ExplorerBlurMica[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

ExplorerBlurMica.dll
Size

417KB
MD5

b10d1151419c25e1e7f62faf643026a2
SHA1

84e59bb0033efe90432f35d3b0acb25e85611648
SHA256

f0fb61e3abd19eee67ba486045da823a62f6b7e99ff4c51375bc280246fa49a5
SHA512

b7e969ea6dbed4336eb3f45d89757e52218890a59b1846ff257f6038b0b060412517ee01fdc5ff652d8e65bb30ef7e5bb969da480c73b535500cae6dbd3ddc50
SSDEEP

6144:uiBBEKJJO6gKmLLEKIQph0lhSMXlBXBWn/h7BahqlQVP9:p7xtA1ph0lhSMXli578qA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ExplorerBlurMica.dll

Files

ExplorerBlurMica.dll
.dll regsvr32 windows:6 windows x64 arch:x64

312e174bd93a7ab02d67d2a2482e82e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapDestroy
GetThreadContext
GetThreadId
SetThreadContext
OpenThread
GetModuleFileNameA
IsBadStringPtrA
UnmapViewOfFile
CreateFileA
CreateFileMappingFromApp
MapViewOfFileFromApp
GetModuleFileNameW
DisableThreadLibraryCalls
FreeLibrary
GetPrivateProfileStringW
OutputDebugStringW
K32GetModuleInformation
SetUnhandledExceptionFilter
WaitForSingleObjectEx
GetExitCodeThread
HeapReAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WakeAllConditionVariable
CloseHandle
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetLastError
CreateToolhelp32Snapshot
ResumeThread
SuspendThread
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
Thread32First
CreateMutexW
Thread32Next
HeapFree
HeapCreate
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
FlushInstructionCache
GetModuleHandleA
SetLastError
VirtualProtect
GetCurrentProcessId
K32GetModuleBaseNameW
MultiByteToWideChar
GetCurrentProcess
CreateFileW
GetFileSizeEx
GetModuleHandleW
GetSystemTimeAsFileTime
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
InterlockedPushEntrySList
GetProcessHeap
FormatMessageW
LoadLibraryExW
GetProcAddress
GetAtomNameW
SleepConditionVariableSRW
CompareStringOrdinal
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RaiseException
RtlUnwindEx
UnhandledExceptionFilter

user32

EnumChildWindows
EndPaint
BeginPaint
FillRect
RedrawWindow
GetWindowRect
EnumWindows
GetClassNameW
RegisterWindowMessageW
PostMessageW
GetWindow
DefWindowProcW
FindWindowExW
SetWindowPos
SendMessageW
OffsetRect
IsRectEmpty
SetLayeredWindowAttributes
IsZoomed
DrawTextW
GetDC
CopyImage
WindowFromDC
GetAncestor
ReleaseDC
GetKeyState
IsWindow
GetWindowThreadProcessId
GetParent

gdi32

GetBkColor
GetTextCharacterExtra
CreateRectRgn
SetTextCharacterExtra
CreateDIBSection
CreateCompatibleDC
StretchDIBits
GetDCBrushColor
GetDIBits
DeleteDC
GetTextColor
DeleteObject
CreateSolidBrush
GetObjectType
GetDeviceCaps
SaveDC
SelectObject
ExcludeClipRect
RestoreDC
GetCurrentObject
IntersectClipRect
GetStockObject
GetClipBox

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueExW

ole32

CoCreateFreeThreadedMarshaler

oleaut32

SysStringLen
SysAllocString
SysFreeString
GetErrorInfo
SetErrorInfo

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString

dwmapi

DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmExtendFrameIntoClientArea
DwmSetWindowAttribute

comctl32

ord413
ord410
ord411
ord412

shlwapi

PathFindFileNameA
PathFileExistsW
SHDeleteKeyW

uxtheme

EndBufferedPaint
GetBufferedPaintBits
BufferedPaintSetAlpha
BeginBufferedPaint

gdiplus

GdipDrawLineI
GdipCreatePen1
GdipDeletePen
GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawRectangleI
GdiplusShutdown
GdiplusStartup
GdipAddPathArc
GdipFillPath
GdipCreateSolidFill
GdipCreatePath
GdipDeletePath
GdipSetClipPath
GdipAddPathLine
GdipResetClip
GdipDeleteBrush
GdipClosePathFigures
GdipSetSmoothingMode

dbghelp

ImageDirectoryEntryToData

ucrtbase

__C_specific_handler
_purecall
_CxxThrowException
memcpy
memmove
memset
memcmp
__current_exception
__std_exception_copy
__std_type_info_destroy_list
_CreateFrameInfo
_IsExceptionObjectToBeDestroyed
_FindAndUnlinkFrame
__processing_throw
__NLG_Dispatch2
__AdjustPointer
__FrameUnwindFilter
__DestructExceptionObject
__TypeMatch
__std_exception_destroy
_local_unwind
__current_exception_context
__NLG_Return2
__std_type_info_compare

api-ms-win-crt-math-l1-1-0

_ldclass
_ldsign
_dsign
_fdclass
_dclass
ceilf
_fdsign
lroundf

api-ms-win-crt-string-l1-1-0

iswspace
wcsncpy_s
_wcsicmp
_stricmp

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
abort
terminate
_initialize_onexit_table
_invalid_parameter_noinfo
_errno
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_configure_narrow_argv
_initterm_e
_initterm
_beginthreadex
_cexit
_crt_atexit
_execute_onexit_table
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
calloc

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-locale-l1-1-0

localeconv
_lock_locales
___mb_cur_max_func
___lc_codepage_func
___lc_locale_name_func
__pctype_func
_unlock_locales
setlocale

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

312e174bd93a7ab02d67d2a2482e82e8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

api-ms-win-core-winrt-string-l1-1-0

dwmapi

comctl32

shlwapi

uxtheme

gdiplus

dbghelp

ucrtbase

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 177KB - Virtual size: 177KB

.rdata Size: 201KB - Virtual size: 201KB

.data Size: 24KB - Virtual size: 29KB

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 177KB - Virtual size: 177KB

.rdata
Size: 201KB - Virtual size: 201KB

.data
Size: 24KB - Virtual size: 29KB

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB