cewmdm[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cewmdm.dll
Size

205KB
MD5

6e91f67335d57ddffe798c815444b0e3
SHA1

63ce2f989208e28f1f654c2d9093aabed37c5bb5
SHA256

32fd206772615d947765b1a564ecc55f0c73c22b4980b05205b0e97bf56c07ba
SHA512

b227cd46be27ef6238c6af733fea19c3c6812bba293a789e24620ae90c3359121fabf615b28bc413c9aa2091e354c4eba3a0aef81f8bfa4d5dc75ffb645fe206
SSDEEP

3072:ndvoGFe1N/UNDmFW5lw7nrMD1LYuPO7JXD8mdTgl5lEzXZDtz00i9bVMeL8Z:nerUNiklw7nu5YqONf4+ObSbZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cewmdm.dll

Files

cewmdm.dll
.dll regsvr32 windows:6 windows x86 arch:x86

846468bbe62d5ef6b1ad88aca372659c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CEWMDM.pdb

Imports

msvcrt

??2@YAPAXI@Z
realloc
??3@YAXPAX@Z
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
free
wcspbrk
_wtol
_amsg_exit
_initterm
_XcptFilter
_wcsnicmp
_ftol2_sse
wcschr
wcsncmp
wcsrchr
_wtoi
_wcsicmp
_vsnwprintf
??_U@YAPAXI@Z
_purecall
??_V@YAXPAX@Z
memcpy
malloc
memset

kernel32

LocalAlloc
LocalFree
CompareStringW
WideCharToMultiByte
GetVersionExW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
MultiByteToWideChar
lstrlenW
lstrcpyW
GetLastError
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
CreateEventW
CloseHandle
lstrcpynW
GetModuleFileNameW
FreeLibrary
DisableThreadLibraryCalls
lstrcatW
SetFilePointer
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
WaitForSingleObject
ResetEvent
SetEvent
CreateThread
RaiseException
GetTempPathW
GetTempFileNameW
WriteFile
CreateFileW
GetProcessHeap
HeapFree
DeleteFileW
GetSystemTimeAsFileTime
GetExitCodeThread
WaitForMultipleObjects
FileTimeToSystemTime
DebugBreak
OutputDebugStringW
InterlockedExchange
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapAlloc
GetVersionExA
DeviceIoControl
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
ReadFile
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
LoadLibraryExA
GetFileSize
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
GetEnvironmentStringsW

user32

RegisterWindowMessageA
PostMessageW
LoadIconW
GetMessageW
CharNextW
CharPrevW
PostThreadMessageW
DispatchMessageW

advapi32

RegEnumKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegQueryValueExA
RegCreateKeyExA
RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegSetValueExA
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
TraceMessage

ole32

CoInitializeEx
CLSIDFromString
PropVariantClear
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysFreeString
LoadTypeLi
RegisterTypeLi
VariantInit
SysStringLen
VarUI4FromStr
SafeArrayDestroy
SafeArrayRedim
SafeArrayCreateVector
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantCopy
VariantChangeType
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

846468bbe62d5ef6b1ad88aca372659c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 171KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 172KB - Virtual size: 171KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 6KB - Virtual size: 6KB