PhotoMetadataHandler[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

PhotoMetadataHandler.dll
Size

327KB
MD5

55e90147be8552e3a9d8c4c5646d03de
SHA1

785f98c6ff3bf9d16053c40b78cb6b5734dd2851
SHA256

ba1e490f41322fac2af04e4c2fbe0e3ba35b04f6b030cb91699c005615b45252
SHA512

c98f10b5e3b522fd1e8d4509d8793d986e19eb626f5ad00f8141878cd442dda3074fb04f119e5d9c294a58c116d175074950170944d8010227b3170b1734ea34
SSDEEP

6144:HGKr754uDxJCK5/ZPYZ1e83VfrhVhlE3gY7:p5YT3pLhl+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PhotoMetadataHandler.dll

Files

PhotoMetadataHandler.dll
.dll regsvr32 windows:10 windows x86 arch:x86

37ec55ec08eb9aaeaea0bf6babf989f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PhotoMetadataHandler.pdb

Imports

msvcrt

wcschr
strtol
strtoul
wcstod
iswspace
towupper
wcsstr
_wcsicmp
memmove_s
calloc
_purecall
_vscwprintf
vswprintf_s
memset
sscanf_s
swscanf_s
_XcptFilter
_amsg_exit
_initterm
??1type_info@@UAE@XZ
_errno
realloc
_lock
_unlock
__dllonexit
_onexit
wcsrchr
_vsnwprintf
wcscat_s
wcscpy_s
memcpy_s
free
malloc
wcsncpy_s
_wtol
_wtof
_wcstoi64
wcstok
_except_handler4_common
_CxxThrowException
__CxxFrameHandler3
_ftol2
_ftol2_sse
floor
memcmp
memcpy

api-ms-win-core-synch-l1-2-0

LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
Sleep
EnterCriticalSection

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

rpcrt4

CStdStubBuffer_CountRefs
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerQueryInterface
NdrOleAllocate
NdrOleFree
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_Connect
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllGetClassObject
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow

api-ms-win-core-com-l1-1-1

CoTaskMemRealloc
StringFromGUID2
PropVariantCopy
CreateStreamOnHGlobal
CLSIDFromString
CoGetMalloc
CoTaskMemFree
PropVariantClear
CoTaskMemAlloc
CoCreateInstance

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
TraceEvent
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
FindResourceExW
GetModuleFileNameW
LockResource
GetModuleHandleW
LoadLibraryExW
DisableThreadLibraryCalls
GetProcAddress
LoadLibraryExA
LoadResource
FreeLibrary

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-1

GetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrcmpW
lstrcmpiW
lstrlenW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-core-file-l1-2-1

GetTempPathW
GetTempFileNameW
DeleteFileW

api-ms-win-core-kernel32-legacy-l1-1-1

MulDiv

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrTrimW

api-ms-win-core-localization-l1-2-1

GetSystemDefaultLCID

api-ms-win-core-heap-l1-2-0

HeapFree
HeapAlloc
HeapDestroy
HeapReAlloc
GetProcessHeap
HeapSize

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

propsys

InitPropVariantFromStringVector
InitPropVariantFromStringAsVector
PropVariantCompareEx
PropVariantGetElementCount
PropVariantChangeType

windowscodecs

WICConvertBitmapSource

api-ms-win-shcore-unicodeansi-l1-1-0

SHUnicodeToAnsi
SHAnsiToUnicode

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37ec55ec08eb9aaeaea0bf6babf989f6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-obsolete-l1-1-0

rpcrt4

api-ms-win-core-com-l1-1-1

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-debug-l1-1-1

propsys

windowscodecs

api-ms-win-shcore-unicodeansi-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 298KB - Virtual size: 297KB

.data Size: 3KB - Virtual size: 4KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 60B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 298KB - Virtual size: 297KB

.data
Size: 3KB - Virtual size: 4KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 60B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 14KB - Virtual size: 14KB