MrmIndexer[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

MrmIndexer.dll
Size

658KB
MD5

711fc64eedb12fb7befb0b0b921b8a03
SHA1

dc7ca2c51a62fb9fec14f5a9a6d8f6630a589236
SHA256

8f00f1d3c3338fe68b7cef3b2d39b310c5c2e9fbe7962309c62cbf7ab67d8d9d
SHA512

9f1366b37879eba05052ed897431c5c2e4593eb9994089193f336acb37896eb1b1b7cd94e4f765a16c5c16f80748ef911a8b67e364f3710f7a440d267546f14f
SSDEEP

12288:5+R3xn0SMlZplVUP/yyEbqZIW0w33qt79GNpDIlo+wHFcl5sfebjZyvr4SBB+:QR3x0TZplVkXEOZIW0Sm9GnIlo+sF6s6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MrmIndexer.dll

Files

MrmIndexer.dll
.dll windows:10 windows x86 arch:x86

6da2ac2ba1af08e7f4168f7ae0c9930a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MrmIndexer.pdb

Imports

msvcrt

_initterm
_amsg_exit
_XcptFilter
_lock
_unlock
_CxxThrowException
towlower
_wtoi
wcscpy_s
_vscwprintf_l
vswprintf_s
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
wcschr
wcsnlen
wcsncmp
__dllonexit
fclose
_errno
iswdigit
toupper
fgetwc
?terminate@@YAXXZ
wcscspn
strcspn
localeconv
memchr
sprintf_s
_fileno
fread
_filelengthi64
_wtof
isalpha
isxdigit
strtol
isdigit
wcsrchr
wprintf
towupper
iswalnum
iswspace
qsort_s
_ui64tow_s
wcsncpy_s
bsearch
wcstoul
setlocale
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
__pctype_func
__mb_cur_max
__crtLCMapStringW
__crtGetStringTypeW
abort
__uncaught_exception
??1type_info@@UAE@XZ
_except_handler4_common
_wcsicmp
??0exception@@QAE@ABQBD@Z
memmove
_wcsnicmp
_callnewh
?what@exception@@UBEPBDXZ
malloc
free
realloc
_purecall
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
memmove_s
__CxxFrameHandler3
_wfopen
wcsstr
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy_s
_vsnwprintf
_onexit
vwprintf_s
wprintf_s
_ftol2
_ftol2_sse
memcmp
memcpy
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
CreateMutexExW
EnterCriticalSection
InitializeCriticalSection
SetEvent
OpenSemaphoreW
LeaveCriticalSection
WaitForSingleObjectEx
ReleaseMutex
InitializeSRWLock
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
CreateEventExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
OpenProcessToken
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringEx

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
GetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-com-l1-1-0

CoReleaseMarshalData
CoMarshalInterface
CoCreateInstance
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateFreeThreadedMarshaler

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString
WindowsCreateString

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTime
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW

bcp47mrm

GetDistanceOfClosestLanguageInList
IsValidUnIsoRegionTag
GetParentCompositeRegionCode
FormatLanguageTag
CompareBcp47Tags
GetClosenessOfUnIsoRegionTags
GetCompositeRegionCode
IsValidTag
IsWellFormedTag

api-ms-win-core-url-l1-1-0

PathCreateFromUrlW

api-ms-win-security-base-l1-1-0

FreeSid
AddAccessAllowedAceEx
GetLengthSid
EqualSid
AllocateAndInitializeSid
GetAce
GetTokenInformation

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventProviderEnabled
EventUnregister
EventSetInformation

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

oleaut32

SysAllocStringByteLen
VariantInit
SysStringLen
VariantClear
SysFreeString
SysAllocString
VariantChangeType
VariantChangeTypeEx
SysStringByteLen

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRelativePathToW
PathFileExistsW
PathIsRelativeW
PathRemoveBackslashW

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetFullPathNameW
CreateFileW
DeleteFileW
FlushFileBuffers
ReadFile
WriteFile
GetFinalPathNameByHandleW
GetFileAttributesExW
FindFirstFileW
FindNextFileW
CompareFileTime
CreateDirectoryW
FindClose
GetFileSizeEx

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegCreateKeyExW
RegSetValueExW

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetNamedSecurityInfoW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 608KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6da2ac2ba1af08e7f4168f7ae0c9930a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

bcp47mrm

api-ms-win-core-url-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-heap-l2-1-0

oleaut32

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-shcore-path-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-timezone-l1-1-0

rpcrt4

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 608KB - Virtual size: 607KB

.data Size: 4KB - Virtual size: 5KB

.idata Size: 8KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 24B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 608KB - Virtual size: 607KB

.data
Size: 4KB - Virtual size: 5KB

.idata
Size: 8KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 34KB - Virtual size: 33KB