WMPEncEn[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

WMPEncEn.dll
Size

1.5MB
MD5

80c5342074711f098a00f71fff262b3b
SHA1

574f9f4e0634fd11ee10300ee04cb41fe7864e6f
SHA256

9d42fccbc327ed729368ac280a4843024af50998e2c22a3b6685db28b9ff7ee9
SHA512

eebcd0b9f9ec6f17276c3ad245ea4ef4ec97168fc339e72d06d3ecca4693ea0782eecb95350f2b5f19cc808b04eba86d43e05361f004a5e1784354e81f7c1b5a
SSDEEP

24576:kC1Be5ZbwqTrCvX/2CEyZfW50LDZZyT3Wl3TIHRS3CPjyPM0p9ovlX2cZwG4dH6g:uu+Cf5DRIHRSxf3k/qA/saXy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WMPEncEn.dll

Files

WMPEncEn.dll
.dll regsvr32 windows:6 windows x86 arch:x86

fa8cf16ac3bd6f4b028b1655c0e7afd1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WMPEncEn.pdb

Imports

msvcrt

wcspbrk
wcsstr
_wcslwr
iswalpha
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
_amsg_exit
_initterm
_vsnwprintf_s
wcsspn
__CxxFrameHandler3
_wtol
_CIlog10
swscanf
wcsrchr
wcscat_s
_wfopen
fclose
fwrite
memcpy_s
_strnicmp
_CIpow
_CIsqrt
isalnum
wcsncpy
_vsnwprintf
towlower
iswspace
wcsncat_s
_ftol
memset
perror
_CIsin
printf
wcstod
atof
wcscpy_s
fprintf
fopen
ceil
floor
_CIcos
_vsnprintf
_wtoi
_XcptFilter
swscanf_s
memmove
_ftol2
wcschr
time
_CxxThrowException
strncpy_s
srand
rand
_snwprintf_s
swprintf_s
_wcsnicmp
wcsncpy_s
_ftol2_sse
_itow
_wcsicmp
??_U@YAPAXI@Z
??_V@YAXPAX@Z
memcpy
??2@YAPAXI@Z
realloc
??3@YAXPAX@Z
free
malloc
??1type_info@@UAE@XZ

rpcrt4

NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrStubForwardingFunction
NdrStubCall2
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject

kernel32

CreateDirectoryW
GetVersionExW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
MultiByteToWideChar
lstrlenW
lstrcpyW
GetLastError
SetEvent
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapFree
GetProcessHeap
CreateEventW
RaiseException
lstrcpynW
GetModuleFileNameW
FreeLibrary
DisableThreadLibraryCalls
DeleteFileW
lstrlenA
lstrcatW
SizeofResource
GetTempFileNameW
FindResourceW
LoadLibraryExW
WaitForSingleObject
CloseHandle
CreateThread
WaitForSingleObjectEx
SetThreadPriority
ResetEvent
ReadFile
GetFileType
CreateFileW
ResumeThread
Sleep
GetFileSizeEx
WaitForMultipleObjects
SetFileAttributesW
CopyFileExW
MoveFileExW
LocalFree
ReleaseSemaphore
CreateSemaphoreW
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
TerminateThread
HeapAlloc
LoadLibraryA
VirtualFree
InterlockedExchange
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetVersionExA
DeviceIoControl
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
LoadLibraryExA
WideCharToMultiByte
GetFileSize
WriteFile
GetTempPathW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetLocaleInfoW
MulDiv
LockResource
GetSystemTime
FormatMessageW
CompareStringW
lstrcmpW
GlobalAlloc
GlobalUnlock
GlobalLock
FreeResource
GlobalFree
GlobalHandle
CreateMutexW
ReleaseMutex
OutputDebugStringW
GetUserDefaultLCID
LocalAlloc
GetThreadPriority
GetCurrentThread
SignalObjectAndWait
InterlockedExchangeAdd
GetProcessAffinityMask
LoadResource
SetThreadAffinityMask

