pmls64[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pmls64.dll
Size

925KB
MD5

6e6be26227f44e6dc5242b3196c9a3eb
SHA1

38f9b74cb7c880631f36707ab0cdce0ceef402e4
SHA256

565bf1d00bbbbebae9b03a09fe8f29636035e0612c0c5446333dd6d3142300f6
SHA512

d3f5bd6d0ddda5c9a816bc91a2e6f8c5c0b9e6a01d05aeb064031e914c68096b3ce5b1359374434e64f4205fcd36170924628f89c6954d0b69f01f845034f76b
SSDEEP

12288:BPhXWf1W3mWXyoClCF4l3kIEDMZ/9rulonWrnjwxgo:9hGtW3tXyoClCql3kIEO/cqnVp

Score

1^/10

Malware Config

Signatures

Files

pmls64.dll
.dll windows:5 windows x64 arch:x64

f825e56301e7081807d8c1acace60411

Code Sign

99:cc:bc:de:82:47:c0:86:78:0a:05:9a:17:4f:1f:e0
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05/04/2021, 00:00

Not After

04/04/2024, 23:59

Subject

CN=VOICEFIVE\, INC.,O=VOICEFIVE\, INC.,L=Reston,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ff:e4:ce:30:95:ed:9e:b1:7d:ab:06:bd:e0:e7:3b:6e:3a:e3:c0:7f
Signer

Actual PE Digest

ff:e4:ce:30:95:ed:9e:b1:7d:ab:06:bd:e0:e7:3b:6e:3a:e3:c0:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\src\master\Client\OSMIMHK\x64\SmallStandalone\osmimhk64.pdb

Imports

ws2_32

socket
WSAIoctl
getsockname
WSAGetLastError
WSAAddressToStringA
htons
WSAStringToAddressA
freeaddrinfo
ntohl
inet_ntoa
send
gethostbyname
getsockopt
getpeername
ntohs
connect
getaddrinfo
recv

oleacc

ObjectFromLresult
AccessibleObjectFromPoint

wininet

RetrieveUrlCacheEntryStreamA
ReadUrlCacheEntryStream
GetUrlCacheEntryInfoA
UnlockUrlCacheEntryStream

psapi

GetProcessImageFileNameA
GetModuleFileNameExA
EnumProcessModules

kernel32

GetSystemTime
SetLastError
GetFileType
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
Sleep
SetEvent
WaitForSingleObject
FindClose
FindFirstFileA
GetCommandLineA
CreateProcessA
CreateMutexA
ResetEvent
CreateEventA
WaitForMultipleObjects
OpenProcess
OpenEventA
GetWindowsDirectoryA
GetCurrentDirectoryW
DuplicateHandle
ReadProcessMemory
GetBinaryTypeA
GlobalAlloc
QueryPerformanceCounter
GetModuleHandleExA
SetFilePointer
ReleaseMutex
OpenMutexA
GetVersionExA
WriteFile
CreateFileA
VirtualQueryEx
VirtualAllocEx
WriteProcessMemory
VirtualProtectEx
ResumeThread
GetCurrentThreadId
GetModuleHandleExW
VirtualProtect
VirtualQuery
VirtualFreeEx
GetExitCodeThread
CreateRemoteThread
SuspendThread
CreateProcessW
LeaveCriticalSection
EnterCriticalSection
ProcessIdToSessionId
GlobalFree
InitializeCriticalSection
GetBinaryTypeW
GetWindowsDirectoryW
LoadLibraryA
FreeLibrary
SystemTimeToFileTime
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
QueueUserWorkItem
GetTickCount
lstrlenA
GetLastError
MultiByteToWideChar
GetCurrentProcessId
CloseHandle
GetModuleHandleA
GetProcAddress
CreateFileW
SetEndOfFile
WriteConsoleW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetStdHandle
GetCurrentThread
GetModuleFileNameA
lstrlenW
GetCurrentProcess
WideCharToMultiByte
GetStringTypeW
EncodePointer
DecodePointer
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
QueryPerformanceFrequency
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
SetHandleCount
ReadFile
HeapDestroy
HeapCreate
HeapSetInformation
ExitProcess
FormatMessageA
LoadLibraryExA
GetModuleFileNameW
GetSystemInfo
HeapFree
GetModuleHandleW
HeapSize
IsValidCodePage
GetOEMCP
GetACP
TerminateProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FlsAlloc
FlsFree
FlsGetValue
GetLocaleInfoW
GetStdHandle
CompareStringW
GetCPInfo
LCMapStringW
FlsSetValue
HeapReAlloc
GetSystemTimeAsFileTime
CreateThread
ExitThread
TlsAlloc
CreateSemaphoreA
ReleaseSemaphore
LocalAlloc
LocalFree
GetVersion
HeapAlloc
GetProcessHeap
SetThreadStackGuarantee

