winmm[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

winmm.dll
Size

905KB
MD5

b1dd3db8c61b927a7bde3d22fc78f80b
SHA1

62fe6fd653623ed8dab882c032254f275b38a67b
SHA256

85b19db110023865cc106685f0f15bfbb53a896ea8f01474a81b75fdd4cb3e12
SHA512

130b545285d93ac9078a8606620a0b1189789f54ae74974de92f01df5644c2f65def9900ef3b280bdd10ecd54f717c91d45f33e731251621ba0f1db29bfa0a3a
SSDEEP

12288:h1jIUWlYgbM7YtQdWgU6sD+j9tX7WodvOXcXZ/CWno8B:7IUWGgbM7RsG99TdYYZ/r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
winmm.dll

Files

winmm.dll
.dll windows:6 windows x64

f25d4cb6ef5f56c646c98bcfe470ecef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateDirectoryW
SetThreadAffinityMask
GetSystemFirmwareTable
GetStartupInfoW
GetCPInfoExW
SetSystemTimeAdjustment
ReadFile
GetProcessWorkingSetSizeEx
InitializeSRWLock
EnumLanguageGroupLocalesW
SizeofResource
GetCommConfig
QueryDosDeviceW
RemoveDirectoryTransactedW
SetFileIoOverlappedRange
SetConsoleHistoryInfo
GetProcessWorkingSetSize
SetInformationJobObject
GetLogicalDrives
GetThreadPriorityBoost
CancelIo
WriteProfileStringW
LocalLock
QueryThreadpoolStackInformation
GetNamedPipeServerSessionId
QueryInformationJobObject
SetNamedPipeHandleState
GetCurrentProcessorNumberEx
StartThreadpoolIo
SetThreadLocale
CompareFileTime
InitOnceBeginInitialize
GlobalHandle
FindFirstFileW
GetFileSizeEx
CreateThreadpool
IsBadWritePtr
WritePrivateProfileStringW
NeedCurrentDirectoryForExePathW
LoadModule
FindFirstVolumeW
GetSystemDefaultLCID
VirtualProtect
GetConsoleScreenBufferInfo
SetConsoleDisplayMode
CallNamedPipeW
CreateSemaphoreExW
SetPriorityClass
SetDefaultDllDirectories
CreateEventExW
SetConsoleTextAttribute
FindFirstFileNameW
AddDllDirectory
RtlCaptureContext
SetLocalTime
EnterCriticalSection
GetHandleInformation
SetConsoleActiveScreenBuffer
QueryProtectedPolicy
SetSystemPowerState
GetFullPathNameW
GetStdHandle
SetProcessAffinityMask
GetThreadErrorMode
CreateWaitableTimerW
GetProcessDEPPolicy
EnumCalendarInfoW
ReleaseSemaphore
EnumResourceTypesW
GetCPInfo
WriteFile
GetThreadIdealProcessorEx
RemoveDllDirectory
ExpandEnvironmentStringsW
UnregisterWait
SetConsoleMode
GetConsoleCursorInfo
SetCurrentConsoleFontEx
GetTimeFormatEx
GetPrivateProfileIntW
RtlPcToFileHeader
SetFileBandwidthReservation
DeviceIoControl
VirtualAlloc
GetNumberOfConsoleMouseButtons
WaitForDebugEvent
RemoveDirectoryW
GetProfileIntW
GetFinalPathNameByHandleW
GetProcessAffinityMask
PrefetchVirtualMemory
WakeAllConditionVariable
HeapLock
GetProcessIdOfThread
DisassociateCurrentThreadFromCallback
SetFileTime
GetUserDefaultLangID
GetModuleFileNameW
OpenPrivateNamespaceW
WakeConditionVariable
FindFirstStreamTransactedW
ReOpenFile
PurgeComm
CreateNamedPipeW
GetSystemTimes
WaitForMultipleObjects
RequestWakeupLatency
GetConsoleCP
SetEnvironmentVariableW
SetProcessShutdownParameters
GetThreadSelectorEntry
GetGeoInfoW
AddScopedPolicyIDAce
SetThreadUILanguage
GetLocaleInfoEx
SetConsoleWindowInfo
GetNumaProcessorNodeEx
Wow64SetThreadContext
CheckTokenCapability
LocalHandle
VirtualUnlock
DeleteTimerQueueEx
GetProductInfo
GetConsoleFontSize
SetSystemFileCacheSize
LockFile
GetThreadPreferredUILanguages
DeleteAtom
GetProcessVersion
GetNamedPipeClientProcessId
GetDynamicTimeZoneInformation
CreatePipe
Wow64GetThreadContext
SetSystemTime
SetErrorMode
LeaveCriticalSectionWhenCallbackReturns
SetFilePointer
InitOnceInitialize
GetQueuedCompletionStatus
GetCompressedFileSizeW
GetFileMUIPath
GetNumaProcessorNode
GetConsoleTitleW
OpenFileById
SetEndOfFile
GetSystemPowerStatus
WaitForThreadpoolIoCallbacks
FatalExit
EnumCalendarInfoExW
GetTempPathW
GetWriteWatch
CreateMutexW
OpenFile
InitializeCriticalSectionEx
GetPrivateProfileSectionW
WaitForThreadpoolTimerCallbacks
WaitForMultipleObjectsEx
SystemTimeToTzSpecificLocalTimeEx
GetConsoleScreenBufferInfoEx
GetLocaleInfoW
IsNLSDefinedString
GetVolumePathNameW
GetCommMask
CreateFileW
GetNumberFormatEx
FreeLibraryAndExitThread
UnregisterBadMemoryNotification
GetFileAttributesTransactedW
MapViewOfFileExNuma
DebugActiveProcessStop
OpenEventW
EnumSystemCodePagesW
GetThreadDescription
ReleaseMutex
UnregisterApplicationRecoveryCallback
CancelThreadpoolIo
WaitForThreadpoolWorkCallbacks
GetCommTimeouts
SetThreadpoolThreadMinimum
SetupComm
IsSystemResumeAutomatic
GetComputerNameExW
IsBadCodePtr
CallbackMayRunLong
GlobalDeleteAtom
ContinueDebugEvent
MapUserPhysicalPages
GlobalGetAtomNameW
GetApplicationRecoveryCallback
UnmapViewOfFile
HeapValidate
IsProcessInJob
GetSystemDefaultLangID
GetACP
PrepareTape
OpenProcess
GetVersion
SetProcessMitigationPolicy
