MSIMG32[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MSIMG32.dll
Size

213KB
MD5

443b4697460061354c0cea02a56a922c
SHA1

fc0b32c4dba1750141078856765bb5cbc84773bd
SHA256

bafccef6845e6325d31b234d04de9cc0e6c29303b99bd7cd2c670e5bb07c52a8
SHA512

f0d55a523d18f84a0098b6dfe6349ee9c221472df319cfc0d79f3eb03d5bdd1fc6fdf5f062f1be4cad4d5b444449ac36e275f65a5059ea0300942442261f59a9
SSDEEP

3072:hq+MnxsZufC6Ic7K83QQY4/IjOsr4J9n0643h7yJHR0pzhxS1xqE/YQf8Pz3m:exsZuOcmWQZ0SOsr4J9HZRMM1xqsYQf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MSIMG32.dll

Files

MSIMG32.dll
.dll windows x86

3faad9d418d0b1cdb74ed30aa880a774

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
HeapFree
GetProcessHeap
FreeLibrary
HeapAlloc
VirtualAlloc
GetProcAddress
RtlMoveMemory
LoadLibraryA
GetModuleHandleA
ExitProcess
LockResource
LoadResource
FindResourceA
GetSystemDirectoryA
GetModuleFileNameA
DisableThreadLibraryCalls
GetCurrentThreadId
DecodePointer
GetCommandLineA
IsProcessorFeaturePresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapValidate
IsBadReadPtr
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
GetModuleFileNameW
HeapReAlloc
HeapSize
HeapQueryInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
LoadLibraryW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
SetFilePointer
GetConsoleCP
GetConsoleMode
RaiseException
SetStdHandle
CreateFileW
CloseHandle
FlushFileBuffers

Exports

Exports

AlphaBlend
GradientFill
TransparentBlt
TransparentBltEx

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3faad9d418d0b1cdb74ed30aa880a774

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 11KB - Virtual size: 11KB