MessagingDataModel2[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

MessagingDataModel2.dll
Size

636KB
MD5

57155ce4c703a07e782bee97c4db8475
SHA1

b244d57c6986020d296084a6944c7d17e54c99f9
SHA256

5ba0df3bc6189889a776c7355dcea8e1191c3114662b8190ff04ba4e95e84d03
SHA512

07d82bd4b26a28d55e30d83fb081080de6f81661a0c27be18eff4118f11e319edb98d4388a169ec1f1994f457505786e9bb0ed7258647cfcad9688e0c3c5e55b
SSDEEP

12288:dqID2/bjhyS2UgjjOwFlOfREo0emSavSixt5k3/4RJqahth37gUkVI+KJVIMX:oIq/bjhySSjOwFlO5Eo0emSavSixt5kC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MessagingDataModel2.dll

Files

MessagingDataModel2.dll
.dll windows:10 windows x86 arch:x86

93186edbd3ae64ea487f6d2846fdba71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MessagingDataModel2.pdb

Imports

msvcrt

_lock
_unlock
__dllonexit
_purecall
_except_handler4_common
__CxxFrameHandler3
_initterm
_amsg_exit
_XcptFilter
memcmp
_wtoi
_wtoi64
_wcstoui64
memset
_callnewh
_onexit
malloc
free
wcsncmp
wcsstr
wcstok_s
wcstoul
_errno
_vsnwprintf_s
iswdigit
towlower
_wcslwr_s
_wcsicmp
wcsrchr
swscanf_s
wcschr
_vsnwprintf
memcpy_s
_wcsnicmp
memmove
_ftol2
memcpy

api-ms-win-core-synch-l1-2-0

InitializeCriticalSection
WaitForSingleObject
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionEx
Sleep
CreateEventExW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
SysStringLen

api-ms-win-core-errorhandling-l1-1-1

RaiseException
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
DisableThreadLibraryCalls
LoadStringW
GetModuleHandleExW
GetModuleFileNameA
LoadLibraryExW

api-ms-win-core-com-l1-1-1

CoCreateGuid
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CLSIDFromString
StringFromCLSID
CoTaskMemFree
CoCreateInstance

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW
PathGetDriveNumberW
PathSkipRootW

api-ms-win-core-path-l1-1-0

PathCchRenameExtension
PathCchCanonicalize

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetVersionExW
GetSystemInfo
GetTickCount

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
SetThreadPriority
GetCurrentThread
GetCurrentProcessId
GetThreadPriority

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegNotifyChangeKeyValue
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegGetValueW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-kernel32-legacy-l1-1-1

RegisterWaitForSingleObject

api-ms-win-core-file-l1-2-1

DeleteFileW
CompareFileTime

api-ms-win-core-shlwapi-obsolete-l1-2-0

StrStrIW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CloseThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
CreateThreadpool
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpool
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup

api-ms-win-security-cryptoapi-l1-1-0

CryptHashData
CryptGetHashParam
CryptCreateHash
CryptAcquireContextW
CryptDestroyHash
CryptReleaseContext

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

xmllite

CreateXmlReader

api-ms-win-core-heap-l1-2-0

GetProcessHeap

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW
GetCurrentDirectoryW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-1

DebugBreak
OutputDebugStringW

phoneutil

GetCchTailMin
Phone_FmtText_NonDialerFormat
OneShotTimer_CreateInstance
IsNumberDialable
IsDialableChar

pimstore

FindAllMatchingContactsEx

cemapi

MAPIUninitialize
FreeProws
CreateMAPITableWalker
HrSetOneProp
MAPIAllocateBuffer
HrGetOneProp
MAPI_CompareEntryIDs
GetNamedPropTag
MAPIFreeBuffer
MAPIInitialize
MAPILogonEx

userdataplatformhelperutil

GetContentTypeFromFilePath
GetThreadIOPriority
CreateKnownFolderPath
SetThreadIOPriority
IsActiveDebugger
StartAndWaitForServiceForUser
IsCommsSystemService
GetUserTokenFromContext
GetFileExtensionFromContentType

userdatatypehelperutil

StringToBytes
BytesToDigits
CreateWrapFileNameStm
ReadStreamContent
FormatPoomIdToString
CopyStream
StreamFromStringW
CreateWrapFileStreamFromDssToken

ntdll

RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsCompareStringOrdinal
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-localization-l1-2-1

