cmlua[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

cmlua.dll
Size

34KB
MD5

982150ae441158cd3226e4bff758f320
SHA1

536f60da7db4eb0ee19863405be59a10f73913a4
SHA256

84d354b08008323dadce6a62746db4d08ed09670a2a69636e452eeb87c0c8289
SHA512

92c517f7ba4fecf1cb68e092f8ac6f63d8721d186d5195701deb7a1a6029fee4e54b54a026fec618937f376f302029309f42fc77fe0c5d1741b594f4dec344fd
SSDEEP

384:Q3Oq518hQpkEqBl8494q8LgrQiI6Nfuym1T8BjZW+drNKIOqrpqr8X/8rAtWgYWI:Q1518WFi9NJfuRyBV0qFqwUinqZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cmlua.dll

Files

cmlua.dll
.dll windows:10 windows x86 arch:x86

3a0a431dab919a456d2102d837d6d274

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cmlua.pdb

Imports

msvcrt

malloc
_initterm
_except_handler4_common
?terminate@@YAXXZ
free
memcmp
_vsnwprintf
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_vsnprintf
memset

cmutil

CmStrrchrW
WzToSzWithAlloc
CmMalloc
CmFree

advapi32

LookupPrivilegeValueW
InitiateSystemShutdownW
AdjustTokenPrivileges
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
AllocateAndInitializeSid
RegEnumKeyExW
RegSetValueExW
OpenProcessToken
FreeSid
CheckTokenMembership
RegOpenKeyExW
RegCreateKeyW
RegDeleteValueW

kernel32

CloseHandle
GetCurrentDirectoryW
CreateFileW
SetCurrentDirectoryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
LoadLibraryExW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
LocalAlloc
GetLastError
GetCurrentThreadId
DisableThreadLibraryCalls
FormatMessageW
LocalFree
CreateDirectoryW
FindFirstFileW
FindNextFileW
GetCurrentProcess
lstrlenW
LoadLibraryExA
lstrlenA
FindClose
WaitForSingleObject

shell32

SHGetFolderPathW
SHFileOperationW
ShellExecuteExW
SHGetStockIconInfo

user32

MessageBoxW
CharNextW
CharPrevW
DestroyIcon
SendMessageW

rpcrt4

CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrCStdStubBuffer_Release

ole32

ObjectStublessClient22
ObjectStublessClient3
ObjectStublessClient18
ObjectStublessClient20
ObjectStublessClient15
ObjectStublessClient7
ObjectStublessClient13
ObjectStublessClient5
ObjectStublessClient19
ObjectStublessClient11
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient17
ObjectStublessClient10
ObjectStublessClient16
ObjectStublessClient21
ObjectStublessClient4
StringFromGUID2
CoGetObject
ObjectStublessClient6
ObjectStublessClient12
ObjectStublessClient14

Exports

Exports

DllAddRef
DllCanUnloadNow
DllGetClassObject
DllMain
DllRelease
_GetCoCreateInstanceAsAdminHandle
_RemoveShieldIcon
_SetShieldButton
_SetShieldIcon
_ThrowErrorBox

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a0a431dab919a456d2102d837d6d274

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

cmutil

advapi32

kernel32

shell32

user32

rpcrt4

ole32

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 916B

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 916B

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB