PhotoMetadataHandler[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PhotoMetadataHandler.dll
Size

328KB
MD5

fb2eb7bd978257d1a0c87d32651d90bd
SHA1

8259e505261cd999f5aa665592fd8c9c4818f7d3
SHA256

7b67a5b7e785977fc19adb169da5e0198daec58b4a60919d734c418e7ae70731
SHA512

f18558a6cd101b76d2ee41a996ad2c2a48b766e41e8e60c0e5a48b3f2fae336bc185541a73d943e5f8c07942018714d4783751501a622d565feb00ec2dae44f0
SSDEEP

6144:yjP1+wAHBZ0NKi5/sjbnpjnb6kwH+yjUyfayA67PkYBs/r754uDxJCknYNXRXOkk:yjP1+wAHBZ0NKi5/sjbnpjnb6kwH+yj+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PhotoMetadataHandler.dll

Files

PhotoMetadataHandler.dll
.dll regsvr32 windows:10 windows x86 arch:x86

37ec55ec08eb9aaeaea0bf6babf989f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PhotoMetadataHandler.pdb

Imports

msvcrt

wcschr
strtol
strtoul
wcstod
iswspace
towupper
wcsstr
_wcsicmp
memmove_s
calloc
_purecall
_vscwprintf
vswprintf_s
memset
sscanf_s
swscanf_s
_XcptFilter
_amsg_exit
_initterm
??1type_info@@UAE@XZ
_errno
realloc
_lock
_unlock
__dllonexit
_onexit
wcsrchr
_vsnwprintf
wcscat_s
wcscpy_s
memcpy_s
free
malloc
wcsncpy_s
_wtol
_wtof
_wcstoi64
wcstok
_except_handler4_common
_CxxThrowException
__CxxFrameHandler3
_ftol2
_ftol2_sse
floor
memcmp
memcpy

api-ms-win-core-synch-l1-2-0

LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
Sleep
EnterCriticalSection

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

rpcrt4

CStdStubBuffer_CountRefs
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerQueryInterface
NdrOleAllocate
NdrOleFree
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_Connect
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllGetClassObject
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow

api-ms-win-core-com-l1-1-1

CoTaskMemRealloc
StringFromGUID2
PropVariantCopy
CreateStreamOnHGlobal
CLSIDFromString
CoGetMalloc
CoTaskMemFree
PropVariantClear
CoTaskMemAlloc
CoCreateInstance

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
TraceEvent
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
FindResourceExW
GetModuleFileNameW
LockResource
GetModuleHandleW
LoadLibraryExW
DisableThreadLibraryCalls
GetProcAddress
LoadLibraryExA
LoadResource
FreeLibrary

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-1

GetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrcmpW
lstrcmpiW
lstrlenW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-core-file-l1-2-1

GetTempPathW
GetTempFileNameW
DeleteFileW

api-ms-win-core-kernel32-legacy-l1-1-1

MulDiv

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrTrimW

api-ms-win-core-localization-l1-2-1

GetSystemDefaultLCID

api-ms-win-core-heap-l1-2-0

HeapFree
HeapAlloc
HeapDestroy
HeapReAlloc
GetProcessHeap
HeapSize

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

propsys

InitPropVariantFromStringVector
InitPropVariantFromStringAsVector
PropVariantCompareEx
PropVariantGetElementCount
PropVariantChangeType

windowscodecs

WICConvertBitmapSource

api-ms-win-shcore-unicodeansi-l1-1-0

SHUnicodeToAnsi
SHAnsiToUnicode

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37ec55ec08eb9aaeaea0bf6babf989f6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-obsolete-l1-1-0

rpcrt4

api-ms-win-core-com-l1-1-1

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-debug-l1-1-1

propsys

windowscodecs

api-ms-win-shcore-unicodeansi-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 299KB - Virtual size: 298KB

.data Size: 2KB - Virtual size: 4KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 60B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 299KB - Virtual size: 298KB

.data
Size: 2KB - Virtual size: 4KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 60B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 14KB - Virtual size: 14KB