GetGeoInfoW
GetUserGeoID
GetUserDefaultLocaleName
FormatMessageW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

api-ms-win-security-base-l1-2-0

GetTokenInformation

rpcrt4

RpcBindingCreateW
RpcBindingBind
RpcExceptionFilter
NdrClientCall4
RpcBindingFree

Exports

Exports

?CommitAllAttachments@MessagingDeferredAttachment@@YGJPAUISmMessage@@@Z
?CommitDeferredContent@MessagingDeferredAttachment@@YGJPAUIStream@@0@Z
?DeleteMessageAndTempFiles@MessagingDeferredAttachment@@YGJPAUISmMessage@@@Z
?DeleteTempFiles@MessagingDeferredAttachment@@YGJPAUISmMessage@@@Z
?GetData@MessagingDeferredAttachment@@YGJPAUISmAttachment@@PAPAUIStream@@1@Z
?GetDeferredAttachmentFilePath@MessagingDeferredAttachment@@YGJPAUISmMessage@@KPAHPAV?$basic_string@GU?$char_traits@G@utl@@V?$allocator@G@2@@utl@@@Z
DllCanUnloadNow
DllGetClassObject
MOCloudCorrelation_CreateInstance2
MessagingAsyncDeletion_CreateInstance
Messaging_ChatTransportIdToStoreId
Messaging_FormatRecipientFromAggregate
Messaging_GetAddressType
Messaging_GetContentTypeFromFilePath
Messaging_GetFileExtensionFromContentType
Messaging_GetMediaTempFolder
Messaging_GetMediaTypeFromMimeTag
Messaging_GetMessageAttachmentText
Messaging_GetPlatformType
Messaging_GetRecipientsString
Messaging_GetSmsCharacterCount
Messaging_GetValidSimId
Messaging_HasEmbeddedModem
Messaging_IsContentSupported
Messaging_IsCustomAppProviderId
Messaging_IsDataRoamingRestrictionActive
Messaging_IsFilterProviderId
Messaging_IsMediaType
Messaging_IsMmsMessage
Messaging_IsRcsEnabled
Messaging_IsRcsMessage
Messaging_IsSIMMessage
Messaging_IsSmsMmsProviderId
Messaging_IsThreadedByRemoteConversationId
Messaging_IsVoiceRoamingRestrictionActive
Messaging_MessagingOMStartupShutdown
Messaging_MessagingOMStartupStoreScan
Messaging_ResolveRecipientEx
Messaging_RetryDownloadCloudServiceMessage
Messaging_ShowToastForRcsEndUserMessage
Messaging_ShutdownCloudServices
Messaging_ShutdownMessageMaintenance
Messaging_ShutdownNotification
Messaging_SmEntryIdToUdmObjectId
Messaging_StartCloudServiceSync
Messaging_StartCloudServices
Messaging_StartMessageMaintenance
Messaging_StartNotification
UnInitMessagingObjectModelModule

Sections

.text
Size: 595KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93186edbd3ae64ea487f6d2846fdba71

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-2-0

oleaut32

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-heap-l2-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-registry-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-shlwapi-obsolete-l1-2-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-security-cryptoapi-l1-1-0

api-ms-win-core-timezone-l1-1-0

xmllite

api-ms-win-core-heap-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-debug-l1-1-1

phoneutil

pimstore

cemapi

userdataplatformhelperutil

userdatatypehelperutil

ntdll

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-security-base-l1-2-0

rpcrt4

Exports

Exports

Sections

.text Size: 595KB - Virtual size: 595KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 7KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 44B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 29KB - Virtual size: 28KB

.text
Size: 595KB - Virtual size: 595KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 7KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 44B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 29KB - Virtual size: 28KB