CoreMessaging[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

CoreMessaging.dll
Size

568KB
MD5

1ccbdc08de7b53c2f13eddbcfb3534e1
SHA1

f1903f0b9e813dcbf59cdf90a82ff4baf5d08653
SHA256

3b629a6a19856b6dcd2d3a7137c2b9358f13113f6b1456907b273002e75ac1bf
SHA512

b7bcf548a1bf5f55e3e6b69c5f92a36e4c2cc8e81c0e7efaeb52069462a585cb71ded2b359970e7366d021bca56ff365873e8fd1243ba2f49a08109a9fa04eb3
SSDEEP

12288:2x6sO7hWunYwdxWq4Sp3YzgENy1vJD27D:BIunrjpoz3c1gD

Score

1^/10

Malware Config

Signatures

Files

CoreMessaging.dll
.dll windows:6 windows x86 arch:x86

845dcdeaa23c4e99a8b7a00497ef1e58

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:dc:d9:b8:10:a2:7b:f8:f8:63:02:6e:b3:4a:30:e8:76:17:e9:27:88:ae:04:24:d3:7f:5c:cc:1a:1e:26:8c
Signer

Actual PE Digest

47:dc:d9:b8:10:a2:7b:f8:f8:63:02:6e:b3:4a:30:e8:76:17:e9:27:88:ae:04:24:d3:7f:5c:cc:1a:1e:26:8c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CoreMessaging.pdb

Imports

msvcrt

free
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_aligned_offset_malloc
_aligned_free
realloc
swprintf_s
wcscpy_s
_amsg_exit
_XcptFilter
_lock
memmove
_CxxThrowException
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_except_handler4_common
?terminate@@YAXXZ
_purecall
_ftol2
_libm_sse2_sqrt_precise
memcmp
memcpy
_initterm
malloc
memchr
_wcsicmp
_callnewh
_vsnwprintf
??_V@YAXPAX@Z
memcpy_s
??1exception@@UAE@XZ
??0exception@@QAE@XZ
memset

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
WakeByAddressAll
InitOnceExecuteOnce
SleepConditionVariableSRW
Sleep
WaitOnAddress

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
OpenProcessToken
TlsSetValue
TlsGetValue
GetCurrentThread
CreateThread
OpenThreadToken
GetThreadPriority
GetCurrentProcess
TerminateProcess
TlsFree
GetCurrentProcessId
GetCurrentThreadId
TlsAlloc
OpenThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
LoadLibraryExA
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA
FreeLibrary

api-ms-win-core-synch-l1-1-0

CreateEventW
EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockShared
CreateMutexExW
WaitForSingleObject
OpenSemaphoreW
ReleaseMutex
LeaveCriticalSection
InitializeSRWLock
WaitForSingleObjectEx
ResetEvent
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSemaphore
CreateSemaphoreExW
InitializeCriticalSection
DeleteCriticalSection
WaitForMultipleObjectsEx
CreateWaitableTimerExW
SetEvent
SetWaitableTimer

api-ms-win-core-heap-l1-1-0

HeapSize
HeapAlloc
HeapFree
HeapDestroy
GetProcessHeap
HeapCreate

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle
GetHandleInformation

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-localization-l1-2-0

LCMapStringW
FormatMessageW
GetLocaleInfoW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

LocalFileTimeToFileTime
WriteFile

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWait
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
IsThreadpoolTimerSet
CloseThreadpoolWait
SetThreadpoolWait

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

rpcrt4

RpcEpRegisterW
RpcBindingBind
RpcBindingCreateW
I_RpcExceptionFilter
RpcBindingFree
RpcServerRegisterIf3
NdrServerCall2
RpcServerInqBindings
NdrClientCall4
RpcServerUnregisterIf
RpcEpUnregister
RpcBindingVectorFree
RpcServerUseProtseqW

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
QueryDepthSList
InterlockedPopEntrySList
InitializeSListHead
InterlockedFlushSList

api-ms-win-security-base-l1-1-0

RevertToSelf
GetTokenInformation

api-ms-win-core-localization-obsolete-l1-2-0

GetNumberFormatW

ntdll

NtAlpcQueryInformation
NtAlpcImpersonateClientOfPort
NtAlpcAcceptConnectPort
NtAlpcCreatePort
RtlInitUnicodeString
NtAlpcDisconnectPort
AlpcInitializeMessageAttribute
RtlClearThreadWorkOnBehalfTicket
RtlSetThreadWorkOnBehalfTicket
AlpcGetMessageAttribute
NtAlpcConnectPortEx
NtClose
NtRemoveIoCompletionEx
NtSetIoCompletionEx
NtAssociateWaitCompletionPacket
NtCreateIoCompletion
NtAllocateReserveObject
NtCancelWaitCompletionPacket
NtCreateWaitCompletionPacket
RtlFreeUnicodeString
RtlGetAppContainerNamedObjectPath
NtQuerySystemInformation
NtAlpcSendWaitReceivePort

api-ms-win-security-accesshlpr-l1-1-0

FreeTransientObjectSecurityDescriptor
QueryTransientObjectSecurityDescriptor

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

Exports

Exports

CoreUICallComputeMaximumMessageSize
CoreUICallCreateConversationHost
CoreUICallCreateEndpointHost
CoreUICallCreateEndpointHostWithSendPriority
CoreUICallReceive
CoreUICallSend
CoreUIConfigureTestHost
CoreUIConfigureUserIntegration
CoreUICreate
CoreUICreateAnonymousStream
CoreUICreateClientWindowIDManager
CoreUICreateEx
CoreUICreateSystemWindowIDManager
CoreUICreateWindowValidator
CoreUIFailFastOOM
CoreUIOpenExisting
CoreUIRouteToTestRegistrar
CreateDispatcherQueueController
CreateDispatcherQueueForCurrentThread
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetDispatcherQueueForCurrentThread
InitializeServices
MsgBlobCreateShared
MsgBlobCreateStack
MsgBufferShare
MsgRelease
MsgStringCreateShared
MsgStringCreateStack
ServiceMain
SvchostPushServiceGlobals
UninitializeServices

Sections

.text
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

845dcdeaa23c4e99a8b7a00497ef1e58

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

47:dc:d9:b8:10:a2:7b:f8:f8:63:02:6e:b3:4a:30:e8:76:17:e9:27:88:ae:04:24:d3:7f:5c:cc:1a:1e:26:8cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-memory-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

rpcrt4

api-ms-win-core-interlocked-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

ntdll

api-ms-win-security-accesshlpr-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-service-core-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-util-l1-1-0

Exports

Exports

Sections

.text Size: 360KB - Virtual size: 360KB

.rdata Size: 109KB - Virtual size: 109KB

.data Size: 1KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 248B

.rsrc Size: 55KB - Virtual size: 55KB

.reloc Size: 27KB - Virtual size: 26KB

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

47:dc:d9:b8:10:a2:7b:f8:f8:63:02:6e:b3:4a:30:e8:76:17:e9:27:88:ae:04:24:d3:7f:5c:cc:1a:1e:26:8c
Signer

.text
Size: 360KB - Virtual size: 360KB

.rdata
Size: 109KB - Virtual size: 109KB

.data
Size: 1KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 248B

.rsrc
Size: 55KB - Virtual size: 55KB

.reloc
Size: 27KB - Virtual size: 26KB