Microsoft[.]Uev[.]Office2013CustomActions[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

Microsoft.Uev.Office2013CustomActions.dll
Size

500KB
MD5

9b077fc39d0b4ece4d37bc1d0f158b25
SHA1

bde0e4fe59f55e1ff71e8e43aaf7d2798c58c750
SHA256

1129ec275dbf4c1ab234cb2c8fc7881faa5c72557e0e86cf2acee47810c8a5cc
SHA512

9adc795f5fb9cc36e328f7dfd9af4d17933e70be5795ef8f95bc97ba6a0a7d2db7909df42c9d99d804db0c824b19ac13d23b37978d0daa7a8817f1791edc46b4
SSDEEP

12288:1Y4BXL+6Qi2n8MT5CEa+/Uu+YJNlncXSH8bgY1ofuxRHn1Zuq3:1fBzQiYTUEae+YJNlncXSH8bF1ofu711

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Microsoft.Uev.Office2013CustomActions.dll

Files

Microsoft.Uev.Office2013CustomActions.dll
.dll regsvr32 windows:10 windows x86 arch:x86

3dc4ea80ab0b87b9f8521bce7b509d77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Uev.Office2013CustomActions.pdb

Imports

msvcrt

??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
_purecall
memmove
fclose
fwrite
fputc
fflush
??_V@YAXPAX@Z
fgetpos
setvbuf
ungetc
fsetpos
_fseeki64
ldiv
?name@type_info@@QBEPBDXZ
_stricmp
strerror
fseek
_wfsopen
fgetc
_W_Getmonths
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
isdigit
isalnum
memcmp
___lc_collate_cp_func
memchr
tolower
isspace
_Strftime
_Gettnames
__mb_cur_max
_Wcsftime
_W_Gettnames
??3@YAXPAX@Z
_W_Getdays
_Getmonths
_Getdays
ldexp
realloc
abort
_free_locale
_get_current_locale
__crtLCMapStringA
__crtLCMapStringW
__crtCompareStringA
__crtCompareStringW
??8type_info@@QBEHABV0@@Z
_wcsdup
islower
_ismbblead
___mb_cur_max_func
___lc_codepage_func
___lc_handle_func
isupper
__pctype_func
__uncaught_exception
setlocale
_unlock
_lock
_errno
memcpy
__CxxFrameHandler3
_CxxThrowException
??0exception@@QAE@ABQBDH@Z
_callnewh
??0bad_cast@@QAE@ABV0@@Z
memset
_wcsicmp
wcsncpy_s
malloc
_wcsnicmp
wcscat_s
wcscpy_s
memcpy_s
sprintf_s
free
localeconv
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
strcspn
calloc

user32

CharNextW
UnregisterClassA

kernel32

GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DecodePointer
EncodePointer
Sleep
TlsFree
TlsGetValue
TlsAlloc
TlsSetValue
ResetEvent
OpenEventA
FormatMessageA
AreFileApisANSI
GetSystemTimeAsFileTime
DeviceIoControl
GetUserDefaultLCID
GetSystemInfo
GetFileAttributesW
CreateFileW
ExpandEnvironmentStringsW
GetProcessHeap
HeapFree
LocalUnlock
LocalFree
FormatMessageW
LocalLock
GetLocaleInfoW
InitializeCriticalSectionEx
GetStringTypeW
WideCharToMultiByte
GetTickCount
OutputDebugStringA
MultiByteToWideChar
GetLastError
SizeofResource
SetThreadLocale
EnterCriticalSection
GetModuleFileNameW
GetThreadLocale
LeaveCriticalSection
RaiseException
FindResourceExW
LoadResource
GetProcAddress
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
WaitForSingleObjectEx
CreateEventA
InitializeCriticalSection
SetEvent
CloseHandle
GetLocalTime
DeleteCriticalSection
SystemTimeToFileTime

ole32

CoCreateInstance
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CLSIDFromString

oleaut32

SysAllocStringLen
SafeArrayAccessData
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayPutElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayCreateEx
GetRecordInfoFromTypeInfo
SafeArrayRedim
SysFreeString
VarUI4FromStr
SysStringLen
SysAllocString
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
VariantInit
LoadRegTypeLi

advapi32

RegOpenKeyExW
RegDeleteValueW
RegSetKeyValueW
RegDeleteKeyExW
RegEnumValueW
EventWrite
EventWriteTransfer
RegGetValueW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
EventUnregister
EventRegister
EventSetInformation

mapi32

ord19
ord75
ord140
ord21
ord11

shell32

SHGetKnownFolderPath

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3dc4ea80ab0b87b9f8521bce7b509d77

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

kernel32

ole32

oleaut32

advapi32

mapi32

shell32

Exports

Exports

Sections

.text Size: 439KB - Virtual size: 438KB

.data Size: 20KB - Virtual size: 22KB

.idata Size: 5KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 439KB - Virtual size: 438KB

.data
Size: 20KB - Virtual size: 22KB

.idata
Size: 5KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 24KB - Virtual size: 23KB