fms[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

fms.dll
Size

164KB
MD5

f2ea17c6a3e6c1f914420aaaacb51da0
SHA1

41c301519e39275b8a3b2b71ab83a4e206cab05e
SHA256

8b62014736b933a0f66789c2c6a8e0d71c360dee9307383834efecf471283b23
SHA512

6f5940d630e608d90584e0c3fbd5b65bf3111558531028fe9a149754f0ab118815081391d472c436aa99731f2ad9b34658db20e873f2a7e711cd5433d5fbb65b
SSDEEP

3072:IV+hBZoKdiGb5P62oR5U1F/HS1lpzj5OOv/Vzmx1pj7e4t/dB1mQ8bSXXq4:UcldiGdPDX1tHENQQ4t/dLcb86

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fms.dll

Files

fms.dll
.dll windows:10 windows x86 arch:x86

326f59a188d802f63f695d23355dde68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

fms.pdb

Imports

msvcrt

_amsg_exit
_XcptFilter
realloc
_initterm
swprintf_s
wcscat_s
_wtoi
??1type_info@@UAE@XZ
_lock
_unlock
__dllonexit
wcsncpy_s
_except_handler4_common
memcmp
_onexit
_purecall
wcsstr
wcschr
wcsncmp
malloc
_wcsnicmp
free
wcscpy_s
wcsnlen
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??3@YAXPAX@Z
_callnewh
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
?what@exception@@UBEPBDXZ
_CxxThrowException
memcpy
memmove
memcpy_s
_vsnwprintf
__CxxFrameHandler3
memset

kernel32

DelayLoadFailureHook
IsDebuggerPresent
ResolveDelayLoadedAPI
GetModuleFileNameA
HeapFree
GetModuleHandleExW
GetCurrentThreadId
FormatMessageW
DisableThreadLibraryCalls
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
DebugBreak
WaitForMultipleObjects
CompareStringOrdinal
WaitForSingleObject
ReleaseMutex
LCIDToLocaleName
GetLastError
CloseHandle
CreateMutexExW
CloseThreadpoolWork
GetThreadPreferredUILanguages
WaitForThreadpoolWorkCallbacks
CallbackMayRunLong
CreateEventW
GetThreadUILanguage
SetEvent
SubmitThreadpoolWork
LocaleNameToLCID
CreateThreadpoolWork
InitOnceBeginInitialize
CreateSemaphoreExW
SetLastError
ReleaseSemaphore
ReleaseSRWLockExclusive
OutputDebugStringW
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
GetCurrentProcessId
GetTickCount
GetLocaleInfoEx
FileTimeToSystemTime
SystemTimeToFileTime
GetACP
ExpandEnvironmentStringsW
MulDiv
EnumSystemLocalesEx
LCMapStringW
ReadFile
GetFileSizeEx
WriteFile
CreateFileW
SetFilePointerEx
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime

advapi32

EventUnregister
EventRegister
EventWriteTransfer
RegNotifyChangeKeyValue
EventActivityIdControl
RegCloseKey
EventSetInformation
RegEnumValueW
RegGetValueW
RegCreateKeyExW
RegDeleteKeyValueW
RegQueryInfoKeyW
RegDeleteKeyExW
RegSetKeyValueW
RegOpenKeyExW

user32

ReleaseDC
LoadStringW
SendNotifyMessageW
GetKeyboardLayoutList
GetDC

shlwapi

PathRemoveFileSpecW
PathFindFileNameW

gdi32

GetDeviceCaps
SetGraphicsMode
EnumFontFamiliesExW
TranslateCharsetInfo
GetFontRealizationInfo
GetFontData
GetTextMetricsW
GetFontFileInfo
SelectObject
CreateFontIndirectW
DeleteObject

bcp47langs

IsTransientLcid

Exports

Exports

FmsActivateFonts
FmsAddFilter
FmsDeactivateFonts
FmsFreeEnumerator
FmsGetBestMatchInFamily
FmsGetCurrentFilter
FmsGetDirectWriteLogFont
FmsGetFilteredFontList
FmsGetFilteredPropertyList
FmsGetFontAutoActivationMode
FmsGetFontProperty
FmsGetGDILogFont
FmsGetGdiLogicalFont
FmsInitializeEnumerator
FmsMapGdiLogicalFont
FmsMapLogicalFont
FmsResetEnumerator
FmsResetFontsActivationState
FmsSetDefaultFilter
FmsSetFilter
FmsSetFontAutoActivationMode
FmsSetTextFilter
FmsToggleOnDesignAxis

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

326f59a188d802f63f695d23355dde68

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

user32

shlwapi

gdi32

bcp47langs

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 148KB

.data Size: 512B - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 148KB - Virtual size: 148KB

.data
Size: 512B - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 5KB - Virtual size: 5KB