comuid[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

comuid.dll
Size

571KB
MD5

40e947f18137a41d36858cdab4bfc1b3
SHA1

c7fbbdb448876174d28df35d8099241567edb221
SHA256

585a9cbdd27f5a8dcd755605832f292d525024e2daa401887cb9c78975eb4f2b
SHA512

8a716fe1da96103a49d4879dce6b17864a2dc6bd562f554698c86e77a541f6d28cdedb6b1c7d008802bd4f316a31a3408cb3f57fdc3cac50c6a645ebf9487dfa
SSDEEP

12288:dgDIsVpVP8L472n2ppjCjnicOGl6osrMs51Kn2nAMO:dlCVP+4722ppgicOTNMs51K2nAb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
comuid.dll

Files

comuid.dll
.dll regsvr32 windows:6 windows x86 arch:x86

e3da0ea3ab15bd16d6a5059ad5272bc6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ComUID.pdb

Imports

mfc42u

ord3634
ord4395
ord2573
ord4214
ord2016
ord2405
ord6362
ord1764
ord692
ord3728
ord3393
ord3282
ord3298
ord3995
ord4124
ord922
ord2809
ord5977
ord5855
ord2371
ord6003
ord2810
ord6896
ord5600
ord713
ord414
ord3356
ord5949
ord1863
ord4118
ord6137
ord3658
ord2729
ord2350
ord4272
ord6219
ord6218
ord940
ord942
ord2385
ord3281
ord4736
ord1184
ord5593
ord1081
ord715
ord415
ord5601
ord2753
ord4270
ord2755
ord941
ord3084
ord768
ord491
ord4848
ord4352
ord4970
ord1899
ord489
ord4253
ord771
ord3695
ord4425
ord3381
ord2046
ord4433
ord5284
ord1683
ord4709
ord1130
ord2859
ord496
ord3470
ord1560
ord3621
ord2406
ord268
ord3614
ord2858
ord2854
ord2236
ord3792
ord4238
ord5047
ord3288
ord755
ord2966
ord470
ord3905
ord2746
ord6648
ord3088
ord5798
ord2293
ord2281
ord2290
ord2637
ord810
ord793
ord924
ord3688
ord1634
ord3568
ord2855
ord3133
ord5871
ord6168
ord5785
ord2745
ord2372
ord4128
ord4292
ord5783
ord283
ord5784
ord472
ord4254
ord1008
ord1662
ord2644
ord6874
ord6004
ord3285
ord1143
ord5856
ord500
ord3696
ord772
ord5436
ord6379
ord2836
ord2099
ord5446
ord6390
ord1105
ord818
ord3737
ord699
ord912
ord397
ord5627
ord3433
ord5706
ord925
ord4273
ord6136
ord341
ord1594
ord2550
ord2092
ord5602
ord3649
ord2576
ord4215
ord2430
ord1637
ord6266
ord2821
ord537
ord3785
ord3870
ord2776
ord3090
ord3312
ord6193
ord6376
ord1240
ord4803
ord2877
ord654
ord1135
ord3983
ord5604
ord5852
ord5679
ord3979
ord3798
ord498
ord600
ord1571
ord1250
ord1248
ord1563
ord1194
ord342
ord1179
ord1570
ord1568
ord1173
ord1115
ord269
ord826
ord2036
ord6443
ord2440
ord4199
ord6278
ord6279
ord6024
ord2403
ord2015
ord4213
ord2570
ord5830
ord4392
ord3577
ord616
ord5426
ord6211
ord5155
ord5156
ord5154
ord4899
ord4942
ord4371
ord5283
ord4829
ord3694
ord541
ord1172
ord5857
ord535
ord6928
ord6139
ord801
ord538
ord6330
ord2362
ord3296
ord6898
ord3087
ord2857
ord3991
ord3993
ord2574
ord4396
ord3365
ord3635
ord2606
ord3297
ord6451
ord693
ord4704
ord6237
ord4155
ord5261
ord4370
ord4992
ord6048
ord1767
ord5276
ord4419
ord3592
ord324
ord641
ord2506
ord6195
ord858
ord3871
ord2910
ord5568
ord4847
ord2294
ord540
ord3605
ord609
ord2567
ord4390
ord3569
ord795
ord6051
ord4073
ord1768
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5286
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord3397
ord4621
ord3716
ord567
ord3867
ord2634
ord4229
ord800
ord656
ord861
ord1165
ord1099
ord2717
ord3948
ord6466
ord1128
ord823
ord3579
ord543
ord803
ord815
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3396
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord3714
ord825

msvcrt

memset
malloc
_wstrdate
_wstrtime
__CxxFrameHandler3
_waccess
free
realloc
memcpy
_local_unwind4
wcstod
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
_wcsicmp
_vsnwprintf
_CxxThrowException
iswdigit
wcstol
_wtoi
wcstok
iswprint
wcstoul
wcsrchr
wcschr
_wsplitpath_s
_itow
memmove
_wcsdup
_wtol
_ltow
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_callnewh
_XcptFilter
_initterm
_amsg_exit
??1type_info@@UAE@XZ

