msimg32[.]dll | Triage

General

Target

msimg32.dll
Size

25KB
MD5

f67dc105bf2304f506370790123c55d2
SHA1

b27d89801065a92a3da8b94a6efb38ce30df95ec
SHA256

aa7ede16191dff7567c725f7a27c7634bef4e2d7a2c48c2e6403b304b35a4a0d
SHA512

2f926f8eb9be457d75ced691a6912efe3ecdd193ab476474cc631cd1b35aa3fe70a2d5150752b2544537227a7a230db4211b1ba0d5454d21c3f9d201b6df4baa
SSDEEP

384:RFP14rfHYb9CfQgC3PoZnfSQyFLK0GLjpDmYwWJh9a89IM1B1eN4PCA9O80OFOh3:RFPcYb9EPCQnqQRjQYRN6N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
msimg32.dll

Files

msimg32.dll
.dll windows x64

7891b90c290e6528525cdd954119062c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

memset
wcsstr
wcscmp
memmove
memcpy
strlen
strcpy
wcsncpy
wcslen
wcscat
malloc
free

kernel32

HeapCreate
HeapDestroy
DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress
VirtualProtect
OpenEventW
CreateFileMappingW
MapViewOfFile
WaitForSingleObject
SetEvent
CreateProcessW
CloseHandle
GetSystemDirectoryW
UnregisterWait
EnterCriticalSection
LeaveCriticalSection
HeapFree
TlsFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
TlsGetValue
HeapAlloc
GetCurrentProcess
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject
TlsSetValue
CreateThread
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetDriveTypeW
FindFirstFileW
FindClose
GetFileAttributesW
HeapReAlloc

user32

CharLowerW

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

.code
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7891b90c290e6528525cdd954119062c

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

Exports

Exports

Sections

.code Size: 4KB - Virtual size: 3KB

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 2KB - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.data Size: 3KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 12B

.code
Size: 4KB - Virtual size: 3KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 2KB - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.data
Size: 3KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 12B