CHxReadingStringIME[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

CHxReadingStringIME.dll
Size

10KB
MD5

dd6619bc9f7a25b6aa2430253a1e8e6c
SHA1

675fce3b88d7523bbf7476e77c5e6b8dd3e35684
SHA256

741c77ebbb7e5c827056eb8274b992fa4dc02e359ae47c285222e10e515bed91
SHA512

ba96927cae2b3831b5be7459fa9482f678acaabf361e55e243da3447b9f96e772fde857b834761073da6082ddac1e1f184266f92ec4a730c5c5264ba131c6857
SSDEEP

192:O3dlYWpjHEXn5pAde00jxoAsEsXpUXwVT6xt3W22sW:YvkXn5pAdN0j+AL2pUXwVy3W22sW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CHxReadingStringIME.dll

Files

CHxReadingStringIME.dll
.dll windows:6 windows x86 arch:x86

eeea4f757f6b08242ad0b537034a532d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CHxReadingStringIME.pdb

Imports

msvcrt

_amsg_exit
_except_handler4_common
_initterm
free
malloc
_XcptFilter

kernel32

LocalAlloc
LocalFree
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsGetValue
lstrlenW
TlsFree
TlsAlloc
TlsSetValue
InterlockedExchange
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

user32

GetActiveWindow
PostMessageW
GetFocus

oleaut32

SysStringLen
SysFreeString

imm32

ImmLockIMC
ImmGetContext
ImmUnlockIMC

msctf

TF_CreateThreadMgr

Exports

Exports

GetReadingString
ShowReadingWindow

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 442B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