Pimstore[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Pimstore.dll
Size

1.1MB
MD5

8e089091bc3f9a13e6dc15d74381e125
SHA1

9500807b890e5f5e4f698dd3f18c8787373072cc
SHA256

068538f649f91e3c26a51e2ecf541fda3fa2c920cdde4c17bd540648884d350b
SHA512

f74cd2203e06557050d2615ec908f9cb4e45ec2540e0d1da5e8cbdb4a8323566d10bd42b9003e28a26553990760946482d6c861158845a0e9a4fb0797a2a628d
SSDEEP

24576:Rx5++7nNkrf51IFJ2tisk+RPAmWkmrIWUk60KWnDc1L6qkDJ7:ROBrHIWtin+RPAsyIWh604N6V9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Pimstore.dll

Files

Pimstore.dll
.dll windows:10 windows x86 arch:x86

e1ce18257e5aadd714130abb16db1b22

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

pimstore.pdb

Imports

msvcrt

wcscspn
memmove
memcmp
wcsstr
_wcstoui64
wcstod
wcstoul
_wcsnicmp
wcschr
_vsnwprintf
_wtoi
wcsncmp
_stricmp
_itow_s
bsearch
iswdigit
towlower
wcstol
strncpy_s
_amsg_exit
wcsncpy_s
??1type_info@@UAE@XZ
_vsnwprintf_s
_initterm
realloc
_wcsrev
tolower
_wcsicmp
_onexit
__dllonexit
_unlock
qsort
__CxxFrameHandler3
memcpy_s
memset
swprintf_s
iswspace
_callnewh
ceil
_XcptFilter
_ftol2
malloc
strrchr
free
strcpy_s
floor
_except_handler4_common
iswpunct
_lock
_purecall
_errno
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
SizeofResource
FreeLibrary
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameW
GetProcAddress
LoadResource
FindResourceExW
LoadStringW
LockResource
DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

DeleteCriticalSection
CreateMutexExW
ReleaseMutex
CreateEventW
EnterCriticalSection
SetEvent
InitializeCriticalSection
InitializeCriticalSectionEx
Sleep
InitOnceComplete
InitOnceBeginInitialize
WaitForSingleObject
LeaveCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
CreateSemaphoreExW
ReleaseSemaphore

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExW
RegDeleteValueW
RegGetValueW
RegOpenKeyExW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister
EventWrite

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree

api-ms-win-core-string-l2-1-0

CharNextW
IsCharUpperW
IsCharAlphaW
IsCharAlphaNumericW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte
CompareStringOrdinal
GetStringTypeExW

api-ms-win-core-errorhandling-l1-1-1

GetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-localization-obsolete-l1-3-0

GetSystemDefaultUILanguage

api-ms-win-core-localization-l1-2-1

FormatMessageW
GetUserDefaultLCID
LCMapStringW
GetLocaleInfoW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
GetDynamicTimeZoneInformation
GetTimeZoneInformation
SystemTimeToFileTime

api-ms-win-core-datetime-l1-1-1

GetDateFormatW
GetTimeFormatW

api-ms-win-core-sysinfo-l1-2-1

GetLocalTime
GetSystemTimeAsFileTime
GetTickCount64
GetSystemDirectoryW
GetVersionExW
GetTickCount
GetSystemTime

api-ms-win-core-file-l1-2-1

CreateFileW
DeleteFileW
CompareFileTime
GetTempFileNameW
ReadFile
WriteFile
GetFileSize

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree

ntdll

RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlReportException

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryW
FindResourceW

api-ms-win-core-memory-l1-1-2

OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-debug-l1-1-1

DebugBreak
OutputDebugStringA
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-processthreads-l1-1-2