CloseThreadpoolCleanupGroup
EndUpdateResourceW
RemoveSecureMemoryCacheCallback
ConvertThreadToFiberEx
MultiByteToWideChar
GetPrivateProfileStringW
SetVolumeLabelW
GetConsoleMode
GetFileInformationByHandle
WritePrivateProfileStructW
GetDurationFormat
LocalFileTimeToFileTime
ReadThreadProfilingData
GetDevicePowerState
GetTickCount64
BuildCommDCBW
VerifyScripts
SetCalendarInfoW
Wow64RevertWow64FsRedirection
GetLargestConsoleWindowSize
GetCurrencyFormatEx
WaitForThreadpoolWaitCallbacks
EnumSystemLocalesEx
SetUserGeoID
ChangeTimerQueueTimer
EscapeCommFunction
GetConsoleAliasesLengthW
TzSpecificLocalTimeToSystemTime
SetConsoleCursorInfo
GetLogicalProcessorInformationEx
GetMaximumProcessorGroupCount
ConvertDefaultLocale
WaitCommEvent
SleepConditionVariableCS
SetThreadpoolTimerEx
GlobalSize
CreateFileA
GetLogicalProcessorInformation
FileTimeToSystemTime
GetNamedPipeHandleStateW
GetSystemFileCacheSize
OfferVirtualMemory
GetMailslotInfo
ReadConsoleOutputW
TerminateThread
EnumDateFormatsExEx
GetApplicationRestartSettings
GetTapeParameters
WaitForSingleObjectEx
SetWaitableTimerEx
CreateThreadpoolWait
DefineDosDeviceW
ClearCommBreak
GetFullPathNameTransactedW
GetCommState
GlobalAlloc
OpenSemaphoreW
InterlockedPushListSListEx
GetSystemDEPPolicy
HeapReAlloc
CloseHandle
SetProcessPreferredUILanguages
CreateThreadpoolCleanupGroup
SetThreadpoolTimer
ReleaseMutexWhenCallbackReturns
FindNLSStringEx
GetSystemInfo
CreateSymbolicLinkTransactedW
GetProcessHeaps
WriteProfileSectionW
SetProcessWorkingSetSizeEx
CreateThreadpoolTimer
FindResourceExW
ResetEvent
ScrollConsoleScreenBufferW
SetComputerNameW
GetActiveProcessorCount
FindResourceW
EnumDateFormatsExW
HeapAlloc
Wow64SuspendThread
ClearCommError
FileTimeToLocalFileTime
DeleteSynchronizationBarrier
GetConsoleOriginalTitleW
GetUserGeoID
GetMemoryErrorHandlingCapabilities
GetCurrentDirectoryW
SetStdHandle
UpdateResourceW
GetCurrentConsoleFontEx
HeapCompact
SwitchToThread
VirtualProtectEx
AddSIDToBoundaryDescriptor
SetFirmwareEnvironmentVariableW
LocalSize
UnlockFile
GetDurationFormatEx
ReadDirectoryChangesW
SetCurrentDirectoryW
GetWindowsDirectoryW
SetThreadPriorityBoost
VirtualLock
Beep
GetProcAddress
GlobalLock
VirtualAllocEx
CreateMutexExW
UnregisterWaitEx
DebugActiveProcess
HeapQueryInformation
GetTimeFormatW
MoveFileExW
GetOverlappedResultEx
ReplaceFileW
AcquireSRWLockShared
ExitProcess
VerSetConditionMask
ReadProcessMemory
GetComputerNameW
SetProtectedPolicy
FindVolumeClose
DisableThreadProfiling
SetConsoleCP
UnhandledExceptionFilter
CopyFile2
EnumSystemLocalesW
GetProcessHeap
CreateProcessW
IsValidLocale
FreeLibrary
SetFirmwareEnvironmentVariableExW
CopyFileW
FlushInstructionCache
GetNumaProximityNode
WideCharToMultiByte
CreateSymbolicLinkW
SetCommBreak
GetVolumePathNamesForVolumeNameW
WinExec
SleepConditionVariableSRW
RemoveVectoredContinueHandler
LocaleNameToLCID
GetThreadTimes
BeginUpdateResourceW
SystemTimeToTzSpecificLocalTime
QueryFullProcessImageNameW
LocalReAlloc
CreateProcessA
ConvertFiberToThread
GetSystemTimeAsFileTime
GetFileType
DeleteTimerQueueTimer
LocalFlags
EnumSystemFirmwareTables
SetFileApisToANSI
GetSystemTime
Wow64GetThreadSelectorEntry
GetThreadGroupAffinity
VirtualFreeEx
CopyFileExW
CreateWaitableTimerExW
DebugBreak
DosDateTimeToFileTime
SetThreadContext
lstrcmpiW
BackupSeek
GetProcessGroupAffinity
GetSystemRegistryQuota
HeapUnlock
GetDateFormatW
InitializeSListHead
GetSystemPreferredUILanguages
FreeLibraryWhenCallbackReturns
FindNextStreamW
WaitNamedPipeW
CreateFiberEx
FlsFree
SetCommState
SetCommConfig
SetTapePosition
lstrcmpW
GetDllDirectoryW
GetProcessHandleCount
MulDiv
InitializeSynchronizationBarrier
GetFirmwareEnvironmentVariableW
MoveFileW
VirtualQuery
RegisterApplicationRestart
IsWow64Process
CreateFiber
GetVolumeInformationByHandleW
GetProcessTimes
InterlockedPopEntrySList
OpenThread
AddIntegrityLabelToBoundaryDescriptor
LoadLibraryExW
DebugBreakProcess
IsDebuggerPresent
ConnectNamedPipe
VirtualQueryEx
QueryDepthSList
CheckRemoteDebuggerPresent
ReadConsoleOutputAttribute
SetFileCompletionNotificationModes
WriteConsoleOutputCharacterW
CreateTimerQueue
IsBadStringPtrW
FlushFileBuffers
GetExitCodeProcess
FileTimeToDosDateTime
WriteConsoleW
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetUserDefaultLCID
LCMapStringW
HeapFree
GetConsoleOutputCP
ReadConsoleW
SetFilePointerEx
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
RaiseException
InterlockedFlushSList
RtlUnwindEx
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
FillConsoleOutputCharacterW
AreFileApisANSI
RtlUnwind

