CoreMessaging[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

CoreMessaging.dll
Size

615KB
MD5

fca5e859e76af31865dd2ec08fa6dcfb
SHA1

74db17615d7869254aee4a9b8cdb155313632270
SHA256

9b36f3a0a9580f3595225957a4d7e4b3dfa3a816228f0c21ec53602c213ec6ac
SHA512

0c1e94bf4cae70b9379fb92db738a1554373cc4f9d211759005e6003996578516003fe4c31a9d0ebbe0b3044124c0848a7e9af705cd5e3cadec4995d8dc735e5
SSDEEP

12288:FuZgLlYGtX554cZaUZTXZw8164Ci/5PDXsY/cEr9:FcohX554cZ/TXZwarCGrl/tr9

Score

1^/10

Malware Config

Signatures

Files

CoreMessaging.dll
.dll windows:6 windows x86 arch:x86

7fbeb77903e6f1042ea07e9dd228ffc7

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:b9:46:29:f1:2a:a5:2f:42:91:8f:c9:6e:5e:9c:73:9b:a5:63:b5:1d:83:64:8d:61:29:d8:f3:07:5d:0f:12
Signer

Actual PE Digest

31:b9:46:29:f1:2a:a5:2f:42:91:8f:c9:6e:5e:9c:73:9b:a5:63:b5:1d:83:64:8d:61:29:d8:f3:07:5d:0f:12

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CoreMessaging.pdb

Imports

msvcrt

_libm_sse2_sqrt_precise
_ftol2
_CxxThrowException
free
??1type_info@@UAE@XZ
__dllonexit
__CxxFrameHandler3
memcmp
malloc
??_V@YAXPAX@Z
_wcsicmp
memmove
_initterm
memchr
??3@YAXPAX@Z
_except_handler4_common
?terminate@@YAXXZ
_lock
memcpy
_unlock
_purecall
_amsg_exit
_XcptFilter
_onexit
_aligned_offset_malloc
_aligned_free
realloc
swprintf_s
wcscpy_s
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_vsnwprintf
memcpy_s
_vsnprintf_s
memmove_s
_callnewh
memset

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep
WaitOnAddress
WakeByAddressAll

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TlsFree
TlsAlloc
SetThreadPriority
GetThreadPriority
CreateThread
TlsGetValue
OpenProcessToken
TerminateProcess
OpenThreadToken
GetCurrentProcessId
GetCurrentThreadId
TlsSetValue
OpenThread
GetCurrentThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount64
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls
LoadLibraryExW
GetModuleHandleW
GetProcAddress
LoadLibraryExA
FreeLibrary
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
CreateWaitableTimerExW
CreateSemaphoreExW
AcquireSRWLockShared
SetWaitableTimer
AcquireSRWLockExclusive
InitializeSRWLock
WaitForSingleObject
CreateMutexExW
DeleteCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
WaitForMultipleObjectsEx
CreateEventW
ResetEvent
SetEvent
ReleaseSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockShared
ReleaseMutex
ReleaseSemaphore
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSize
HeapCreate
GetProcessHeap
HeapFree
HeapDestroy

api-ms-win-core-handle-l1-1-0

GetHandleInformation
CloseHandle
DuplicateHandle

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW
LCMapStringW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

LocalFileTimeToFileTime
ReadFile
WriteFile

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CreateThreadpoolWait
CallbackMayRunLong
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolWait
SetThreadpoolTimer
CloseThreadpoolWait

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

ws2_32

WSAIoctl
WSAStartup
WSACleanup
closesocket
bind
listen
setsockopt
WSASocketW

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-service-management-l1-1-0

OpenServiceW
StartServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-interlocked-l1-1-0

QueryDepthSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InterlockedFlushSList
InitializeSListHead

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualQuery
VirtualFree
VirtualProtect

api-ms-win-security-base-l1-1-0

GetTokenInformation
RevertToSelf

api-ms-win-core-localization-obsolete-l1-2-0

GetNumberFormatW

ntdll

NtAlpcQueryInformation
NtAlpcAcceptConnectPort
NtAlpcCreatePort
RtlInitUnicodeString
NtAlpcDisconnectPort
NtAllocateReserveObject
NtRemoveIoCompletionEx
NtSetIoCompletionEx
NtAssociateWaitCompletionPacket
NtCreateIoCompletion
NtAlpcConnectPortEx
NtAlpcImpersonateClientOfPort
RtlClearThreadWorkOnBehalfTicket
RtlSetThreadWorkOnBehalfTicket
AlpcGetMessageAttribute
NtAlpcSendWaitReceivePort
NtClose
NtCancelWaitCompletionPacket
NtCreateWaitCompletionPacket
RtlFreeUnicodeString
RtlGetAppContainerNamedObjectPath
NtQuerySystemInformation
AlpcInitializeMessageAttribute

api-ms-win-security-accesshlpr-l1-1-0

QueryTransientObjectSecurityDescriptor
FreeTransientObjectSecurityDescriptor

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

Exports

Exports

CoreUICallComputeMaximumMessageSize
CoreUICallCreateConversationHost
CoreUICallCreateEndpointHost
CoreUICallCreateEndpointHostWithSendPriority
CoreUICallGetAddressOfParameterInBuffer
CoreUICallReceive
CoreUICallSend
CoreUICallSendVaList
CoreUIConfigureTestHost
CoreUIConfigureUserIntegration
CoreUICreate
CoreUICreateAnonymousStream
CoreUICreateClientWindowIDManager
CoreUICreateEx
CoreUICreateSystemWindowIDManager
CoreUIInitializeTestService
CoreUIOpenExisting
CoreUIRouteToTestRegistrar
CoreUIUninitializeTestService
CreateDispatcherQueueController
CreateDispatcherQueueForCurrentThread
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetDispatcherQueueForCurrentThread
MsgBlobCreateShared
MsgBlobCreateStack
MsgBufferShare
MsgRelease
MsgStringCreateShared
MsgStringCreateStack
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 402KB - Virtual size: 401KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fbeb77903e6f1042ea07e9dd228ffc7

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

31:b9:46:29:f1:2a:a5:2f:42:91:8f:c9:6e:5e:9c:73:9b:a5:63:b5:1d:83:64:8d:61:29:d8:f3:07:5d:0f:12Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-synch-l1-2-1

ws2_32

api-ms-win-core-io-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

ntdll

api-ms-win-security-accesshlpr-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-apiquery-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-util-l1-1-0

Exports

Exports

Sections

.text Size: 402KB - Virtual size: 401KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 1KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 252B

.rsrc Size: 56KB - Virtual size: 55KB

.reloc Size: 29KB - Virtual size: 28KB

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

31:b9:46:29:f1:2a:a5:2f:42:91:8f:c9:6e:5e:9c:73:9b:a5:63:b5:1d:83:64:8d:61:29:d8:f3:07:5d:0f:12
Signer

.text
Size: 402KB - Virtual size: 401KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 1KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 252B

.rsrc
Size: 56KB - Virtual size: 55KB

.reloc
Size: 29KB - Virtual size: 28KB