SearchFolder[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SearchFolder.dll
Size

317KB
MD5

1bfbb884c340440fef5c07e7f5332a18
SHA1

2df16e3dd25edb9aae6ce7230aea54297ddfb958
SHA256

b4dfd9b39390b886c11c25dfab4c579481073a5ae09f3722c5fd4f5478291511
SHA512

658ef41b2f72fd4c332c9227335d1bc66c03a7a73dec41e74b17d4ed1430f979a26cf95947029049ea889726e3139aa7cb8aa58d67b196ac270d1eaa7d7b783e
SSDEEP

3072:nEvCUueY3xf4cbyuGgFCID+iKp0/5ioPYvZu6fWsEcDi1UQRG/gQmGUkBOqRNJJz:Mexf3euGziKfPdgTOJwgBSRapf5q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SearchFolder.dll

Files

SearchFolder.dll
.dll regsvr32 windows:10 windows x86 arch:x86

2ae9b9cfcce12cc412bc8594897ce3a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SearchFolder.pdb

Imports

msvcrt

_wtoi
_onexit
_unlock
_lock
_initterm
malloc
free
_amsg_exit
_XcptFilter
wcschr
__CxxFrameHandler3
memset
_ftol2_sse
_except_handler4_common
memcmp
memcpy
__dllonexit
memmove
memmove_s
_get_errno
_set_errno
memcpy_s
_vsnwprintf

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW
SHStrDupA

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode
SHUnicodeToAnsi

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_QueryService
IUnknown_SetSite
IUnknown_Set

api-ms-win-shcore-registry-l1-1-1

SHRegGetValueFromHKCUHKLM

api-ms-win-shcore-stream-l1-1-0

IStream_Reset
IStream_Size
IStream_Read
SHCreateStreamOnFileEx
IStream_Write
SHCreateMemStream

api-ms-win-shcore-registry-l1-1-0

SHQueryValueExW
SHRegGetValueW

shcore

ord200
ord143
ord193
ord130
ord123
ord190
ord142
ord150

shell32

SHCreateShellItemArrayFromIDLists
ord895
ord824
ord51
SHEvaluateSystemCommandTemplate
SHGetNameFromIDList
SHGetKnownFolderIDList
SHGetKnownFolderItem
ord21
SHParseDisplayName
SHCreateShellItemArrayFromShellItem
ord880
SHCreateItemWithParent
ord152
SHBindToParent
ord256
SHCreateDefaultContextMenu
AssocCreateForClasses
ord702
ord898
SHChangeNotify
SHBindToFolderIDListParent
ord171
ord75
SHGetSpecialFolderLocation
ord866
ord6
SHCreateItemFromParsingName
ord16
ord155
ord18
ord19
ord25
ord100
SHGetIDListFromObject
SHCreateItemInKnownFolder
SHCreateItemFromIDList
ord102
SHBindToObject
ord850
ord823
ord17
SHBindToFolderIDListParentEx
SHGetKnownFolderPath
Shell_GetCachedImageIndexW
ord241

shlwapi

UrlIsW
UrlCompareW
StrStrA
ord156
PathParseIconLocationW
UrlHashW
ord15
PathFileExistsW
ord29
ord331
PathMatchSpecW
StrRChrW
ord172
PathRemoveFileSpecW
PathRemoveBackslashW
PathIsRootW
ord152
PathCreateFromUrlW
StrDupW
ord24
StrCmpW
StrStrNIW
StrToIntA
UrlEscapeW
ord456
ord154
ord219
ord158
ord157
PathIsUNCW
StrStrIW
ord2
PathSkipRootW
PathIsURLW
PathFindNextComponentW
PathCompactPathExW
PathRemoveExtensionW
PathFindFileNameW
ord388
ord164
UrlGetPartW
ord236
StrPBrkW
StrCmpNIW
PathMatchSpecExW
PathGetArgsW
PathRemoveArgsW
PathQuoteSpacesW
StrCmpIW
PathRemoveBlanksW
PathFindExtensionW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
SizeofResource
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExW
LoadStringW
DisableThreadLibraryCalls
GetProcAddress
LoadStringA
LockResource
LoadResource
FindResourceExW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockShared
WaitForSingleObject
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
CreateMutexW
ReleaseSRWLockExclusive
ReleaseMutex
CreateMutexExW
WaitForSingleObjectEx
OpenSemaphoreW
EnterCriticalSection
AcquireSRWLockExclusive
CreateSemaphoreExW
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-com-l1-1-0

PropVariantClear
CoTaskMemFree
CoCreateInstance
GetHGlobalFromStream
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal
PropVariantCopy
CoGetMalloc
CoCreateFreeThreadedMarshaler
StringFromGUID2

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

ResolveLocaleName
GetSystemPreferredUILanguages
FormatMessageW
GetSystemDefaultLCID
FindNLSString
LCMapStringEx
LCMapStringW
IsDBCSLeadByteEx
IsDBCSLeadByte
LocaleNameToLCID
FindNLSStringEx

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte
CompareStringW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount
GetSystemTimeAsFileTime
GetLocalTime
GetTickCount64
GetVersionExW

ntdll

EtwEventEnabled
EtwEventWrite
EtwEventSetInformation
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer
EtwEventActivityIdControl

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

RegisterClipboardFormatW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock
GlobalSize

api-ms-win-rtcore-ntuser-window-l1-1-0

SendMessageW
GetCursorPos
GetWindowRect

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA
lstrlenW
lstrlenA
lstrcmpiW
lstrcmpW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchRemoveFileSpec
PathCchAppend

api-ms-win-winrt-search-folder-l1-1-0

GetGatherAdmin
CreateSingleVisibleInList
GetScopeFolderType
SEARCH_WriteAutoListContents
SHCreateScopeItemFromShellItem
SEARCH_RemoteLocationsCscStateCache_IsRemoteLocationInCsc
SHCreateAutoListWithID
IsMSSearchEnabled
SHCreateScopeFromIDListsEx
SHCreateScopeItemFromKnownFolder
SHCreateScopeItemFromIDList
SHCreateTransientVFolderIDList
SHCreateScopeFromShellItemArray
SHCreateSearchIDListFromAutoList
SHCreateScope
SHCreateAutoList
CreateDefaultProviderResolver
CreateResultSetFactory

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-string-l2-1-0

CharLowerW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-localization-ansi-l1-1-0

GetStringTypeExA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AppendHiddenSearchContext
CDBFolderUI_CreateInstance
CSearchDelegateFolderUI_CreateInstance
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetAggregateQueryError
s_GetStartMenuFilesScope

Sections

.text
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ae9b9cfcce12cc412bc8594897ce3a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-shcore-unicodeansi-l1-1-0

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-shcore-registry-l1-1-1

api-ms-win-shcore-stream-l1-1-0

api-ms-win-shcore-registry-l1-1-0

shcore

shell32

shlwapi

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-sysinfo-l1-1-0

ntdll

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-winrt-search-folder-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-localization-ansi-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 270KB - Virtual size: 269KB

.data Size: 1KB - Virtual size: 3KB

.idata Size: 10KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 420B

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 270KB - Virtual size: 269KB

.data
Size: 1KB - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 420B

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 16KB - Virtual size: 16KB