ImageOperationLib[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

ImageOperationLib.dll
Size

888KB
MD5

77ce1e7d534665a54a6a8d6984d1bd36
SHA1

e64f68014fdee11ad6b7635d81ac272edd66b775
SHA256

0696158a4f8c3989ca8104cf107df79c67a9e23e4ba281992d8ecf2709f6dfe4
SHA512

c18f710a6846968ab99b66342f268f3fa14d0ace15b32bef0a525bb4817eb1e57b2656d4d74633af59daa779d58423b0cea9e7efa1111b30200ad85c5f5394f3
SSDEEP

24576:sUMsXZ8YrFxGaeSDUPDV1VYlUWFyUMjhTr0/:sKXLrFpDUPDV1VYlUWF/MjhT4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ImageOperationLib.dll

Files

ImageOperationLib.dll
.dll windows:5 windows x86 arch:x86

d47415a6a67d4f4934eac6171d1a5d34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\test\NewSVN\Release\ImageOperationLib.pdb

Imports

ws2_32

accept
listen
ioctlsocket
gethostname
htonl
ntohl
recvfrom
sendto
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup

advapi32

CryptEncrypt
CryptDestroyKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
CryptImportKey

wldap32

ord27
ord301
ord41
ord46
ord33
ord79
ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord200
ord32
ord35

normaliz

IdnToAscii
IdnToUnicode

kernel32

GetTickCount
VirtualQuery
GetModuleFileNameW
LoadLibraryW
lstrlenA
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
CloseHandle
WaitForSingleObject
FormatMessageA
GetVersion
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetLastError
SetLastError
InitializeCriticalSection
Sleep
ExpandEnvironmentStringsA
VerSetConditionMask
VerifyVersionInfoA
FindResourceExW
FindResourceW
GetFileType
GetStdHandle
SleepEx
LoadResource
LockResource
SizeofResource
OutputDebugStringA
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
FreeLibrary
GetProcAddress
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte

msvcr100

?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_onexit
_lock
?terminate@@YAXXZ
_crt_debugger_hook
__dllonexit
_strdup
_read
_write
_close
_open
_stricmp
_strnicmp
_CIlog
__CxxFrameHandler3
_setjmp3
_CxxThrowException
_except_handler4_common
fopen
??3@YAXPAX@Z
strrchr
malloc
??_U@YAPAXI@Z
free
??_V@YAXPAX@Z
strtoul
memmove
ceil
??2@YAPAXI@Z
strstr
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
sprintf
?what@exception@std@@UBEPBDXZ
_localtime64
_CIpow
fread
_fseeki64
fclose
fwrite
atoi
memcpy_s
memmove_s
longjmp
calloc
realloc
memset
strncpy
strchr
_errno
memcpy
ftell
fseek
_time64
tolower
sscanf
__iob_func
strtol
isalpha
strncmp
isxdigit
strpbrk
_strtoi64
qsort
fputs
fgets
isdigit
fputc
_beginthreadex
strerror
__sys_nerr
fflush
isalnum
isspace
_getpid
memchr
_fstat64
_lseeki64
wprintf
getenv
_gmtime64
isupper
_stat64
islower
isprint
isgraph
exit
fprintf
ferror
strcmp
_recalloc
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_CRT_RTC_INITW
_unlock

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z

Exports

Exports

??0CImageOperationManager@@QAE@XZ
??1CImageOperationManager@@QAE@XZ
??4CImageOperationManager@@QAEAAV0@ABV0@@Z
?CompressBlockDataInfo@CImageOperationManager@@SA_NPBD@Z
?CreateDataFile@CImageOperationManager@@SAPAVCDataFile@@PBD@Z
?CreateImageFile@CImageOperationManager@@SA_NPBDAAUIMAGE_INFO_STRUCT@@@Z
?DeleteImageBlockStream@CImageOperationManager@@SA_NPAX@Z
?DestoryImageFile@CImageOperationManager@@SA_NAAUIMAGE_INFO_STRUCT@@@Z
?GetDllVersion@CImageOperationManager@@SAMXZ
?GetHeaderInfo@CImageOperationManager@@SA_NUIMAGE_INFO_STRUCT@@AAH11AAMAAN21@Z
?GetImageBlockStream@CImageOperationManager@@SAPAEAAUIMAGE_INFO_STRUCT@@MHHAAHPAPAE@Z
?GetImageDataRoi@CImageOperationManager@@SA_NUIMAGE_INFO_STRUCT@@MHHHHPAPAEAAH_N@Z
?GetLabelInfo@CImageOperationManager@@SA_NPBDPAPAEAAH22@Z
?GetLabelInfo@CImageOperationManager@@SA_NUIMAGE_INFO_STRUCT@@PAPAEAAH22@Z
?GetMachineSerialNum@CImageOperationManager@@SA_NAAUIMAGE_INFO_STRUCT@@PAD@Z
?GetPriviewInfo@CImageOperationManager@@SA_NPBDPAPAEAAH22@Z
?GetPriviewInfo@CImageOperationManager@@SA_NUIMAGE_INFO_STRUCT@@PAPAEAAH22@Z
?GetScanLevelInfo@CImageOperationManager@@SA_NAAUIMAGE_INFO_STRUCT@@AAH1@Z
?GetScanTimeDuration@CImageOperationManager@@SA_NAAUIMAGE_INFO_STRUCT@@AAH11111111@Z
?GetThumnailImage@CImageOperationManager@@SA_NPBDPAPAEAAH22@Z
?GetThumnailImage@CImageOperationManager@@SA_NUIMAGE_INFO_STRUCT@@PAPAEAAH22@Z
?GetThumnailImageOnly@CImageOperationManager@@SA_NPBDPAPAEAAH22@Z
?GetVersionInfo@CImageOperationManager@@SA_NUIMAGE_INFO_STRUCT@@AAM@Z
?ImageLUTadjust@CImageOperationManager@@SAPAEAAUIMAGE_INFO_STRUCT@@MHHAAHPAPAEMMMMMM@Z
?ReadOriginal@CImageOperationManager@@SA_NPBDPAD@Z
?UnCompressBlockDataInfo@CImageOperationManager@@SA_NPBD@Z
?WriteCiphertext@CImageOperationManager@@SA_NPBDPAD@Z
CompressBlockDataInfoFunc
DeleteImageDataFunc
GetDllVersionFunc
GetHeaderInfoFunc
GetImageDataRoiFunc
GetImageStreamFunc
GetLUTImage
GetLableInfoFunc
GetLableInfoPathFunc
GetMachineSerialNumFunc
GetPriviewInfoFunc
GetPriviewInfoPathFunc
GetScanLevelInfoFunc
GetScanTimeDurationFunc
GetThumnailImageFunc
GetThumnailImageOnlyPathFunc
GetThumnailImagePathFunc
GetVersionInfoFunc
InitImageFileFunc
ReadOriginalFunc
UnCompressBlockDataInfoFunc
UnInitImageFileFunc
WriteCiphertextFunc

Sections

.text
Size: 695KB - Virtual size: 694KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d47415a6a67d4f4934eac6171d1a5d34

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

advapi32

wldap32

normaliz

kernel32

msvcr100

msvcp100

Exports

Exports

Sections

.text Size: 695KB - Virtual size: 694KB

.rdata Size: 157KB - Virtual size: 157KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 26KB - Virtual size: 26KB

.text
Size: 695KB - Virtual size: 694KB

.rdata
Size: 157KB - Virtual size: 157KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 26KB - Virtual size: 26KB