dispex[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dispex.dll
Size

16KB
MD5

4cecd3a5e56fb68de94353640e7153f7
SHA1

dc371ad6b4fb277839147261a6fa0216b526a516
SHA256

213cb898ea5865650e400f99724594ecb2fd8733dfad44425fd8137b965f2a93
SHA512

d4660219704bc5183f712902e114708b236ac4ed4f78b03f43a50c07dcd31396efff430d2a965b40841ca1b51031d63de1e95f575469492be51d752e0735770a
SSDEEP

384:8BVfuIX/OlnJBY+6c/nI+xWymOMG2r5FZyWSUuIWW:8PmzEu9GdTZow

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dispex.dll

Files

dispex.dll
.dll regsvr32 windows:10 windows x86 arch:x86

8e5107ce82dd40bea7220d6011da89e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dispex.pdb

Imports

msvcrt

_XcptFilter
_amsg_exit
_initterm
free
_callnewh
_except_handler4_common
malloc
memcmp

oleaut32

VARIANT_UserMarshal
BSTR_UserUnmarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
BSTR_UserMarshal
BSTR_UserFree
VARIANT_UserSize
BSTR_UserSize

rpcrt4

CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Connect
NdrOleAllocate
NdrDllUnregisterProxy
CStdStubBuffer_Invoke
NdrStubForwardingFunction
NdrDllRegisterProxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
NdrDllGetClassObject
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrClientCall4
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrStubCall2
NdrOleFree

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient5
ObjectStublessClient13
ObjectStublessClient7
NdrProxyForwardingFunction4
CStdStubBuffer2_Disconnect
NdrProxyForwardingFunction5
ObjectStublessClient3
ObjectStublessClient6
ObjectStublessClient8
CStdStubBuffer2_CountRefs
ObjectStublessClient9
ObjectStublessClient11
ObjectStublessClient14
ObjectStublessClient10
ObjectStublessClient12
CStdStubBuffer2_Connect
ObjectStublessClient4
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction3
NdrProxyForwardingFunction6

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e5107ce82dd40bea7220d6011da89e4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

oleaut32

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 864B

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 1024B - Virtual size: 884B

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 864B

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 1024B - Virtual size: 884B