MediaMetadataHandler[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

MediaMetadataHandler.dll
Size

260KB
MD5

3206adc4d06bb764c9a4936c8e22708c
SHA1

235e038f4feabb816150e2e1cf499fd300c3bd1a
SHA256

8e31bb2d80682b758878488e1d17473f6ba7f37fb4469a4d67a0e600279e14b4
SHA512

c6efad7c7fb7405690f2addb1f9713f4dacd3bfbfe074b0aec1b49473b8cfef62f3d1decbaf0bb093f674796ac75ed70b1f7b310af8509ae879e62fc3b126ea1
SSDEEP

3072:hvVmoGR0kMOoAmNoq0KvYZ9Dm0hW+SRdeb6F4XpWn5aMNlr1YjODyrqplQN4b6kT:hUVK0N9DVhWdREbiapWN1YZ0lQMl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MediaMetadataHandler.dll

Files

MediaMetadataHandler.dll
.dll regsvr32 windows:6 windows x86 arch:x86

361c29821fe0a6dc76c504c29a76bbac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MediaMetadataHandler.pdb

Imports

msvcrt

_wcsicmp
??_U@YAPAXI@Z
memset
memmove
_vsnwprintf
_ltow_s
_CIlog
wcstombs
_ultow
??3@YAXPAX@Z
swscanf_s
memcpy
iswxdigit
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
_amsg_exit
_initterm
free
malloc
_XcptFilter
_CIsqrt
_purecall
??2@YAPAXI@Z
wcstol
??_V@YAXPAX@Z
towlower
towupper
iswspace
wcspbrk
wcschr
wcsstr
wcsrchr
wcsncmp
_wcsnicmp
iswdigit
_wtol
_ftol2_sse
_CIpow
bsearch
_beginthreadex
_wtoi
wcstoul
swscanf

atl

ord15
ord16
ord21
ord23
ord32
ord30

gdi32

CreateDIBSection
DeleteObject
CreateDIBitmap

ole32

PropVariantClear
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
CoUninitialize
CoInitializeEx
StringFromCLSID
PropVariantCopy
CoTaskMemAlloc

advapi32

EventEnabled
EventWrite
RegEnumKeyExW
TraceMessage
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

kernel32

WriteFile
SystemTimeToFileTime
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock
RaiseException
SetFilePointer
CreateFileMappingW
CreateProcessW
FileTimeToSystemTime
MapViewOfFile
UnmapViewOfFile
CreateDirectoryW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
LocalAlloc
LocalFree
MulDiv
CompareFileTime
FormatMessageW
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
InterlockedExchange
Sleep
InterlockedCompareExchange
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CompareStringW
GetVersionExW
lstrlenW
GetLastError
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
LockResource
LoadResource
FindResourceW
ExpandEnvironmentStringsW
GetProcAddress
LoadLibraryA
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapFree
GetVersion
CloseHandle
GetModuleHandleW
GetVersionExA
DeviceIoControl
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
LoadLibraryExA
GetModuleFileNameW
DebugBreak
SetFileAttributesW
GetWindowsDirectoryW
GetSystemDirectoryW
FreeLibrary
LoadLibraryW
GetFileAttributesW
CreateFileW
SetLastError
GetExitCodeThread
WaitForSingleObject
CreateThread
SetErrorMode
GetFileAttributesExW
GetFileType
GetDriveTypeW
CreateFileA
QueryDosDeviceW

user32

GetDC
LoadStringW
CharNextA
ReleaseDC

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
SysStringLen
VariantClear
VariantChangeType
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringByteLen

shell32

SHGetSpecialFolderLocation
SHGetFolderPathW
SHGetPathFromIDListW
SHGetMalloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

361c29821fe0a6dc76c504c29a76bbac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

gdi32

ole32

advapi32

kernel32

user32

oleaut32

shell32

Exports

Exports

Sections

.text Size: 232KB - Virtual size: 232KB

.data Size: 10KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 232KB - Virtual size: 232KB

.data
Size: 10KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 12KB