cemapi[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cemapi.dll
Size

198KB
MD5

75eb4a998c120ebdc9d672e8ff999f1b
SHA1

34d1b1fc85630d45e4cc0a559bac65b21d48b605
SHA256

e45c46c9fe2e6784716e3affd54e62c69c46b841125e950954588515de8c6b20
SHA512

5f21a07557e8a7fab38564e919525f11e33dbdfa5ba330f8a4dee0c22af7db3d405b16533acbe356d2e6d2494d51a3cf3fc0ddbcec637b6f5383bf1f15ae0f58
SSDEEP

6144:cRdsUcchu0fGwaTaeYdPocgB9MMmzhd30sZm:cT0AI8iBBmNJRZm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cemapi.dll

Files

cemapi.dll
.dll windows:10 windows x86 arch:x86

3dcd7c33afd7c9edf3ee3ed0eab98d28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cemapi.pdb

Imports

msvcrt

wcscspn
_errno
_amsg_exit
_XcptFilter
_vsnwprintf_s
_purecall
_vsnwprintf
_lock
_unlock
_callnewh
iswspace
__dllonexit
_wcsicmp
_onexit
_except_handler4_common
realloc
__CxxFrameHandler3
memcpy
strrchr
strcpy_s
_stricmp
iswdigit
_wcsnicmp
free
malloc
wcsncpy_s
memcpy_s
_initterm
memcmp
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
LoadLibraryExW
LoadStringW
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameW
GetProcAddress
SizeofResource
LoadResource
FindResourceExW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
CreateSemaphoreExW
InitializeCriticalSection
WaitForSingleObject
CreateMutexExW
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
LeaveCriticalSection
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

userdataplatformhelperutil

StartAndWaitForService

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CreateMAPITableWalker
CreateMAPITableWalkerEx
FlushMailStore
FreeProws
GetEntryIDType
GetMAPIStorePropTags
GetMsgClassEnum
GetMsgClassEnumFromMsg
GetMsgStoreFromMessage
GetNamedPropTag
HrGetOneProp
HrSetOneProp
InitializeServiceProps
IsMessageClassDeviceGenerated
IsMessageClassReadRequest
IsMessageClassSPlusV2
MAPIAllocateBuffer
MAPIAllocateBuffer_dbg
MAPIAllocateMore
MAPIAllocateMore_dbg
MAPIDeleteMessageById
MAPIDupString
MAPIFreeBuffer
MAPIGetContext
MAPIInitialize
MAPILogonEx
MAPIUninitialize
MAPI_CompareEntryIDs
MAPI_GetStoreByName
ReadMailVolumeNameEx
SetConversationId
TranslateSPlusV1MessageClassToV2
USOIDfromCEENTRYID
USOIDtoCEENTRYID

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3dcd7c33afd7c9edf3ee3ed0eab98d28

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-profile-l1-1-0

userdataplatformhelperutil

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 167KB - Virtual size: 167KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 64B

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 167KB - Virtual size: 167KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 64B

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 8KB - Virtual size: 7KB