PhotoMetadataHandler[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

PhotoMetadataHandler.dll
Size

394KB
MD5

978fe10cf1ec6018963fce8ce7e11385
SHA1

f6f03cac97420de68edf6193a89d18e480875251
SHA256

2e468715051a6e1f990ad0c272d13976a2da57ac973a53b8eec38ed62c8cd3c7
SHA512

d0111267a906d38c4a2080df45112185ffbb18fe6477c9b8ee250f843926080a1b411219caf58c9ca2f2f1e3e4bfe408bf9aa8a657f7d76ab01af2a224d5660a
SSDEEP

6144:9r2oAMn0yf6rNqfjIVINyyT2IBL5+0IrLhHeVJhQj/6I1J0js:9r27+xB80IJCJhQ/bG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PhotoMetadataHandler.dll

Files

PhotoMetadataHandler.dll
.dll regsvr32 windows:10 windows x86 arch:x86

20c2b1cace529e9638a4bfba019790d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PhotoMetadataHandler.pdb

Imports

msvcrt

calloc
wcsrchr
_vsnwprintf
wcscat_s
wcscpy_s
memcpy_s
free
_wtof
memmove_s
wcsstr
_wcstoi64
iswspace
wcschr
strtol
wcsncpy_s
_wtol
wcstok
strtoul
_wcsicmp
_vscwprintf
vswprintf_s
_XcptFilter
_amsg_exit
wcstod
sscanf_s
swscanf_s
_initterm
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__CxxFrameHandler3
_errno
realloc
_lock
_unlock
__dllonexit
_purecall
_onexit
towupper
malloc
_CxxThrowException
_ftol2
_ftol2_sse
floor
memcmp
memcpy
memset

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
AcquireSRWLockExclusive
EnterCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockShared
ReleaseSRWLockExclusive
CreateMutexExW
CreateSemaphoreExW
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

rpcrt4

CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_QueryInterface
CStdStubBuffer_Connect
NdrOleAllocate
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_DebugServerRelease

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemRealloc
CoGetMalloc
CLSIDFromString
PropVariantClear
PropVariantCopy
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
TraceEvent
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadLibraryExA
FreeLibrary
GetModuleFileNameW
FindResourceExW
DisableThreadLibraryCalls
GetModuleFileNameA
GetProcAddress
LoadLibraryExW
GetModuleHandleW
LoadResource
SizeofResource
LockResource

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-core-file-l1-1-0

DeleteFileW
GetTempFileNameW

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrTrimW

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLCID
GetLocaleInfoEx
FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapDestroy
HeapFree
HeapSize
HeapReAlloc
GetProcessHeap

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
DebugBreak
IsDebuggerPresent

propsys

PropVariantChangeType
PropVariantCompareEx
PropVariantGetElementCount
InitPropVariantFromStringVector
InitPropVariantFromStringAsVector

windowscodecs

WICConvertBitmapSource

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode
SHUnicodeToAnsi

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20c2b1cace529e9638a4bfba019790d4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

rpcrt4

api-ms-win-core-com-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-debug-l1-1-0

propsys

windowscodecs

api-ms-win-shcore-unicodeansi-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 361KB - Virtual size: 361KB

.data Size: 2KB - Virtual size: 4KB

.idata Size: 7KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 60B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 361KB - Virtual size: 361KB

.data
Size: 2KB - Virtual size: 4KB

.idata
Size: 7KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 60B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 17KB - Virtual size: 17KB