewlyLoaded
ActionsShim_PrepareUpdate
ActionsShim_ProcessPendingActionsAfterReboot
ActionsShim_ProcessThreatActions
ActionsShim_ProcessThreatActionsV2
ActionsShim_SetLogCallback
ActionsShim_SetMaxLogLevel
ActionsShim_ShutdownTargetDLL
ActionsShim_Threat_Delete
ActionsShim_Threat_GetBasicData
ActionsShim_Threat_GetRegValueDeleteData
ActionsShim_Threat_GetRegValueReplaceData
ActionsShim_Threat_GetTxtReplaceData

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 741KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7654de49588e8164879719d356bd8735

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

kernel32

user32

advapi32

oleaut32

psapi

bcrypt

version

ws2_32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 741KB - Virtual size: 740KB

.data Size: 19KB - Virtual size: 39KB

.pdata Size: 66KB - Virtual size: 65KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 247KB - Virtual size: 247KB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 741KB - Virtual size: 740KB

.data
Size: 19KB - Virtual size: 39KB

.pdata
Size: 66KB - Virtual size: 65KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 247KB - Virtual size: 247KB

.reloc
Size: 23KB - Virtual size: 22KB