Microsoft[.]DiaSymReader[.]Native[.]amd64[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Microsoft.DiaSymReader.Native.amd64.dll
Size

1.2MB
MD5

65800398273f3ded3c264a6388a61381
SHA1

8f3331d93a45beb42dd51a2e8de7a989413eb4ce
SHA256

10ed235221e1962df83a5895e7ae1e157f12dada11e679e3632961e9fb5c46d9
SHA512

66b600ad66e8211aeaa9bcebc8855dcdac2dc9c63fce92cde3a08dfb00261d28d37d1e9cbbb9ae911972b64a1739d6d187597aa630a80045d7e22a8c7fda90f0
SSDEEP

12288:LuAYbVRq+TkxhTkMF+F68iFGheOvif+2UDoChNMJ5Dk8ICenmpoSqHqqU:ahHHahhA68ogDD5NMJY1TU

Score

1^/10

Malware Config

Signatures

Files

Microsoft.DiaSymReader.Native.amd64.dll
.dll regsvr32 windows x64

78519774952c5c2918d2954efb6945f0

Code Sign

33:00:00:00:9c:ee:fe:14:55:a9:5d:35:50:00:00:00:00:00:9c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/03/2016, 19:21

Not After

30/06/2017, 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:5847-F761-4F70,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:20:e6:b6:51:c6:54:cc:dd:61:6f:08:69:ec:73:97:4c:d3:75:a7:bb:66:ce:50:62:e6:eb:fa:1f:ef:25:34
Signer

Actual PE Digest

7c:20:e6:b6:51:c6:54:cc:dd:61:6f:08:69:ec:73:97:4c:d3:75:a7:bb:66:ce:50:62:e6:eb:fa:1f:ef:25:34

Digest Algorithm

sha256

PE Digest Matches

true

d4:71:99:f6:34:d0:49:7f:1d:38:4c:80:56:15:6f:25:10:96:28:93
Signer

Actual PE Digest

d4:71:99:f6:34:d0:49:7f:1d:38:4c:80:56:15:6f:25:10:96:28:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
WaitForSingleObjectEx
ResetEvent
SetEvent
LoadLibraryExA
VirtualQuery
VirtualProtect
FlushViewOfFile
MapViewOfFileEx
SetFilePointer
GetFullPathNameW
ExpandEnvironmentStringsW
DeviceIoControl
WriteFile
SetFilePointerEx
SetEndOfFile
ReadFile
GetFileType
DeleteFileW
VirtualFree
VirtualAlloc
WideCharToMultiByte
SetFileAttributesW
GetFileAttributesW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CloseHandle
GetFileSize
CreateFileW
MultiByteToWideChar
GetSystemInfo
GetEnvironmentVariableW
LCMapStringW
FormatMessageW
LocalFree
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
InterlockedFlushSList
RtlUnwindEx
RaiseException
EncodePointer
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DisableThreadLibraryCalls
LocalAlloc
GetCurrentThreadId
Sleep
CreateEventW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetTickCount
InitializeCriticalSection

ole32

CoTaskMemFree
CoTaskMemAlloc

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_calloc_base
calloc
_free_base
free

api-ms-win-crt-utility-l1-1-0

bsearch
qsort

api-ms-win-crt-string-l1-1-0

wcscpy_s
strcpy_s
_wcsdup
wcscat_s
_wcsicmp
_wcsnicmp
wcsncmp
strcat_s
strncmp
strcmp
strncpy_s
towlower
wcsncat_s
_stricmp
_memicmp
wcsncpy_s

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
abort
_invalid_parameter_noinfo
_errno
_initterm
_initterm_e
terminate
_crt_atexit
_configure_narrow_argv
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_cexit

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnwprintf_s
_close
_wfsopen
fread
fseek
_write
__stdio_common_vfprintf
fclose
_wfopen_s
_get_osfhandle
__stdio_common_vsscanf
_open_osfhandle
__stdio_common_vswprintf
ftell
_read
_filelengthi64
_lseeki64
__stdio_common_vsnprintf_s
__stdio_common_vswprintf_s
_chsize_s
__stdio_common_vsprintf_s
_wsopen_s

api-ms-win-crt-convert-l1-1-0

atoi
_wtoi
wcstoul
atol

api-ms-win-crt-filesystem-l1-1-0

_wmakepath_s
_wsplitpath_s
_wfullpath

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-environment-l1-1-0

_wdupenv_s

api-ms-win-crt-multibyte-l1-1-0

_mbscmp

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

Exports

Exports

CreateNGenPdbWriter
CreateSymReader
CreateSymWriter
DllCanUnloadNow
DllGetClassObject
DllGetClassObjectInternal
DllRegisterServer
DllUnregisterServer
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 909KB - Virtual size: 908KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78519774952c5c2918d2954efb6945f0

Code Sign

33:00:00:00:9c:ee:fe:14:55:a9:5d:35:50:00:00:00:00:00:9cCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

7c:20:e6:b6:51:c6:54:cc:dd:61:6f:08:69:ec:73:97:4c:d3:75:a7:bb:66:ce:50:62:e6:eb:fa:1f:ef:25:34Signer

d4:71:99:f6:34:d0:49:7f:1d:38:4c:80:56:15:6f:25:10:96:28:93Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

advapi32

Exports

Exports

Sections

.text Size: 909KB - Virtual size: 908KB

.rdata Size: 213KB - Virtual size: 212KB

.data Size: 13KB - Virtual size: 18KB

.pdata Size: 63KB - Virtual size: 62KB

.gfids Size: 512B - Virtual size: 120B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 17KB

33:00:00:00:9c:ee:fe:14:55:a9:5d:35:50:00:00:00:00:00:9c
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

7c:20:e6:b6:51:c6:54:cc:dd:61:6f:08:69:ec:73:97:4c:d3:75:a7:bb:66:ce:50:62:e6:eb:fa:1f:ef:25:34
Signer

d4:71:99:f6:34:d0:49:7f:1d:38:4c:80:56:15:6f:25:10:96:28:93
Signer

.text
Size: 909KB - Virtual size: 908KB

.rdata
Size: 213KB - Virtual size: 212KB

.data
Size: 13KB - Virtual size: 18KB

.pdata
Size: 63KB - Virtual size: 62KB

.gfids
Size: 512B - Virtual size: 120B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 17KB