comuid[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

comuid.dll
Size

598KB
MD5

853b5c1b1023c41c4246d29779ec60a0
SHA1

69221b23b6febed2d3017dfa1956647a825778df
SHA256

1f4a252e91c249df1e6ea2165593dc4e4d441d7803a3edc1f8391629b20a507a
SHA512

679a81efdc7c24f5be5a5b6d0e2a11d13253fcd0891ff1fd1e5849829c5e2e54725de3c0a07dde9c51b25de5b0c6c13a956e10b8256d560321c68b78d4e0f6b2
SSDEEP

6144:S96yRxVifo0dyInVBpb7Q/76di6p6vZfZYPL/dKdZbSiNviTF2XGwYuIFFS2Pl:S4rj2GiyElviTsFIa2P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
comuid.dll

Files

comuid.dll
.dll regsvr32 windows:10 windows x86 arch:x86

7ee9c262408203bb4647ef06b47bad05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ComUID.pdb

Imports

mfc42u

ord4392
ord3577
ord616
ord6024
ord4199
ord6278
ord6279
ord3393
ord3728
ord810
ord3995
ord3282
ord3298
ord922
ord4124
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord692
ord2809
ord414
ord713
ord5855
ord2810
ord6896
ord6003
ord5977
ord5600
ord2371
ord5949
ord3356
ord3658
ord1863
ord2729
ord2350
ord4118
ord6137
ord6219
ord4272
ord6218
ord2385
ord942
ord940
ord415
ord715
ord1081
ord3281
ord1184
ord2753
ord5601
ord5593
ord4736
ord4270
ord2755
ord941
ord3084
ord491
ord768
ord1899
ord489
ord4253
ord496
ord771
ord2859
ord3470
ord1130
ord3695
ord4425
ord3381
ord2046
ord4433
ord5284
ord1683
ord4709
ord4848
ord4352
ord4970
ord3614
ord2406
ord1560
ord268
ord3621
ord2854
ord2236
ord2858
ord3288
ord3792
ord2746
ord4238
ord470
ord755
ord2966
ord3905
ord5047
ord6648
ord4213
ord2281
ord2293
ord5798
ord2637
ord3088
ord3714
ord793
ord924
ord3133
ord472
ord3688
ord5784
ord283
ord3568
ord5783
ord1634
ord4292
ord4128
ord2372
ord2745
ord2855
ord5785
ord6168
ord5871
ord1008
ord4254
ord6874
ord1662
ord2644
ord6004
ord3285
ord3696
ord772
ord500
ord1105
ord1143
ord5856
ord2836
ord2099
ord5436
ord6379
ord5446
ord6390
ord3737
ord397
ord699
ord3433
ord5627
ord4273
ord925
ord5706
ord912
ord2092
ord2550
ord341
ord6136
ord1594
ord5602
ord2821
ord4215
ord2576
ord3649
ord2430
ord1637
ord6266
ord3785
ord537
ord3870
ord3090
ord2776
ord3312
ord6193
ord6376
ord1240
ord4803
ord2877
ord654
ord1135
ord3983
ord5604
ord5852
ord5679
ord3979
ord3798
ord498
ord826
ord269
ord600
ord1571
ord1250
ord1568
ord1570
ord342
ord1179
ord1248
ord1115
ord1194
ord1563
ord2015
ord2403
ord5426
ord6443
ord5830
ord2440
ord2036
ord5155
ord5156
ord5154
ord4899
ord4942
ord4371
ord5283
ord2570
ord4829
ord3694
ord6211
ord535
ord5857
ord6928
ord6139
ord1172
ord801
ord541
ord538
ord6330
ord2362
ord3087
ord2857
ord3296
ord3297
ord2606
ord6898
ord3993
ord3991
ord6451
ord693
ord3635
ord3365
ord4396
ord2574
ord5261
ord4370
ord4992
ord6048
ord1767
ord5276
ord4419
ord3592
ord858
ord2506
ord3867
ord2634
ord6195
ord4155
ord6237
ord4704
ord4847
ord5568
ord2910
ord3871
ord4229
ord2294
ord656
ord3605
ord800
ord540
ord609
ord3569
ord4390
ord2567
ord795
ord567
ord818
ord3716
ord4621
ord3397
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord641
ord324
ord861
ord1165
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3396
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord1128
ord6466
ord2717
ord3948
ord815
ord561
ord543
ord803
ord3579
ord823
ord1099
ord2290
ord825

msvcrt

free
??_V@YAXPAX@Z
_waccess
wcscat_s
realloc
_CxxThrowException
_local_unwind4
malloc
_purecall
_wcsicmp
_vsnwprintf
iswdigit
??1exception@@UAE@XZ
memcpy_s
_vsnprintf_s
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
wcstol
_wtol
wcstok
_wtoi
iswprint
wcstoul
wcschr
wcsrchr
_itow_s
_errno
_wsplitpath_s
_itow
_wcsdup
_ltow
wcstod
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_except_handler4_common
??1type_info@@UAE@XZ
_lock
_unlock
__dllonexit
_onexit
memmove
memcpy
memcmp
__CxxFrameHandler3
memset

