MsSpellCheckingFacility[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MsSpellCheckingFacility.exe
Size

652KB
MD5

282091d681ab6afd9fbc59df900f9861
SHA1

874ce22e1c50df36f14aa71de91e584dc6fecbe5
SHA256

b4970257b2524d65897b588e3850ad4e1ac2cf76d06350182f5f6c2df88ab6a4
SHA512

7f557fe355a35a5aa05abf4e216557d66a2b5b3d605a3048c1f8e64af8c21b9aa800fdb45c9712c3367adbc0d3aa0ad4dbb6412c367eafd3023c64eaad9076a5
SSDEEP

12288:ILUatY+lKGSCksuVcfJrPahbM6LbbwY79bqHcrPJTkz09OVnLYOrzUIJRHU2oEtk:OUqGnCks6sYhbTjPx+HcrPJTkz09OVnK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MsSpellCheckingFacility.exe

Files

MsSpellCheckingFacility.exe
.exe windows:6 windows x86

516c8afbdaed2929b39897fe1f954182

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharNextW
LoadStringW
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
PostThreadMessageW
UnregisterClassA

msvcrt

_controlfp
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
_isctype
towupper
iswspace
toupper
iswctype
tolower
??3@YAXPAX@Z
??_V@YAXPAX@Z
_vsnwprintf
wcsncpy_s
free
wcscpy_s
wcscat_s
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
abort
??8type_info@@QBEHABV0@@Z
wcschr
towlower
bsearch
_wtoi
wcsrchr
swscanf_s
strerror
__uncaught_exception
__crtLCMapStringW
__crtCompareStringW
___mb_cur_max_func
___lc_codepage_func
__pctype_func
___lc_collate_cp_func
___lc_handle_func
_errno
memcpy
__CxxFrameHandler3
setlocale
_CxxThrowException
_callnewh
_resetstkoflw
malloc
calloc
memset
realloc
strchr
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
memmove_s
??0exception@@QAE@XZ
memmove
??0exception@@QAE@ABV0@@Z
_purecall
memcpy_s
_wfopen_s
fclose
fseek
ftell
fread
wcsncmp
wcstombs_s
wcscspn
iswalpha
iswupper
iswlower
wcsstr
iswdigit
iswxdigit
?what@exception@@UBEPBDXZ
_ftol2_sse

kernel32

FlushFileBuffers
SetFilePointer
LoadLibraryExA
GetSystemInfo
LocalAlloc
VirtualQuery
FindResourceW
LockResource
GetFileSize
FindResourceExW
LoadResource
SizeofResource
FreeLibrary
GetSystemWindowsDirectoryW
GetUserPreferredUILanguages
DeleteTimerQueueTimer
CreateTimerQueueTimer
FormatMessageW
InitializeCriticalSectionAndSpinCount
SetLastError
NormalizeString
LCMapStringW
FoldStringW
VirtualProtect
GetCurrentProcessId
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
DecodePointer
EncodePointer
GetStringTypeW
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetLastError
CloseHandle
GetModuleHandleW
GetProcAddress
LocalFree
ReleaseMutex
CreateMutexW
WaitForSingleObject
CreateEventW
OpenProcess
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
LoadLibraryExW
RaiseException
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
SetEvent
GetCommandLineW
Sleep
CreateThread
CompareStringOrdinal
GetCurrentThread
GetCurrentProcess
GetVersionExW
ReadFile
CreateFileW
SleepEx
FindClose
CreateFileMappingW
GetFileSizeEx
CreateDirectoryW
FindFirstFileExW
FindNextFileW
AcquireSRWLockShared
ReleaseSRWLockShared
GetFileTime
SetFilePointerEx
LockFile
WriteFile
SetEndOfFile
UnlockFile
MoveFileW
GetSystemTime
SystemTimeToFileTime
SetFileTime
FindFirstChangeNotificationW
FindNextChangeNotification
InitOnceExecuteOnce
WaitForMultipleObjectsEx
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
CompareStringW
MultiByteToWideChar
WideCharToMultiByte

advapi32

OpenProcessToken
RegEnumValueW
RegNotifyChangeKeyValue
GetTokenInformation
OpenThreadToken
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegGetValueW
EventWrite
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
RevertToSelf
ImpersonateLoggedOnUser
EventRegister
EventUnregister
ConvertSidToStringSidW
RegOpenCurrentUser
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegDeleteTreeW

oleaut32

SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
SysFreeString
VariantInit
VariantCopy
VariantClear
SetErrorInfo
CreateErrorInfo
VarUI4FromStr
RegisterTypeLi

ole32

CoDisableCallCancellation
CoCancelCall
CoEnableCallCancellation
CoGetMalloc
CoTaskMemAlloc
CoRevertToSelf
CoImpersonateClient
CoTaskMemFree
CLSIDFromString
CoSuspendClassObjects
StringFromGUID2
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoInitializeEx
CoResumeClassObjects
CoCreateInstance
CoTaskMemRealloc

shell32

SHGetKnownFolderPath
ord47

shlwapi

PathFileExistsW
PathFindNextComponentW
PathIsDirectoryW
PathIsPrefixW
PathAppendW
PathStripPathW
PathIsNetworkPathW
PathCombineW

rpcrt4

UuidCreateSequential

Sections

.text
Size: 595KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

516c8afbdaed2929b39897fe1f954182

Headers

DLL Characteristics

File Characteristics

Imports

user32

msvcrt

kernel32

advapi32

oleaut32

ole32

shell32

shlwapi

rpcrt4

Sections

.text Size: 595KB - Virtual size: 595KB

.data Size: 8KB - Virtual size: 10KB

.idata Size: 7KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 12B

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 595KB - Virtual size: 595KB

.data
Size: 8KB - Virtual size: 10KB

.idata
Size: 7KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 12B

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 28KB - Virtual size: 28KB