MCCSEngineShared[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

MCCSEngineShared.dll
Size

149KB
MD5

10140e34549c92e48a632b8b77c175d4
SHA1

02a8fff03ebe3111fd3ae5b1229ebe3a030745f4
SHA256

76bf68b0d797c9530def1f06635b6a77a66289ab0be09ca719308e521405186d
SHA512

c2482477f2c2c889e95120c3112be8da2969926a2b6e64a8a78ff679beaaf77f36a288db0f5b7bb4d9deb2937a69bca20a375cfe9a087e9f1956d0948cf05ee7
SSDEEP

3072:ZM4oJiwT/77pWX4Djp7J6cqJx8VvkGsycZzTY+gmVYeUP:2a4Xp7JJMxe7UtTY+gmGP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MCCSEngineShared.dll

Files

MCCSEngineShared.dll
.dll windows:10 windows x86 arch:x86

202035cb2e5ef953d6c30f416d154b3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MCCSEngineShared.pdb

Imports

msvcrt

??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
_except_handler4_common
??0exception@@QAE@ABV0@@Z
memcpy_s
_vsnwprintf
iswdigit
_wcsicmp
wcsrchr
wcstoul
memmove
_vsnwprintf_s
wcstok_s
_strnicmp
_stricmp
strtoul
wcschr
strchr
_vsnprintf
_vsnprintf_s
wcsstr
__CxxFrameHandler3
??0exception@@QAE@XZ
calloc
memset
wcsncpy_s
malloc
free
_purecall
??1exception@@UAE@XZ
memcpy

oleaut32

SysAllocStringLen
SysAllocString
VariantClear
SysStringLen
SysFreeString
VarUI4FromStr
VariantInit

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
SizeofResource
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadResource
FindResourceExW

api-ms-win-core-synch-l1-2-0

ReleaseMutex
ReleaseSemaphore
InitializeCriticalSection
OpenSemaphoreW
LeaveCriticalSection
CreateSemaphoreExW
Sleep
DeleteCriticalSection
WaitForSingleObject
InitOnceBeginInitialize
EnterCriticalSection
CreateMutexExW
InitOnceComplete
WaitForSingleObjectEx

api-ms-win-core-com-l1-1-1

CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegGetValueW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-1

OutputDebugStringA
DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-memory-l1-1-2

VirtualFree
VirtualAlloc

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-heap-l1-2-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-localization-l1-2-1

FormatMessageW
GetSystemDefaultLangID

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

cemapi

HrSetOneProp
FreeProws
MAPIFreeBuffer
IsMessageClassSPlusV2
GetMsgStoreFromMessage
HrGetOneProp

userdatalanguageutil

CanConvertStringFromUnicode
GetMultiLanguage2
ConvertToWideStream
GetNarrowSzCodepage
ConvertToMultiByte
IsSupportedCodepage

userdatatypehelperutil

DupString
CompressWhitespaceNW
ReadStreamContent
ReplaceChar
SafeLPWSTR
CreateTempFileStm

syncutil

ord23
ord34
ord109
ord66

phoneutil

GetDialableNumber

policymanager

PolicyManager_GetPolicyString
PolicyManager_FreeStringValue

ntdll

RtlCaptureContext
RtlQueryWnfStateData
RtlReportException

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryW

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-url-l1-1-0

UrlUnescapeA

Exports

Exports

BuildISO8601String
BuildISO8601StringFromSysTime
CopyMimeAttachmentsToMapi
CreateTemporaryFileStream
DllCanUnloadNow
DllGetClassObject
DownloadToVirtualStream
FindMatchingNameForAddress
GetAccountDomainForAccountAccessor
GetAccountManagedState
GetDataProtectionPropertyForStore
GetDomainFromAccountName
GetDomainNamesForEmailSyncList
GetDplPropertyForStore
GetIStoreForAccountGuid
GetMimeStreamFromMMSMessage
GetMimeStreamFromMessage
GetProtectedDomainList
GetProtectionPolicyState
GetSmProviderInfo
GetSmRecipientType
IsDPLInEffect
IsDomainInDelimitedList
ParseISO8601String
SearchDelimitedList
SetDataProtectionPropertyForStore
SetDplPropertyForStore
SetSmProviderInfo
StringCompareWithWildcard
SyncNormalizePhoneNumber
WriteInputStreamToNetworkStream
WriteMapiBodiesFromMimeReader
WriteMapiBodiesFromMimeStream
WriteMapiBodiesFromMimeStreamEx

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

202035cb2e5ef953d6c30f416d154b3b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-heap-l2-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

cemapi

userdatalanguageutil

userdatatypehelperutil

syncutil

phoneutil

policymanager

ntdll

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-url-l1-1-0

Exports

Exports

Sections

.text Size: 125KB - Virtual size: 124KB

.data Size: 1024B - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 32B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 125KB - Virtual size: 124KB

.data
Size: 1024B - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 32B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 6KB - Virtual size: 5KB