ntdll

NtQueryInformationProcess

shell32

SHBrowseForFolderW
SHGetMalloc
DragQueryFileW
SHGetPathFromIDListW
ShellExecuteW

advapi32

EnumDependentServicesW
RegSetKeySecurity
RegDeleteKeyW
ChangeServiceConfigW
LsaOpenPolicy
LsaStorePrivateData
LsaClose
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
GetUserNameW
GetSecurityDescriptorDacl
GetSecurityDescriptorLength
CreateWellKnownSid
InitializeAcl
AddMandatoryAce
MakeAbsoluteSD
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
MakeSelfRelativeSD
IsValidSecurityDescriptor
BuildSecurityDescriptorW
AllocateAndInitializeSid
GetLengthSid
AddAccessAllowedAce
FreeSid
QueryServiceStatus
OpenServiceW
ControlService
CloseServiceHandle
LsaNtStatusToWinError
OpenSCManagerW
EnumServicesStatusW
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegQueryValueExW
QueryServiceConfigW
RegConnectRegistryW
LookupAccountNameW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
GetSecurityDescriptorControl
SetSecurityDescriptorControl
RegEnumKeyW
RegQueryValueW
LogonUserW
LsaAddAccountRights
RegGetKeySecurity

kernel32

FreeLibrary
GetLastError
GetProcAddress
SetLastError
GetModuleHandleA
GetModuleHandleW
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
OutputDebugStringA
lstrcmpiW
lstrcpynW
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemInfo
SizeofResource
LoadResource
FindResourceExW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
HeapDestroy
LoadLibraryA
FormatMessageW
LocalFree
GlobalLock
GlobalUnlock
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
IsDebuggerPresent
CloseHandle
MultiByteToWideChar
WaitForSingleObject
CreateEventW
SetEvent
WaitForMultipleObjects
GetComputerNameW
CompareStringW
GetSystemDirectoryW
GetSystemWow64DirectoryW
ResumeThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateDirectoryW
FindFirstFileW
FindNextFileW
ExpandEnvironmentStringsW
FindClose
SetFileAttributesW
LockResource
DeleteFileW
GetLocalTime
CreateProcessW
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
OutputDebugStringW
LocalAlloc
GetAppContainerAce
GetTickCount
Sleep
MulDiv
GetCurrentProcess
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetVersionExW

gdi32

GetTextExtentPoint32W
Rectangle
CreatePen
DeleteObject
GetObjectW
GetDeviceCaps

user32

LoadStringW
MessageBoxW
GetDlgCtrlID
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
MessageBeep
GetParent
GetDC
ReleaseDC
GetSystemMenu
EnableMenuItem
GetSysColor
InvalidateRect
CopyRect
GetFocus
DrawFocusRect
UpdateWindow
SetCursor
LoadCursorW
LoadIconW
DestroyIcon
GetWindowRect
ScreenToClient
InflateRect
GetClientRect
GetSystemMetrics
CopyImage
GetDesktopWindow
LoadBitmapW
LoadImageW
SetTimer
KillTimer
DestroyMenu
GetAsyncKeyState
CreateMenu
AppendMenuW
LockWindowUpdate
SetWindowLongW
GetSubMenu
GetMenuState
MapWindowPoints
PeekMessageW
InsertMenuW
GetMenuStringW
ModifyMenuW
GetMenuItemCount
DeleteMenu
CreatePopupMenu
GetMenuItemID
GetWindowTextLengthW
SetWindowTextW
GetWindow
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetDlgItem
GetClassNameW
GetClassInfoW
GetClassLongW
GetForegroundWindow
SetForegroundWindow
CharNextW
CharPrevW
IsWindow
PostMessageW
SendMessageW
EnableWindow
SetFocus
RegisterClipboardFormatW
GetWindowLongW
LoadMenuW

ole32

StringFromCLSID
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoCreateInstanceEx
CoGetSystemSecurityPermissions
ReleaseStgMedium
StringFromGUID2
CoCreateGuid
CoGetInterfaceAndReleaseStream
CLSIDFromString
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
ObjectStublessClient4
ObjectStublessClient6
ObjectStublessClient5
ObjectStublessClient3
CoMarshalInterThreadInterfaceInStream
UpdateDCOMSettings
CoGetObjectContext

oleaut32

SysFreeString
BSTR_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
VarUI4FromStr
SysAllocString
VariantClear
VariantInit
VariantChangeType
SysStringLen
SysAllocStringLen
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
VariantCopy
SafeArrayCopy
SafeArrayGetLBound
SysReAllocString
SafeArrayGetUBound
SafeArrayGetElement
SysAllocStringByteLen
SysStringByteLen

rpcrt4

CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
NdrDllUnregisterProxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
CStdStubBuffer_DebugServerRelease
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
NdrDllRegisterProxy
NdrDllGetClassObject
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy

version

VerQueryValueW

sspicli

GetUserNameExW

Exports

Exports

CreateDCOMSecurityUIPage
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 506KB - Virtual size: 506KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ee9c262408203bb4647ef06b47bad05

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

ntdll

shell32

advapi32

kernel32

gdi32

user32

ole32

oleaut32

rpcrt4

version

sspicli

Exports

Exports

Sections

.text Size: 506KB - Virtual size: 506KB

.data Size: 22KB - Virtual size: 40KB

.idata Size: 11KB - Virtual size: 11KB

.didat Size: 512B - Virtual size: 48B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 54KB - Virtual size: 54KB

.text
Size: 506KB - Virtual size: 506KB

.data
Size: 22KB - Virtual size: 40KB

.idata
Size: 11KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 48B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 54KB - Virtual size: 54KB