cscui[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cscui.dll
Size

409KB
MD5

3ec541c196de18ed9a0d0ac82a694d4c
SHA1

3bf62c47ece1d51278cd98a64a415dd43b6f6465
SHA256

51bcbddff113a02ef85e09be6b2727edb505ebfe355a8e163a7f4c82ebfbbcc4
SHA512

98c5338f79f50fbd759329f5aab23231b861649fe2164ff18834ba8a4fbf9d58b7af8908518f3755be69f6c348ef887168429d0683c0d53339c8e824e4ebc25e
SSDEEP

6144:wtB2/IQymqWUYmeNvNsX7VGhitOz28Dg4fNJrvynzVK:2+3qencVGgsM4f25

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cscui.dll

Files

cscui.dll
.dll regsvr32 windows:6 windows x86 arch:x86

eea31e2ba665831a0d72a95a60ee5568

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cscui.pdb

Imports

msvcrt

??2@YAPAXI@Z
??1type_info@@UAE@XZ
_amsg_exit
_initterm
free
malloc
memmove
floor
_ftol2_sse
_ftol2
_CIsqrt
memcpy
_vsnwprintf
memset
??3@YAXPAX@Z
_XcptFilter
_except_handler4_common

ntdll

EtwEventWrite
EtwEventRegister
EtwEventUnregister
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwTraceMessage
RtlFreeUnicodeString
RtlGetLengthWithoutLastFullDosOrNtPathElement
RtlInitUnicodeString
RtlNtStatusToDosError
RtlpEnsureBufferSize
RtlAppendPathElement
RtlpApplyLengthFunction
RtlGetLengthWithoutTrailingPathSeperators
WinSqmAddToStream
EtwEventEnabled

user32

CharNextW
SetForegroundWindow
CharUpperW
GetWindowTextW
MsgWaitForMultipleObjects
SystemParametersInfoW
EndDialog
GetWindowRect
MapWindowPoints
SetWindowPos
ShowWindow
LoadCursorW
SetCursor
CreatePopupMenu
DestroyMenu
GetMenuItemCount
InsertMenuW
InsertMenuItemW
CharLowerW
GetWindowLongW
GetDoubleClickTime
GetDlgItem
GetClientRect
GetWindowDC
SetWindowTextW
ReleaseDC
LoadImageW
CheckDlgButton
EnableWindow
DestroyIcon
SetWindowLongW
IsDlgButtonChecked
GetParent
SendMessageW
SetDlgItemTextW
PostMessageW
LoadStringW
PeekMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
RegisterClipboardFormatW
FindWindowW
SetPropW
SetProcessDPIAware
RemovePropW
SetMenuItemInfoW
GetMenuStringW
LoadStringA
DialogBoxParamW
GetMenuItemInfoW
DeleteMenu
GetMenuItemID

rpcrt4

NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate

propsys

PropVariantToString
PSGetPropertyFromPropertyStorage
InitVariantFromFileTime
PSCreateMemoryPropertyStore
PSGetNameFromPropertyKey
PropVariantToStringAlloc
PSFormatForDisplay
VariantToPropVariant
VariantCompare
PropVariantToVariant

shell32

ord152
ord256
SHBindToFolderIDListParentEx
ord19
ord18
ord241
SHCreateShellItemArrayFromDataObject
ord102
SHGetFileInfoW
ord28
ord165
SHGetDesktopFolder
SHBindToParent
SHCreateItemFromParsingName
ord681
SHChangeNotify
ord16
SHCreateDefaultContextMenu
SHCreateDataObject
AssocCreateForClasses
SHCreateDefaultExtractIcon
SHGetKnownFolderIDList
ord162
SHParseDisplayName
ord155
ord704
SHBindToFolderIDListParent
SHBindToObject
ord190
ShellExecuteExW
ord680

shlwapi

ord158
ord157
ord217
ord476
StrRetToBufW
AssocQueryStringW
PathParseIconLocationW
SHStrDupW
PathCompactPathExW
PathFindFileNameW
PathCombineW
PathIsContentTypeW
SHDeleteKeyW
PathIsUNCServerW
PathIsUNCServerShareW
ord388
PathFindExtensionW
ord615
PathAddBackslashW
ord174
ord199
StrChrW
ord16
StrStrW
ord540
PathCompactPathW
PathRemoveBackslashW
PathIsUNCW
ord437
ord219
StrDupW
ord215
StrToIntA
StrToIntW

cscdll

ord41
ord10
ord45
ord44
ord60
ord42

kernel32

GetDriveTypeW
ExpandEnvironmentStringsW
GlobalUnlock
FormatMessageW
TlsFree
TlsAlloc
LoadLibraryW
GetModuleFileNameW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
GetModuleHandleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GlobalLock
Sleep
InterlockedExchange
lstrcmpiW
GetLocaleInfoW
GetNumberFormatW
GetComputerNameW
GetCurrentThreadId
ResetEvent
InitializeCriticalSection
SetEvent
GetCurrentProcess
DuplicateHandle
CreateEventW
DeleteCriticalSection
FindFirstFileW
FindNextFileW
FindClose
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
GetTickCount
CreateWaitableTimerW
SetWaitableTimer
lstrcmpW
GetLocalTime
SystemTimeToFileTime
CompareFileTime
HeapFree
HeapReAlloc
CompareStringA
CompareStringW
FindResourceW
LoadResource
LockResource
HeapAlloc
GetProcessHeap
InterlockedDecrement
DisableThreadLibraryCalls
CloseHandle
InterlockedIncrement
lstrlenW
SetLastError
LocalAlloc
LocalFree
LoadLibraryExA
InterlockedCompareExchange
FreeLibrary
GetLastError
GetProcAddress
DelayLoadFailureHook
GetFileAttributesW
GetSystemPowerStatus
GetSystemTimeAsFileTime
WaitForSingleObject
ReleaseMutex
QueryPerformanceCounter
CreateMutexW

Exports

Exports

CPlApplet
CSCOptions_RunDLL
CSCOptions_RunDLLA
CSCOptions_RunDLLW
CSCUIInitialize
CSCUIOptionsPropertySheet
CSCUIRemoveFolderFromCache
CSCUISetState
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eea31e2ba665831a0d72a95a60ee5568

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

user32

rpcrt4

propsys

shell32

shlwapi

cscdll

kernel32

Exports

Exports

Sections

.text Size: 213KB - Virtual size: 212KB

.orpc Size: 512B - Virtual size: 269B

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 173KB - Virtual size: 172KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 213KB - Virtual size: 212KB

.orpc
Size: 512B - Virtual size: 269B

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 173KB - Virtual size: 172KB

.reloc
Size: 13KB - Virtual size: 13KB