Microsoft[.]WindowsAPICodePack[.]Shell[.]dll | Triage

Sharing

General

Target

Microsoft.WindowsAPICodePack.Shell.dll
Size

510KB
MD5

2656c7d8ef959cdee531bc11a6e07861
SHA1

d7c5cd86c5f308490adf3f4fffd509fc3bbafd81
SHA256

0e7e8deeb72cfca5bc58e65d7bcc75f9562da1b968c9a32fdb12b4309da43e66
SHA512

a20bea24e116720577cd550953805007f624bc7ad555cd5778ee508ac255057c7583496f7db64a70dd70c5aaa40536b2f2692bbb010191684e3487014cebb210
SSDEEP

6144:h9DH+Fhfx3oxy9X8b9o741Xwlb2ettre8q/RLIlgfytEJLTpYcrO+R1yj:TLepJoxym11Alb3QL1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Microsoft.WindowsAPICodePack.Shell.dll

Files

Microsoft.WindowsAPICodePack.Shell.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