cabview[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cabview.dll
Size

148KB
MD5

1056f2e60f51735935de7da1c6ce4789
SHA1

2ace37a2e8bdcd70ec47000c328ae932d93e45ce
SHA256

e960074e453144c156681354d4048aa742f0720c3c2f45d8f827e376910c072b
SHA512

47586832066a492cd5f042f4493a8a0ed930e3b94c3efc99a4fce06b633dfdbd0ddaa280e3e857abf6b6c0d066d81a062ab370495292908c9b61a1e1ec5ac59d
SSDEEP

3072:kwHxbgMEVewK9rHB7NNDnGOb+ahXNqJohealn5IuG:CM9rhhNDGOb+asE75Iu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cabview.dll

Files

cabview.dll
.dll windows:10 windows x86 arch:x86

7026907c9012f103a97971f3602b4362

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cabview.pdb

Imports

msvcrt

_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
malloc
free
memcpy_s
_except_handler4_common
_vsnwprintf
memmove
memcpy
memset

shell32

SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
AssocGetDetailsOfPropKey
ord743
ord701
ord256
ord744
ord27
ord846
ord152
SHBindToParent
ord19
SHBindToObject
SHGetPathFromIDListA
SHBrowseForFolderW
ord155
ord18

shlwapi

StrRetToBufW
PathSkipRootW
AssocCreate
PathFindExtensionW
PathAppendW
ord158
ord619
SHStrDupW
PathIsUNCW
ord199
ord172
ord186
PathFindFileNameW
PathCombineW
PathAddBackslashA
ord216
PathFindFileNameA
ord217
ord215
ord219

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
GetCurrentThread

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
FindResourceExW
LoadResource
LockResource
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
LoadStringW
GetModuleFileNameW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

CreateMutexExW
ReleaseSRWLockExclusive
OpenSemaphoreW
WaitForSingleObject
CreateSemaphoreExW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
AcquireSRWLockExclusive

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalFree
GlobalAlloc

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
PropVariantClear
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoUninitialize

api-ms-win-core-file-l1-1-0

SetFilePointer
ReadFile
LocalFileTimeToFileTime
GetTempFileNameW
CreateFileW
GetShortPathNameW
GetFileSizeEx

api-ms-win-core-file-l1-2-0

GetTempPathW

oleaut32

VariantClear
SysAllocString
VariantInit

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

kernel32

DosDateTimeToFileTime
DeactivateActCtx
ActivateActCtx
_llseek
_lread
_lwrite
ReleaseActCtx
_lclose
CreateActCtxW
lstrlenA
lstrcmpiW
lstrlenW

ole32

OleSetClipboard

propsys

VariantToPropVariant
PSFormatForDisplay
InitVariantFromFileTime
InitVariantFromStrRet
VariantCompare

user32

LoadCursorW
SendMessageW
RegisterClipboardFormatW
MessageBoxW
DestroyMenu
SetCursor
GetMenuItemCount
GetMenuItemInfoW
DeleteMenu
LoadMenuW
GetSubMenu
RemoveMenu
CreatePopupMenu
InsertMenuItemW
SetMenuDefaultItem
InsertMenuW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Uninstall

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7026907c9012f103a97971f3602b4362

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

shell32

shlwapi

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l1-2-0

oleaut32

api-ms-win-core-synch-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-profile-l1-1-0

kernel32

ole32

propsys

user32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 44KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 16B

.rsrc Size: 93KB - Virtual size: 93KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 44KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 93KB - Virtual size: 93KB

.reloc
Size: 2KB - Virtual size: 2KB