ntdll

NtQueryInformationProcess

shell32

SHGetMalloc
DragQueryFileW
SHBrowseForFolderW
SHGetPathFromIDListW

secur32

GetUserNameExW

advapi32

RegConnectRegistryW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetSecurityDescriptorControl
RegEnumKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
GetUserNameW
GetSecurityDescriptorLength
GetSecurityDescriptorDacl
MakeSelfRelativeSD
SetSecurityDescriptorDacl
MakeAbsoluteSD
FreeSid
IsValidSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
BuildSecurityDescriptorW
QueryServiceStatus
CloseServiceHandle
ControlService
OpenServiceW
EnumDependentServicesW
EnumServicesStatusW
OpenSCManagerW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
QueryServiceConfigW
RegQueryValueW
ChangeServiceConfigW
LsaNtStatusToWinError
LsaClose
LsaStorePrivateData
LsaOpenPolicy
LsaAddAccountRights
LookupAccountNameW
RegDeleteKeyW
RegGetKeySecurity
RegSetKeySecurity
LogonUserW
GetSecurityDescriptorControl

kernel32

GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
HeapDestroy
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
lstrcpynW
lstrcpyW
LoadLibraryExW
lstrcatW
FreeLibrary
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryA
LocalFree
FormatMessageW
GlobalUnlock
GlobalLock
LocalAlloc
InterlockedCompareExchange
Sleep
GetTickCount
MulDiv
MultiByteToWideChar
CloseHandle
GetCurrentProcess
GetComputerNameW
WaitForMultipleObjects
WaitForSingleObject
LoadLibraryExA
InterlockedExchange
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LockResource
FindClose
DeleteFileW
SetFileAttributesW
FindNextFileW
FindFirstFileW
GetExitCodeProcess
CreateProcessW
CreateDirectoryW
GetLocalTime
ExpandEnvironmentStringsW
DebugBreak
GetThreadContext
GetCurrentThread
IsDebuggerPresent
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
SetEvent
CreateEventW
CompareStringW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetCurrentThreadId
DelayLoadFailureHook
ExpandEnvironmentStringsA
RegQueryValueExA
RegOpenKeyExA
ResumeThread

gdi32

GetTextExtentPoint32W
CreatePen
Rectangle
DeleteObject
GetObjectW
GetDeviceCaps

user32

LoadStringW
MessageBoxW
GetDlgCtrlID
OpenClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
MessageBeep
GetParent
EnableMenuItem
GetSystemMenu
GetDC
ReleaseDC
GetSysColor
CopyRect
DrawFocusRect
UpdateWindow
InvalidateRect
GetFocus
SetCursor
LoadCursorW
LockWindowUpdate
LoadIconW
InflateRect
GetWindowRect
ScreenToClient
GetClientRect
GetSystemMetrics
CopyImage
LoadBitmapW
GetDesktopWindow
LoadImageW
SetTimer
KillTimer
AppendMenuW
CreateMenu
DestroyMenu
GetAsyncKeyState
SetFocus
DeleteMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringW
GetSubMenu
InsertMenuW
ModifyMenuW
LoadMenuW
MapWindowPoints
CreatePopupMenu
PeekMessageW
GetWindowTextLengthW
SetWindowTextW
GetWindow
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetDlgItem
SetForegroundWindow
GetForegroundWindow
SetWindowPos
SetThreadDesktop
OpenDesktopW
SetProcessWindowStation
OpenWindowStationW
GetThreadDesktop
GetProcessWindowStation
CloseDesktop
CloseWindowStation
SetDlgItemTextW
EndDialog
DialogBoxParamW
RegisterClipboardFormatW
GetWindowLongW
SetWindowLongW
EnableWindow
SendMessageW
CharPrevW
PostMessageW
IsWindow
CharNextW
DestroyIcon

ole32

CLSIDFromString
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
ReleaseStgMedium
CoGetSystemSecurityPermissions
CoSetProxyBlanket
CoGetObjectContext
UpdateDCOMSettings
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoTaskMemFree
StringFromCLSID
CoInitializeEx
CoUninitialize
CoCreateInstanceEx

oleaut32

SysFreeString
VariantClear
VarUI4FromStr
LoadTypeLi
SysAllocString
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
VariantInit
SysStringLen
SysAllocStringLen
SafeArrayDestroy
SysStringByteLen
SysAllocStringByteLen
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetUBound
SysReAllocString
SafeArrayCopy
SafeArrayGetLBound
VariantCopy
VariantChangeType

rpcrt4

CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerQueryInterface

version

VerQueryValueW

Exports

Exports

CreateDCOMSecurityUIPage
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 498KB - Virtual size: 498KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3da0ea3ab15bd16d6a5059ad5272bc6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

ntdll

shell32

secur32

advapi32

kernel32

gdi32

user32

ole32

oleaut32

rpcrt4

version

Exports

Exports

Sections

.text Size: 498KB - Virtual size: 498KB

.orpc Size: 512B - Virtual size: 51B

.data Size: 32KB - Virtual size: 40KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 37KB - Virtual size: 36KB

.text
Size: 498KB - Virtual size: 498KB

.orpc
Size: 512B - Virtual size: 51B

.data
Size: 32KB - Virtual size: 40KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 37KB - Virtual size: 36KB