Windows.Media.SpeechSynthesis.pdb
Static task
static1
Behavioral task
behavioral1
Sample
Windows.Media.SpeechSynthesis.dll
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
Windows.Media.SpeechSynthesis.dll
Resource
win10v2004-20240226-en
General
-
Target
Windows.Media.SpeechSynthesis.dll
-
Size
171KB
-
MD5
2ddb8c4990be38a2473d33929807863e
-
SHA1
2dbd9f6848344d037c8ae15464115f4272458428
-
SHA256
df7017cc3b13f7dc26177911f9c4791963872d904102f57f7c8fbe2a669d8281
-
SHA512
0de786d39216783732b559cbac952707a6858c603f790739d3495ba03a1bb154006e374ee783be5cd5a023d83eb64d52977a7cd19470429488e47a55e94c5e50
-
SSDEEP
3072:rVaOmqorrSeAE/Wahmv4XAj2mmxOpEgpzRGuo+OCGLluIPkqfJ83pb7sCfQQKso3:Zl5ZmIpzR9oDzV83pn0r4uw
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Windows.Media.SpeechSynthesis.dll
Files
-
Windows.Media.SpeechSynthesis.dll.dll windows:6 windows x86 arch:x86
addbb0bcac0528a6a470bef378954974
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
??_V@YAXPAX@Z
_purecall
_XcptFilter
_amsg_exit
free
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
memmove
_vsnwprintf
_wcsicmp
_wcsnicmp
memmove_s
realloc
strchr
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
wcstol
memcpy_s
wcsncpy_s
memset
calloc
_CxxThrowException
??0exception@@QAE@XZ
setlocale
memcpy
___mb_cur_max_func
_errno
___lc_handle_func
___lc_codepage_func
__pctype_func
__crtLCMapStringW
___lc_collate_cp_func
__crtCompareStringW
memcmp
abort
??1type_info@@UAE@XZ
_except_handler4_common
__CxxFrameHandler3
??2@YAPAXI@Z
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
malloc
??3@YAXPAX@Z
ntdll
WinSqmAddToStreamEx
kernel32
DeleteCriticalSection
GetFileAttributesW
WaitForSingleObject
SetEvent
FindResourceExW
OutputDebugStringA
GetStringTypeW
WideCharToMultiByte
LoadResource
SizeofResource
lstrcmpiW
EncodePointer
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
DisableThreadLibraryCalls
DecodePointer
AcquireSRWLockShared
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CompareStringEx
RaiseException
InitializeSRWLock
GetLastError
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
InitializeCriticalSectionEx
GetModuleHandleW
GetCurrentPackageFullName
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
SetThreadpoolWait
InitializeCriticalSection
GetTickCount64
InitOnceExecuteOnce
OpenProcess
CloseHandle
LCIDToLocaleName
ExpandEnvironmentStringsW
FreeLibrary
GetProcAddress
CreateEventW
MultiByteToWideChar
CreateFileW
ReadFile
WriteFile
SetFilePointer
SetEndOfFile
LockFileEx
UnlockFileEx
GetFileInformationByHandle
DuplicateHandle
LoadLibraryExW
urlmon
URLOpenBlockingStreamW
CoInternetParseUrl
user32
CharNextW
UnregisterClassA
api-ms-win-core-com-l1-1-1
CoReleaseMarshalData
CoCopyProxy
CoTaskMemAlloc
CLSIDFromProgID
CoTaskMemRealloc
CoTaskMemFree
CoMarshalInterface
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeEx
RoGetAgileReference
CoSetProxyBlanket
CoGetApartmentType
CoCreateFreeThreadedMarshaler
api-ms-win-core-winrt-string-l1-1-0
WindowsDeleteString
WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsGetStringLen
WindowsConcatString
WindowsCreateString
WindowsGetStringRawBuffer
api-ms-win-core-winrt-error-l1-1-1
RoReportFailedDelegate
GetRestrictedErrorInfo
RoOriginateError
IsErrorPropagationEnabled
RoTransformError
SetRestrictedErrorInfo
RoOriginateErrorW
RoGetMatchingRestrictedErrorInfo
oleaut32
VariantInit
VarUI4FromStr
VariantClear
SysAllocString
LoadRegTypeLi
SysStringLen
LoadTypeLi
SysFreeString
api-ms-win-core-winrt-l1-1-0
RoGetActivationFactory
RoInitialize
RoUninitialize
RoActivateInstance
api-ms-win-core-processthreads-l1-1-2
OpenProcessToken
api-ms-win-security-base-l1-2-0
GetTokenInformation
api-ms-win-core-registry-l1-1-0
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
api-ms-win-shcore-stream-winrt-l1-1-0
CreateStreamOverRandomAccessStream
Exports
Exports
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
Sections
.text Size: 153KB - Virtual size: 153KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