msimg32[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

msimg32.dll
Size

416KB
MD5

8a492d07d4a2d4df88acc20abe79225b
SHA1

515dc908b634cbba594d62b1a9e92e3549ba8b5a
SHA256

4bb2b10e067f6c56609c90477792c97b328e05e58076aef0f211f3aff8c4cc69
SHA512

a0d3822963738a9ce74cbe4955d2efc8ba8de1b25dd9a25a8aba1c12c4600a8c3dc1ef64f7bf8de21cb2beb826a8ae46dfc7cbdc02829c2bc3fa0b9d5117a937
SSDEEP

6144:BMrrVzjN6VEnzjsX3cpXSwMvc1Z2NUTuTiOQVhz/HipRMbwTA5aT0Dl:BMHVwcjsc1Se9uuOQVhz/HT8TA4IDl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
msimg32.dll

Files

msimg32.dll
.dll windows x86

62791032bce0d9d06abd788bf38b7aaf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlRandom
NtQueryInformationThread
NtOpenThread
NtQueryInformationProcess
NtQueryVirtualMemory
RtlReAllocateHeap
RtlFreeHeap
RtlAllocateHeap
RtlDestroyHeap
RtlCreateHeap
NtSetContextThread
NtGetContextThread
NtResumeThread
NtSuspendThread
NtFlushInstructionCache
NtQuerySystemInformation
RtlComputeCrc32
RtlGetNtVersionNumbers
RtlZeroMemory
RtlGetVersion
NtTerminateThread
NtTerminateProcess
NtOpenProcess
NtClose
RtlMoveMemory
NtProtectVirtualMemory
NtFreeVirtualMemory
NtAllocateVirtualMemory
RtlUnwind

kernel32

GetModuleHandleW
GetProcAddress
FindClose
FindNextFileW
GetModuleHandleA
ReadFile
WriteFile
GetCurrentProcess
GetSystemInfo
GlobalMemoryStatus
GetProcessAffinityMask
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InitializeCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
HeapAlloc
HeapFree
GetProcessHeap
LoadLibraryA
GetTickCount
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreatePipe
DisconnectNamedPipe
HeapReAlloc
OpenEventW
Sleep
WaitForMultipleObjects
ExitProcess
GetExitCodeProcess
CreateThread
GetCurrentThread
CreateProcessW
GetSystemTime
GetSystemTimeAsFileTime
GetComputerNameExW
DisableThreadLibraryCalls
LocalFree
lstrcmpW
lstrcmpiW
lstrcpyW
lstrlenA
lstrlenW
WTSGetActiveConsoleSessionId
GetLocaleInfoW
K32GetModuleFileNameExW
GetCurrentThreadId
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
LCMapStringW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
TlsFree
GetCurrentProcessId
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
InterlockedFlushSList
RaiseException
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
CloseHandle
GetSystemDirectoryW
CreateFileW
SetCurrentDirectoryW
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WriteConsoleW
DecodePointer

user32

CharUpperW
wsprintfW
PostQuitMessage
GetDesktopWindow
wsprintfA
GetMessageW
DispatchMessageW
ExitWindowsEx
CallWindowProcW
IsWindow
DestroyWindow
CharLowerW
SetTimer
KillTimer
GetSystemMetrics
GetForegroundWindow
GetDC
PostMessageW
ReleaseDC
GetWindowTextA
PostThreadMessageW
GetWindowTextW
GetWindowRect
GetWindowThreadProcessId
GetClassNameW
GetWindowLongW
SetWindowLongW

shlwapi

StrRChrW
StrStrW
StrDupA
StrCmpNIW
PathFindFileNameW
PathIsRelativeW
PathUnquoteSpacesW
SHDeleteKeyW
ord12
StrDupW
StrTrimA
StrChrA
PathRemoveFileSpecW
PathAddBackslashW
StrToIntW
wnsprintfW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory
WTSQuerySessionInformationW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
CreateProcessAsUserW
OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
LsaFreeMemory
ConvertSidToStringSidW
SetSecurityInfo
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
SetEntriesInAclW
StartServiceW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegSetValueExW
RegCloseKey
GetUserNameW
LookupPrivilegeValueW
GetTokenInformation
FreeSid
EqualSid
DuplicateTokenEx
DuplicateToken
CreateWellKnownSid
CheckTokenMembership
RegQueryValueExW

wininet

HttpQueryInfoW
InternetWriteFile
HttpAddRequestHeadersW
InternetOpenUrlW
InternetConnectW
InternetCloseHandle
InternetOpenW
HttpEndRequestW
InternetReadFile
InternetSetOptionW
HttpOpenRequestW
HttpSendRequestExW

shell32

ShellExecuteExW
SHCreateDirectoryExW
CommandLineToArgvW

gdi32

StretchBlt
DeleteDC
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
SetStretchBltMode
BitBlt

oleaut32

VariantInit
VariantClear
SysAllocStringLen
SysAllocString
SysStringLen
SysFreeString
SysAllocStringByteLen
VariantCopy

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

Exports

Exports

AlphaBlend
CreateObject
EnumImagesMeta
GetHandlerProperty
GetHandlerProperty2
GetIsArc
GetNumberOfFormats
GradientFill
SetCaseSensitive
SetCodecs
SetLargePageMode
TransparentBlt

Sections

.text
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62791032bce0d9d06abd788bf38b7aaf

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

shlwapi

wtsapi32

userenv

advapi32

wininet

shell32

gdi32

oleaut32

ole32

Exports

Exports

Sections

.text Size: 325KB - Virtual size: 325KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 6KB - Virtual size: 18KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 325KB - Virtual size: 325KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 6KB - Virtual size: 18KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 14KB - Virtual size: 13KB