GlobCollationHost[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

GlobCollationHost.dll
Size

190KB
MD5

f988dc4a9e80050cee7c7414c55bb696
SHA1

2b1acf5fa4fb81d56504c4549f3dc967abd9b891
SHA256

158347705035a69feb3004739211ae0a32052a7662e809573f0c7bcd5d9f8f25
SHA512

b23b38687864c546b3563a1a2fd02c18a872bc62c43dca4857c78d22cf9f2e23f22e3606831fbd8264e2b7eb7acb32137f4a6eecb9ba565328854c9e9eb449a1
SSDEEP

3072:G4GDyVHAClERdZ0j3W5nDzh2cERhxBRhxBRhxBR6Kaq6Kaq6Kaq6D:rSPi3WDzh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GlobCollationHost.dll

Files

GlobCollationHost.dll
.dll windows:10 windows x86 arch:x86

dff403142d67de72daf135b762fede57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

globcollationhost.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
_except_handler4_common

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringOrdinal
CompareStringEx

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-localization-l1-2-0

ResolveLocaleName
LCMapStringEx

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoGetMalloc

api-ms-win-core-normalization-l1-1-0

NormalizeString

Exports

Exports

WGCGetCharacterGroupDisplayName
WGCGetDefaultGroupingLetters
WGCGetGroupingLetter

Sections

.text
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dff403142d67de72daf135b762fede57

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-localization-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-normalization-l1-1-0

Exports

Exports

Sections

.text Size: 142KB - Virtual size: 141KB

.data Size: 512B - Virtual size: 916B

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 43KB - Virtual size: 43KB

.text
Size: 142KB - Virtual size: 141KB

.data
Size: 512B - Virtual size: 916B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 43KB - Virtual size: 43KB