CoreMessaging[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

CoreMessaging.dll
Size

616KB
MD5

49648fc319d0f5b7893319fe17077ea0
SHA1

87e02865d0305547bb39e1cb6b9ba85b3438dc60
SHA256

5af1c4937c333f05b67566051120695dc1292b72ce9cc0fa50ec8da8db0dfab5
SHA512

17859d7dd4d4a3d69bd138951289835a68bebc12bd690b38243ab9469ddc42375ca4fd4e24e0248134423bb6473197c6a47171b15f9bb864f6c1ae67c4012b32
SSDEEP

12288:DAQDU6gsd617CaAJLH30foENJVK6kM9d0YfPLT50tian:3QA617ab0foEhK8nNfTFGim

Score

1^/10

Malware Config

Signatures

Files

CoreMessaging.dll
.dll windows:6 windows x86 arch:x86

7fbeb77903e6f1042ea07e9dd228ffc7

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:0d:62:55:cd:19:90:5a:dc:62:0c:23:27:cd:a4:45:f2:e5:44:62:8a:8d:77:23:f2:ac:a3:f5:68:bc:7a:a0
Signer

Actual PE Digest

c0:0d:62:55:cd:19:90:5a:dc:62:0c:23:27:cd:a4:45:f2:e5:44:62:8a:8d:77:23:f2:ac:a3:f5:68:bc:7a:a0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CoreMessaging.pdb

Imports

msvcrt

_libm_sse2_sqrt_precise
_ftol2
_CxxThrowException
free
??1type_info@@UAE@XZ
__dllonexit
__CxxFrameHandler3
memcmp
malloc
??_V@YAXPAX@Z
_wcsicmp
memmove
_initterm
memchr
??3@YAXPAX@Z
_except_handler4_common
?terminate@@YAXXZ
_lock
memcpy
_unlock
_purecall
_amsg_exit
_XcptFilter
_onexit
_aligned_offset_malloc
_aligned_free
realloc
swprintf_s
wcscpy_s
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_vsnwprintf
memcpy_s
_vsnprintf_s
memmove_s
_callnewh
memset

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep
WaitOnAddress
WakeByAddressAll

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TlsFree
TlsAlloc
SetThreadPriority
GetThreadPriority
CreateThread
TlsGetValue
OpenProcessToken
TerminateProcess
OpenThreadToken
GetCurrentProcessId
GetCurrentThreadId
TlsSetValue
OpenThread
GetCurrentThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount64
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls
LoadLibraryExW
GetModuleHandleW
GetProcAddress
LoadLibraryExA
FreeLibrary
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
CreateWaitableTimerExW
CreateSemaphoreExW
AcquireSRWLockShared
SetWaitableTimer
AcquireSRWLockExclusive
InitializeSRWLock
WaitForSingleObject
CreateMutexExW
DeleteCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
WaitForMultipleObjectsEx
CreateEventW
ResetEvent
SetEvent
ReleaseSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockShared
ReleaseMutex
ReleaseSemaphore
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSize
HeapCreate
GetProcessHeap
HeapFree
HeapDestroy

api-ms-win-core-handle-l1-1-0

GetHandleInformation
CloseHandle
DuplicateHandle

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW
LCMapStringW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

LocalFileTimeToFileTime
ReadFile
WriteFile

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CreateThreadpoolWait
CallbackMayRunLong
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolWait
SetThreadpoolTimer
CloseThreadpoolWait

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

ws2_32

WSAIoctl
WSAStartup
WSACleanup
closesocket
bind
listen
setsockopt
WSASocketW

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-service-management-l1-1-0

OpenServiceW
StartServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-interlocked-l1-1-0

QueryDepthSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InterlockedFlushSList
InitializeSListHead

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualQuery
VirtualFree
VirtualProtect

api-ms-win-security-base-l1-1-0

GetTokenInformation
RevertToSelf

api-ms-win-core-localization-obsolete-l1-2-0

GetNumberFormatW

ntdll

NtAlpcQueryInformation
NtAlpcAcceptConnectPort
NtAlpcCreatePort
RtlInitUnicodeString
NtAlpcDisconnectPort
NtAllocateReserveObject
NtRemoveIoCompletionEx
NtSetIoCompletionEx
NtAssociateWaitCompletionPacket
NtCreateIoCompletion
NtAlpcConnectPortEx
NtAlpcImpersonateClientOfPort
RtlClearThreadWorkOnBehalfTicket
RtlSetThreadWorkOnBehalfTicket
AlpcGetMessageAttribute
NtAlpcSendWaitReceivePort
NtClose
NtCancelWaitCompletionPacket
NtCreateWaitCompletionPacket
RtlFreeUnicodeString
RtlGetAppContainerNamedObjectPath
NtQuerySystemInformation
AlpcInitializeMessageAttribute

api-ms-win-security-accesshlpr-l1-1-0

QueryTransientObjectSecurityDescriptor
FreeTransientObjectSecurityDescriptor

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

Exports

Exports

CoreUICallComputeMaximumMessageSize
CoreUICallCreateConversationHost
CoreUICallCreateEndpointHost
CoreUICallCreateEndpointHostWithSendPriority
CoreUICallGetAddressOfParameterInBuffer
CoreUICallReceive
CoreUICallSend
CoreUICallSendVaList
CoreUIConfigureTestHost
CoreUIConfigureUserIntegration
CoreUICreate
CoreUICreateAnonymousStream
CoreUICreateClientWindowIDManager
CoreUICreateEx
CoreUICreateSystemWindowIDManager
CoreUIInitializeTestService
CoreUIOpenExisting
CoreUIRouteToTestRegistrar
CoreUIUninitializeTestService
CreateDispatcherQueueController
CreateDispatcherQueueForCurrentThread
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetDispatcherQueueForCurrentThread
MsgBlobCreateShared
MsgBlobCreateStack
MsgBufferShare
MsgRelease
MsgStringCreateShared
MsgStringCreateStack
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 402KB - Virtual size: 401KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fbeb77903e6f1042ea07e9dd228ffc7

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

c0:0d:62:55:cd:19:90:5a:dc:62:0c:23:27:cd:a4:45:f2:e5:44:62:8a:8d:77:23:f2:ac:a3:f5:68:bc:7a:a0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-synch-l1-2-1

ws2_32

api-ms-win-core-io-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

ntdll

api-ms-win-security-accesshlpr-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-apiquery-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-util-l1-1-0

Exports

Exports

Sections

.text Size: 402KB - Virtual size: 401KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 1KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 252B

.rsrc Size: 56KB - Virtual size: 55KB

.reloc Size: 29KB - Virtual size: 28KB

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

c0:0d:62:55:cd:19:90:5a:dc:62:0c:23:27:cd:a4:45:f2:e5:44:62:8a:8d:77:23:f2:ac:a3:f5:68:bc:7a:a0
Signer

.text
Size: 402KB - Virtual size: 401KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 1KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 252B

.rsrc
Size: 56KB - Virtual size: 55KB

.reloc
Size: 29KB - Virtual size: 28KB