comsvcs[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

comsvcs.dll
Size

1.2MB
MD5

93de30fa0fa2e0bd31d099cc7fdd2460
SHA1

60e9b14afeff2ec5aa4659a7026ea856dc14d663
SHA256

69755e587653293de2b386c200e8fffb4ddf15c2f1dea969b31e0babc3fd2f4d
SHA512

454c41e594702ae34f2d16bf0b3edd0f32ab961a7408cbf15901c5fc2513a4c0ac54cc14eb2e465bb550defefc64248226732c46b38f4fb19a24f25e85ff17e7
SSDEEP

24576:B59LyLPKQsIoc05tk/ZivlyB90sYXeZ2h9RTyBrRpkI1r:BGji/ZtEZivsB90WBrRp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
comsvcs.dll

Files

comsvcs.dll
.dll regsvr32 windows:6 windows x86 arch:x86

c89e46d3038ee2c5f2e804802ce7e7c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

comsvcs.pdb

Imports

msvcrt

memcpy_s
memmove_s
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
mbstowcs
wcstombs
wcsrchr
_wcsdup
_vsnwprintf
wcschr
_wcsicmp
_wtoi
_local_unwind4
memcpy
realloc
free
malloc
_ultow
wcscpy_s
_CIexp
_wstrdate
_wstrtime
_waccess
time
memset
__CxxFrameHandler3
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??0exception@@QAE@XZ
wcsstr
_ftol2
_CIsqrt
_beginthreadex
__doserrno
iswalpha
_wcsupr
memmove
_vsnprintf
iswdigit
??1type_info@@UAE@XZ
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_except_handler4_common
_amsg_exit
_initterm
_XcptFilter
wcstok
_ftol2_sse

ntdll

WinSqmSetDWORD
EtwTraceMessage
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
NtQuerySystemInformation
RtlLargeIntegerDivide
RtlExtendedLargeIntegerDivide
ShipAssertMsgA
EtwNotificationUnregister
EtwNotificationRegister
EtwLogTraceEvent
RtlNtStatusToDosError
RtlImageNtHeader
RtlAllocateHeap
RtlFreeHeap
RtlDelete
RtlSplay
RtlDllShutdownInProgress
RtlInitializeCriticalSectionAndSpinCount
RtlDeleteCriticalSection
RtlReportException
NtQueryInformationProcess

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

GetLongPathNameW
CreateFileW
GetDiskFreeSpaceExW
GetFileAttributesW
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
WriteFile
SetFilePointer
GetVolumeInformationW
GetFileAttributesExW
GetDriveTypeW
CompareFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-interlocked-l1-1-0

InterlockedDecrement
InterlockedCompareExchange64
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
InterlockedCompareExchange

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-libraryloader-l1-1-0

SizeofResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
LoadStringW
FreeLibrary
LoadResource
LoadLibraryExW
LoadLibraryExA
FreeLibraryAndExitThread

api-ms-win-core-localregistry-l1-1-0

RegQueryInfoKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegEnumValueW
RegQueryValueExW
RegEnumKeyExW

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-misc-l1-1-0

lstrcmpiW
lstrcpynW
lstrlenA
Sleep
GlobalAlloc
LocalFree
LocalAlloc
GlobalFree
lstrlenW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-0

CreateThread
TlsSetValue
TlsGetValue
OpenThreadToken
GetCurrentThread
SetThreadPriority
GetCurrentProcess
GetCurrentProcessId
GetThreadPriority
TerminateProcess
TlsAlloc
TlsFree
SetThreadToken
GetCurrentThreadId
ExitProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-1-0

CreateEventW
OpenProcess
SetEvent
WaitForSingleObject
ResetEvent
CreateMutexW
ReleaseMutex
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetSystemInfo
GlobalMemoryStatusEx
GetTickCount
GetLocalTime
GetVersionExW

api-ms-win-core-threadpool-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
IsValidSecurityDescriptor
GetSecurityDescriptorLength
GetTokenInformation
GetAclInformation
GetSecurityDescriptorDacl
RevertToSelf
ImpersonateSelf
FreeSid
CopySid
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
InitializeSecurityDescriptor
GetLengthSid
GetSidIdentifierAuthority
GetSidSubAuthority
AccessCheck
GetSidSubAuthorityCount