user32

IsIconic
GetAncestor
SwapMouseButton
DialogBoxParamW
DdeFreeStringHandle
GetProcessWindowStation
SetProcessDPIAware
GetAltTabInfoW
AllowSetForegroundWindow
InsertMenuItemW
SetLastErrorEx
DeregisterShellHookWindow
GetGuiResources
UnionRect
ScreenToClient
WaitForInputIdle
UnregisterClassW
ArrangeIconicWindows
SetClassLongPtrW
PrivateExtractIconsW
GetScrollPos
LookupIconIdFromDirectory
SetTimer
GetCursorInfo
GetMenuDefaultItem
DefDlgProcW
ExitWindowsEx
OemKeyScan
SetCoalescableTimer
ValidateRect
GetDlgItemTextW
SendDlgItemMessageW
MessageBoxA
RegisterHotKey
GetSysColor
DdeQueryConvInfo
SetProcessWindowStation
UnhookWindowsHookEx
EnumWindows
CreateAcceleratorTableW
LoadBitmapW
SetLayeredWindowAttributes
IntersectRect
IsCharAlphaNumericW
TranslateMessage
GetClassNameW
SetClipboardData
GetUserObjectInformationW
PrintWindow
FlashWindowEx
DrawCaption
CreateDialogIndirectParamW

ole32

OleUninitialize
CoWaitForMultipleHandles
OleRun
CreateDataAdviseHolder
CoFileTimeToDosDateTime
OleSetMenuDescriptor
CoCreateGuid

crypt32

CryptStringToBinaryA

Exports

Exports

Ioaifqeuioadgaduasuj
Rpopoafjiaegjaoegodja
timeGetTime

Sections

.code
Size: 460KB - Virtual size: 459KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 318KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ndata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f25d4cb6ef5f56c646c98bcfe470ecef

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

crypt32

Exports

Exports

Sections

.code Size: 460KB - Virtual size: 459KB

.data Size: 318KB - Virtual size: 324KB

.pdata Size: 29KB - Virtual size: 28KB

_RDATA Size: 1024B - Virtual size: 244B

.ndata Size: 93KB - Virtual size: 92KB

.reloc Size: 3KB - Virtual size: 2KB

.code
Size: 460KB - Virtual size: 459KB

.data
Size: 318KB - Virtual size: 324KB

.pdata
Size: 29KB - Virtual size: 28KB

_RDATA
Size: 1024B - Virtual size: 244B

.ndata
Size: 93KB - Virtual size: 92KB

.reloc
Size: 3KB - Virtual size: 2KB