MFMediaEngine[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

MFMediaEngine.dll
Size

3.1MB
MD5

cd6229511443725e12d6014f82a2d97b
SHA1

9832348e15ca8594c1137f86653964de15fd9585
SHA256

4502fbbfe9631713b1b72c52519b886ed31c413c3b3a4b68d4d38139c4fd747f
SHA512

1f6fe3dc4462d1b85de8eb67ab2c59b76ac4537a64a646eb429a77cdd525fa0db83b94f990e8d152f38d2e7d93eb2777d8e4c306184ba5baaed343d12bb7d698
SSDEEP

49152:f85FJRZSx4auvoNyct2pitw4TfKdybSIXJoKm/5iISiap9PbR/J9v:Wa4gft2pitwCi2G/5xSdBbR/J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MFMediaEngine.dll

Files

MFMediaEngine.dll
.dll windows:10 windows x86 arch:x86

5ba435c1d6f2e681626ddd42a0695496

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MFMediaEngine.pdb

Imports

msvcp110_win

?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UAEXXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?eof@ios_base@std@@QBE_NXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?_BADOFF@std@@3_JB
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG0@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?width@ios_base@std@@QAE_J_J@Z
?get@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEGXZ
?seekg@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?tellg@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE?AV?$fpos@H@2@XZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_K@Z
??Bios_base@std@@QBEPAXXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
??0id@locale@std@@QAE@I@Z
?_Syserror_map@std@@YAPBDH@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Winerror_map@std@@YAPBDH@Z
?_Xbad_function_call@std@@YAXXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z
?_Xbad_alloc@std@@YAXXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Xout_of_range@std@@YAXPBD@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?_Xlength_error@std@@YAXPBD@Z
??0_Container_base12@std@@QAE@XZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
??1_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z

msvcrt

_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
_initterm
_amsg_exit
_XcptFilter
_ltoa_s
_i64toa_s
strchr
time
ctime
towlower
iswdigit
iswxdigit
iswalpha
towupper
wcscspn
memmove_s
_gcvt_s
_wtof
_wtoi
_errno
wcstod
wcsrchr
wcsstr
wcschr
wcsncmp
wcspbrk
__ExceptionPtrCopyException
?terminate@@YAXXZ
__ExceptionPtrCreate
__ExceptionPtrCurrentException
__ExceptionPtrRethrow
__ExceptionPtrCopy
__ExceptionPtrDestroy
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_wcsnicmp
wcscpy_s
swscanf_s
_wcsicmp
_finite
_ui64toa_s
_ultow_s
_ltow_s
_ultoa_s
realloc
_stricmp
isprint
_isnan
_vsnwprintf
memcpy_s
qsort
memmove
wcstok_s
_callnewh
malloc
free
_purecall
_vsnprintf
_CxxThrowException
_ftol2
_ftol2_sse
floor
memcmp
memcpy
memset

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister
EventWrite

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError
RaiseException

api-ms-win-core-synch-l1-2-0

ReleaseSemaphore
CreateSemaphoreExW
OpenSemaphoreW
CreateMutexExW
WaitForSingleObject
SetWaitableTimer
WaitForSingleObjectEx
Sleep
CreateWaitableTimerExW
ReleaseSRWLockShared
SetEvent
CreateEventW
ResetEvent
InitializeSRWLock
DeleteCriticalSection
InitializeCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseMutex
CreateEventExW
LeaveCriticalSection
AcquireSRWLockShared
EnterCriticalSection

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleExW
LoadStringW
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-processthreads-l1-1-2

TlsGetValue
TlsSetValue
GetCurrentProcessId
TerminateProcess
OpenProcessToken
GetCurrentProcess
OpenProcess
GetCurrentThreadId

api-ms-win-core-shlwapi-obsolete-l1-2-0

StrTrimW
StrSpnW
StrChrW
StrCmpIW
StrStrW
StrCmpNW
StrToIntW
StrStrIW
StrCmpW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExA
RegOpenKeyExW
RegGetValueW
RegQueryValueExA
RegEnumKeyExW
RegCreateKeyExA

api-ms-win-core-heap-l1-2-0

HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-debug-l1-1-1

OutputDebugStringW
DebugBreak
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-kernel32-legacy-l1-1-1

GetConsoleWindow

api-ms-win-security-base-l1-2-0

GetTokenInformation

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GlobalMemoryStatusEx
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-url-l1-1-0

UrlHashW

api-ms-win-core-path-l1-1-0

PathCchFindExtension
PathIsUNCEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-power-base-l1-1-0

PowerRegisterSuspendResumeNotification
PowerUnregisterSuspendResumeNotification

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalFree

xmllite

CreateXmlReader

api-ms-win-core-shlwapi-legacy-l1-1-0

IsCharSpaceW

api-ms-win-core-string-l2-1-0

IsCharAlphaW

api-ms-win-core-file-l1-2-1

FlushFileBuffers
WriteFile
CreateFileA
SetFilePointer
SetFilePointerEx

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpiA

api-ms-win-appmodel-runtime-l1-1-2

AppPolicyGetWindowingModel
AppPolicyGetLifecycleManagement
AppPolicyGetMediaFoundationCodecLoading

api-ms-win-appmodel-runtime-l1-1-1

GetPackagesByPackageFamily
PackageIdFromFullName
GetCurrentPackageFullName

api-ms-win-dx-d3dkmt-l1-1-0

GdiEntry13

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-processenvironment-l1-2-0

GetStdHandle

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-console-l1-1-0

AllocConsole

api-ms-win-core-console-l2-1-0

SetConsoleTitleW

bcrypt

BCryptDestroyKey
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptDecrypt
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

rtworkq

RtwqSetLongRunning

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ba435c1d6f2e681626ddd42a0695496

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp110_win

msvcrt

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-shlwapi-obsolete-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-security-base-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-url-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-power-base-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-heap-l2-1-0

xmllite

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-appmodel-runtime-l1-1-2

api-ms-win-appmodel-runtime-l1-1-1

api-ms-win-dx-d3dkmt-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-console-l2-1-0

bcrypt

api-ms-win-core-delayload-l1-1-1

rtworkq

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.data Size: 7KB - Virtual size: 12KB

.idata Size: 12KB - Virtual size: 12KB

.didat Size: 1024B - Virtual size: 668B

.rsrc Size: 58KB - Virtual size: 58KB

.reloc Size: 236KB - Virtual size: 235KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 7KB - Virtual size: 12KB

.idata
Size: 12KB - Virtual size: 12KB

.didat
Size: 1024B - Virtual size: 668B

.rsrc
Size: 58KB - Virtual size: 58KB

.reloc
Size: 236KB - Virtual size: 235KB