docprop[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

docprop.dll
Size

36KB
MD5

70832b7253093e9896b49f276beba63b
SHA1

27f86d39cea4af1c8cf545b911e68d2f9b4c46cd
SHA256

ec920267b9c4ec8b410ac16f6e6255f89b0c49c5607a787d21e25604bb9a5961
SHA512

1ef783eb1503de8979e2f6afa4895a1205cd5e417b6535dd683a34694186c35aac377f0730220f2577a21baefec9d2503c9aebc703608cf1bfe1007fcad0fd1c
SSDEEP

768:jqwvncAd/QV17FePN80laW1CWmAJzfU3LSCR3:jlbd/QVVFh0laWpmKQbhR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
docprop.dll

Files

docprop.dll
.dll windows:6 windows x86 arch:x86

b9d841e359968d79b3fadcf705fdf39e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

docprop.pdb

Imports

msvcrt

iswctype
_errno
_vsnwprintf
memset
_XcptFilter
malloc
free
_initterm
_amsg_exit
_except_handler4_common
wcstol

kernel32

GetModuleFileNameW
DeactivateActCtx
GetProcAddress
LoadLibraryW
GetCalendarInfoW
LocalFree
LocalAlloc
lstrlenW
LocalFileTimeToFileTime
SystemTimeToFileTime
CompareStringW
GetLocaleInfoW
GetDateFormatW
FileTimeToSystemTime
ActivateActCtx
GetACP
lstrcmpiW
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GlobalFree
GlobalAlloc
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
InterlockedExchange
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReleaseActCtx
CreateActCtxW
FileTimeToLocalFileTime
TerminateProcess

gdi32

DeleteObject
SetBkColor
SetTextColor
CreateSolidBrush

user32

SendMessageW
LoadIconW
GetSystemMetrics
GetClientRect
EnableWindow
ShowWindow
GetParent
IsCharAlphaW
SetFocus
GetSysColor
PostMessageW
IsWindowEnabled
GetDlgItem
SetWindowLongW
GetWindowLongW
GetFocus
LoadStringW
MessageBoxW
IsCharAlphaNumericW
SendDlgItemMessageW

shlwapi

ord388
PathFindFileNameW

shell32

DragQueryFileW

ole32

StgOpenStorageEx
CoTaskMemFree
FreePropVariantArray
PropVariantClear
CoTaskMemAlloc
PropVariantCopy
CoUninitialize
CoInitialize
ReleaseStgMedium

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9d841e359968d79b3fadcf705fdf39e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

gdi32

user32

shlwapi

shell32

ole32

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 26KB

.data Size: 1024B - Virtual size: 9KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 26KB - Virtual size: 26KB

.data
Size: 1024B - Virtual size: 9KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 2KB