user32

SystemParametersInfoW
GetClientRect
wsprintfW
LoadCursorW
GetClassInfoExW
RegisterClassExW
KillTimer
SetTimer
MapWindowPoints
SetWindowPos
GetParent
GetSystemMetrics
DialogBoxParamW
LoadImageW
EnableWindow
IsWindowEnabled
CreateWindowExW
SetWindowTextW
EndDialog
GetActiveWindow
CreateDialogParamW
GetDC
GetDialogBaseUnits
ReleaseDC
SetDlgItemTextW
GetDlgItemTextW
SendMessageW
MessageBoxW
RegisterWindowMessageW
IsWindow
GetDlgItem
GetWindowTextLengthW
GetWindowTextW
SetRect
IsRectEmpty
DefWindowProcW
CallWindowProcW
GetWindowLongW
GetWindow
GetSysColor
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetClassNameW
ReleaseCapture
SetFocus
GetFocus
EndPaint
FillRect
BeginPaint
GetDesktopWindow
CreateAcceleratorTableW
DialogBoxIndirectParamW
SendDlgItemMessageW
GetWindowRect
CharNextW
DestroyIcon
ShowWindow
MoveWindow
IsDialogMessageW
LoadStringW
SetWindowLongW
CharPrevW
WinHelpW
PostMessageW
PostThreadMessageW
DestroyWindow
GetMessageW
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
PeekMessageW

advapi32

RegSetValueExW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegSetValueW
RegQueryValueW
RegCreateKeyExW
RegOpenKeyExA
RegOpenKeyW

ole32

StgOpenStorage
CoGetTreatAsClass
OleUninitialize
OleInitialize
OleLockRunning
CoInitialize
CoUnmarshalInterface
CreateStreamOnHGlobal
CoMarshalInterface
CoReleaseMarshalData
IIDFromString
CoCreateGuid
HWND_UserSize
HWND_UserMarshal
HWND_UserUnmarshal
HWND_UserFree
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
CoInitializeEx
CoUninitialize
CoCreateFreeThreadedMarshaler
CoCreateInstance
ProgIDFromCLSID
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
StgCreateDocfile

oleaut32

SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayDestroy
SysStringByteLen
SafeArrayPutElement
SafeArrayCreate
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
SafeArrayUnaccessData
SysAllocStringByteLen
VARIANT_UserSize
VARIANT_UserUnmarshal
VARIANT_UserFree
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
DispCallFunc
VariantInit
LoadRegTypeLi
VarUI4FromStr
VariantChangeType
RegisterTypeLi
LoadTypeLi
CreateErrorInfo
SetErrorInfo
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
VariantCopy
SysStringLen
VARIANT_UserMarshal

winmm

mixerClose
mixerGetControlDetailsW
mixerGetLineControlsW
mixerGetLineInfoW
mixerOpen
mixerGetDevCapsW
mixerGetID
waveInGetDevCapsA
waveInGetNumDevs
mixerGetNumDevs
CloseDriver
GetDriverModuleHandle
OpenDriver
timeGetTime
mixerSetControlDetails

shlwapi

wnsprintfW

crypt32

CryptProtectData
CryptUnprotectData

msdmo

MoDeleteMediaType
MoCreateMediaType
MoInitMediaType
MoCopyMediaType
DMOEnum
MoDuplicateMediaType
MoFreeMediaType

avifil32

AVIFileOpenW
AVIFileExit
AVIStreamSampleToTime
AVIStreamStart
AVIStreamLength
AVIStreamTimeToSample
AVIStreamRead
AVIFileGetStream
AVIStreamReadFormat
AVIStreamInfoW
AVIFileRelease
AVIStreamRelease
AVIFileInit

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
GetDeviceCaps
CreateFontIndirectW
SelectObject
GetTextMetricsW
GetTextExtentPointW
DeleteObject
GetObjectW
GetStockObject
GetSystemPaletteEntries
CreateSolidBrush

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 1024B - Virtual size: 801B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa8cf16ac3bd6f4b028b1655c0e7afd1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

kernel32

user32

advapi32

ole32

oleaut32

winmm

shlwapi

crypt32

msdmo

avifil32

gdi32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.orpc Size: 2KB - Virtual size: 2KB

RT_CODE Size: 25KB - Virtual size: 24KB

.data Size: 30KB - Virtual size: 48KB

RT_DATA Size: 1024B - Virtual size: 801B

.rsrc Size: 81KB - Virtual size: 81KB

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.orpc
Size: 2KB - Virtual size: 2KB

RT_CODE
Size: 25KB - Virtual size: 24KB

.data
Size: 30KB - Virtual size: 48KB

RT_DATA
Size: 1024B - Virtual size: 801B

.rsrc
Size: 81KB - Virtual size: 81KB

.reloc
Size: 56KB - Virtual size: 55KB