OpenThreadToken
TerminateProcess
GetCurrentProcessId
GetCurrentThread
OpenProcessToken
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolCleanupGroupMembers
CreateThreadpoolWork
SetThreadpoolThreadMaximum
CreateThreadpoolCleanupGroup
CreateThreadpool
SubmitThreadpoolWork
CloseThreadpool
CloseThreadpoolWork
CloseThreadpoolCleanupGroup

api-ms-win-core-processenvironment-l1-2-0

SearchPathW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

userdataplatformhelperutil

StartAndWaitForService
GetCombinedTransientObjectSecurityDescriptor
IsActiveDebugger
??0Deserializer@Comms@@QAE@PBE0_N1@Z
??1Deserializer@Comms@@QAE@XZ
GetNextNewCalendarColor
?CopyBytesOut@Deserializer@Comms@@QAE_NPAXIABVtype_info@@@Z
IsCommsSystemService

api-ms-win-security-base-l1-2-0

CopySid
GetLengthSid
GetTokenInformation

api-ms-win-core-rtlsupport-l1-2-0

RtlCaptureContext

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

?Submit@AccountProviderHostJobBase@@QAEJPAK@Z
?SubmitSynchronously@AccountProviderHostJobBase@@QAEJPAXKPAT_SNJobOutParams@@@Z
BuildDisplayName
BuildYomiDisplayName
CanonicalizedComparePropVal
ClearPreferenceAndOverride
CompareEmailAddresses
CopyCEPROPVAL
CreateAttendeeList
CreateCategoryDBManager
CreateEntityBinding
CreateEntityBindingForAggregate
CreateEntityList
CreateItemInDefaultFolder
CreateOutlookApp
CreateRecurrenceFromData
DestroyNameParser
DisableLocalPoom
DisableLocalPoomEx
DllCanUnloadNow
DllGetClassObject
EnableLocalPoom
EnableLocalPoomEx
EscapePoomRestrictionValues
FindAllMatchingAggregates
FindAllMatchingContactsEx
FindAllMatchingContactsEx2
FindAllMatchingContactsEx3
FindMatchingContactEx
FindMatchingContactEx2
GenerateContactObjectIdStoreIdRestriction
GetActiveOutlookApp
GetAggregateCache
GetAggregateCacheGeneration
GetAppointmentFromUniqueId
GetAppointmentUniqueId
GetBlankName
GetDefaultFolderFromStore
GetDefaultFolderFromStoreEx
GetDefaultStoreFilter
GetDefaultStoreId
GetDefaultStoreItemId
GetDefaultUSStore
GetDisplayBy
GetFloatingTime
GetFullName
GetGivenName
GetHighestUSStoreBit
GetMeetingNotificationFromMessage
GetMiddle
GetNewNameParser
GetNickname
GetPartnerGUID
GetSortBy
GetStartAndEndDate
GetSuffix
GetSurname
GetTitle
GetYomiDisplayName
GetYomiGivenName
GetYomiSurname
HandleMeetingResponseForAppointment
HandleMeetingResponseForMeetingNotification
HasAllBlobBitsSet
HasSameStoreFilter
IsDefaultStore
IsEmptyProp
IsFEString
OlDefaultFoldersToOlItemType
OlItemTypeToOlDefaultFolders
OlObjectTypeFromOLITEMID
POutlookAppManager_CreateInstance
ParseName
PimBinaryBodyToString
PimCreateGlobalObjId
RebuildName
SendPictureUpdateNotification
SetDisplayBy
SetFullName
SetGiven
SetMiddle
SetNickname
SetSortBy
SetSuffix
SetSurname
SetTitle
SetYomiGiven
SetYomiSurname
StopNotifications
StreamToEntityList
TextToTag

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1ce18257e5aadd714130abb16db1b22

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-localization-obsolete-l1-3-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-heap-l1-2-0

ntdll

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-memory-l1-1-2

api-ms-win-core-debug-l1-1-1

api-ms-win-core-string-l2-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-profile-l1-1-0

userdataplatformhelperutil

api-ms-win-security-base-l1-2-0

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 1KB - Virtual size: 4KB

.idata Size: 7KB - Virtual size: 7KB

.didat Size: 1024B - Virtual size: 576B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 54KB - Virtual size: 53KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 1KB - Virtual size: 4KB

.idata
Size: 7KB - Virtual size: 7KB

.didat
Size: 1024B - Virtual size: 576B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 54KB - Virtual size: 53KB