ole32

CoRevertToSelf
CreateBindCtx
CoGetClassObject
CoGetInterceptor
CoImpersonateClient
MkParseDisplayName
MonikerRelativePathTo
MonikerCommonPrefixWith
CreateAntiMoniker
CreateGenericComposite
CoReleaseMarshalData
CoGetObject
CoRetireServer
CoUnmarshalInterface
CoGetDefaultContext
CoGetProcessIdentifier
SetErrorInfo
CreateErrorInfo
GetErrorInfo
ObjectStublessClient24
ObjectStublessClient25
ObjectStublessClient26
ObjectStublessClient27
ObjectStublessClient28
NdrProxyForwardingFunction7
NdrProxyForwardingFunction8
NdrProxyForwardingFunction9
NdrProxyForwardingFunction10
NdrProxyForwardingFunction11
NdrProxyForwardingFunction12
ObjectStublessClient10
ObjectStublessClient11
ObjectStublessClient12
ObjectStublessClient13
ObjectStublessClient14
ObjectStublessClient15
ObjectStublessClient16
ObjectStublessClient17
ObjectStublessClient18
ObjectStublessClient19
ObjectStublessClient20
ObjectStublessClient21
ObjectStublessClient22
ObjectStublessClient23
NdrProxyForwardingFunction3
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
NdrProxyForwardingFunction6
ObjectStublessClient7
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient3
ObjectStublessClient4
ObjectStublessClient5
GetHGlobalFromStream
ReadClassStm
CoCreateInstanceEx
CoSetProxyBlanket
IIDFromString
CoDisconnectObject
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString
OleSaveToStream
WriteClassStm
OleLoadFromStream
CoFreeUnusedLibraries
CoWaitForMultipleHandles
StringFromIID
ProgIDFromCLSID
CoGetCallContext
CoInitializeEx
CoUninitialize
CoPushServiceDomain
CoPopServiceDomain
CoGetApartmentID
CoGetCurrentLogicalThreadId
StringFromGUID2
CoGetMarshalSizeMax
CoMarshalInterface
CoCreateGuid
StringFromCLSID
CoCreateInstance
CoGetObjectContext
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
ObjectStublessClient6
CoReactivateObject
CoDeactivateObject

user32

GetProcessWindowStation
GetThreadDesktop
OpenWindowStationW
SetProcessWindowStation
GetDesktopWindow
GetWindowRect
GetClientRect
CloseWindowStation
SetWindowPos
SetThreadDesktop
SetTimer
MsgWaitForMultipleObjects
KillTimer
TranslateMessage
DispatchMessageW
PeekMessageW
SetDlgItemTextW
EndDialog
MapWindowPoints
OpenDesktopW
CloseDesktop
MessageBoxW
CharPrevW
CharNextW
DialogBoxParamW

oleaut32

LPSAFEARRAY_UserSize
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
SafeArrayCreate
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
VariantCopy
SysAllocStringLen
VariantClear
SafeArrayCreateVector
SafeArrayAccessData
VariantInit
SafeArrayUnaccessData
SafeArrayDestroy
LoadRegTypeLi
SysStringLen
VarUI4FromStr
LoadTypeLi
SysFreeString

rpcrt4

UuidCreate
I_RpcBindingInqLocalClientPID
I_RpcBindingInqTransportType
I_RpcTurnOnEEInfoPropagation
NdrClientCall2
NdrStubForwardingFunction
NdrStubCall2
NdrOleAllocate
NdrOleFree
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
IUnknown_QueryInterface_Proxy
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrMesTypeDecode2
NdrMesTypeEncode2
MesEncodeDynBufferHandleCreate
MesDecodeBufferHandleCreate
MesHandleFree
UuidToStringA
RpcStringFreeA
UuidFromStringW
UuidToStringW
RpcStringFreeW
UuidCreateSequential
CStdStubBuffer_QueryInterface

shlwapi

PathStripToRootW
PathStripPathW
PathRemoveFileSpecW

atl

ord32

kernel32

CreateTimerQueueTimer
lstrcpyW
lstrcatW
FindResourceW
DelayLoadFailureHook
WaitForMultipleObjects
GetComputerNameW
MoveFileW
QueueUserWorkItem
UnregisterWait
GlobalUnlock
GlobalLock
CreateSemaphoreW
ReleaseSemaphore
HeapDestroy
GetVersion
GetModuleHandleExW
DeleteTimerQueueTimer
OutputDebugStringA
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
ChangeTimerQueueTimer
GetThreadLocale
OpenEventW
RegisterWaitForSingleObject
GetTickCount64
CreateActCtxW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
FormatMessageW
LockResource
SetFileAttributesW
GetExitCodeProcess
CreateProcessW
CreateDirectoryW
GetThreadContext
LoadLibraryW

Exports

Exports

CoCreateActivity
CoEnterServiceDomain
CoLeaveServiceDomain
CoLoadServices
ComSvcsExceptionFilter
ComSvcsLogError
CosGetCallContext
DispManGetContext
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetMTAThreadPoolMetrics
GetManagedExtensions
GetObjectContext
GetTrkSvrObject
MTSCreateActivity
MiniDumpW
RecycleSurrogate
SafeRef

Sections

.text
Size: 961KB - Virtual size: 960KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 3B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c89e46d3038ee2c5f2e804802ce7e7c3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-threadpool-l1-1-0

api-ms-win-security-base-l1-1-0

ole32

user32

oleaut32

rpcrt4

shlwapi

atl

kernel32

Exports

Exports

Sections

.text Size: 961KB - Virtual size: 960KB

.orpc Size: 5KB - Virtual size: 5KB

.data Size: 56KB - Virtual size: 70KB

.tls Size: - Virtual size: 3B

.rsrc Size: 133KB - Virtual size: 132KB

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 961KB - Virtual size: 960KB

.orpc
Size: 5KB - Virtual size: 5KB

.data
Size: 56KB - Virtual size: 70KB

.tls
Size: - Virtual size: 3B

.rsrc
Size: 133KB - Virtual size: 132KB

.reloc
Size: 56KB - Virtual size: 55KB