user32

GetTopWindow
GetAncestor
GetWindowThreadProcessId
SendMessageA
IsWindow
GetForegroundWindow
GetCursorPos
IsWindowVisible
GetWindow
FindWindowExA
GetWindowTextA
GetClassNameA
GetParent
LoadStringA
PostThreadMessageA
SendMessageTimeoutA
EnumChildWindows
CallNextHookEx
GetDesktopWindow
RegisterWindowMessageA
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
TranslateMessage
DispatchMessageA
PostMessageA
EnumWindows

advapi32

RegDeleteKeyA
CreateProcessAsUserA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
GetSidSubAuthorityCount
GetSidSubAuthority
IsValidSid
CheckTokenMembership
FreeSid
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
InitializeAcl
SetSecurityInfo
GetTokenInformation
RegEnumKeyExA

ole32

CoCreateFreeThreadedMarshaler
CoInitialize
CoInitializeEx
CoUninitialize
CoUnmarshalInterface
CoCreateInstance
CreateStreamOnHGlobal
CoMarshalInterface

oleaut32

VariantClear
SysAllocString
VariantInit
SysFreeString
SysAllocStringLen
DispGetParam
SysStringLen
VariantChangeType

rpcrt4

UuidCompare
UuidCreate

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

iphlpapi

GetExtendedTcpTable

Exports

Exports

?Mine_PR_Read@@YAHPEAUPRFileDesc@@PEAXH@Z
?Mine_PR_Write@@YAHPEAUPRFileDesc@@PEBXH@Z
AddProxyInfo
CheckCapability
ClearProcID
ClearSessionInfo
ConfigBrowsers
ConfigLSP
CreateSessionInfo
GetMsgHookProc
GetServiceProviderInfo
IsCSLOAConfigured
IsLSPConfigured
MsgHookProc
ProcessCSProxyData
Register
RemoveProxyInfo
RunProcWithDll
SetAutoRestartProc
SetForegroundURL
ShellHookProc
StartShellEvent
UnconfigBrowsers
UnconfigLSP
UnlockShellEvent
UpdateProcess

Sections

.text
Size: 639KB - Virtual size: 638KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Shared
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f825e56301e7081807d8c1acace60411

Code Sign

99:cc:bc:de:82:47:c0:86:78:0a:05:9a:17:4f:1f:e0Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9fCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

ff:e4:ce:30:95:ed:9e:b1:7d:ab:06:bd:e0:e7:3b:6e:3a:e3:c0:7fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

oleacc

wininet

psapi

kernel32

user32

advapi32

ole32

oleaut32

rpcrt4

version

iphlpapi

Exports

Exports

Sections

.text Size: 639KB - Virtual size: 638KB

.rdata Size: 216KB - Virtual size: 215KB

.data Size: 18KB - Virtual size: 37KB

.pdata Size: 29KB - Virtual size: 29KB

Shared Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

99:cc:bc:de:82:47:c0:86:78:0a:05:9a:17:4f:1f:e0
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

ff:e4:ce:30:95:ed:9e:b1:7d:ab:06:bd:e0:e7:3b:6e:3a:e3:c0:7f
Signer

.text
Size: 639KB - Virtual size: 638KB

.rdata
Size: 216KB - Virtual size: 215KB

.data
Size: 18KB - Virtual size: 37KB

.pdata
Size: 29KB - Virtual size: 29KB

Shared
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB