SearchFolder[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SearchFolder.dll
Size

977KB
MD5

70946771d2542c00756bbeb575ca84b2
SHA1

70afaff0b13dc474b821b241de3bebeb819ec86a
SHA256

12944d29adf1feb7afff4a6d965e4ebd5603b09eb971566e389826b504f6e50c
SHA512

4f747a562ee208327915eca7254b00b53ceb80fc2078954e170392f2b87b209149d538bbd120f0ce50dfb29a559a33775ffa9c2b8bdd59d0b424c2be8de96a41
SSDEEP

24576:MkDasbKHuopKpiaRLXEpB8ku6A+nMlHArZ84CqiNzZP93X:5DaEaO8WN+nMlgrZ84CrzZx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SearchFolder.dll

Files

SearchFolder.dll
.dll regsvr32 windows:6 windows x86 arch:x86

4b0e5fe2f99071fa37a0449766512cd3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SearchFolder.pdb

Imports

msvcrt

_CxxThrowException
_ftol2_sse
memcmp
iswprint
iswcntrl
??1type_info@@UAE@XZ
memcpy
iswspace
_wtoi
iswalnum
_resetstkoflw
_wtof
realloc
memcpy_s
_vsnwprintf
_wcsnicmp
wcstok_s
_except_handler4_common
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
free
_amsg_exit
_XcptFilter
wcschr
_get_errno
_set_errno
memmove
_wcsicmp
memset

ntdll

EtwEventRegister
WinSqmAddToStream
EtwEventEnabled
EtwEventWrite
EtwEventUnregister

api-ms-win-service-management-l1-1-0

StartServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
QueryServiceStatusEx

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchRemoveFileSpec
PathCchAppend
PathIsUNCEx

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference
WindowsGetStringLen
WindowsDeleteString
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer

api-ms-win-core-winrt-error-l1-1-1

RoOriginateError

api-ms-win-core-url-l1-1-0

GetAcceptLanguagesW
UrlIsW
PathCreateFromUrlAlloc
UrlUnescapeW
ParseURLW
PathIsURLW
UrlGetPartW
UrlEscapeW
UrlHashW
PathCreateFromUrlW
UrlCompareW

user32

IsCharAlphaNumericW
DestroyWindow
PostQuitMessage
SetCursor
LoadCursorW
DefWindowProcW
GetWindowLongW
CharLowerBuffW
ActivateKeyboardLayout
SystemParametersInfoW
PeekMessageW
MsgWaitForMultipleObjectsEx
DispatchMessageW
TranslateMessage
PostThreadMessageW
GetKeyboardLayout
SendMessageW
LoadStringW
DeleteMenu
CharLowerW
RegisterClipboardFormatW
DestroyMenu
RemoveMenu
GetSubMenu
LoadMenuW
LoadStringA
GetKeyState
GetMenuItemInfoW
GetMenuItemCount
GetMenuItemID
GetWindowRect
GetCursorPos
InsertMenuW
GetMenuStringW
CreateMenu
InsertMenuItemW

shell32

SHGetDesktopFolder
SHBindToFolderIDListParent
SHBindToFolderIDListParentEx
SHGetSpecialFolderLocation
ord24
ord153
ord815
ord155
ord704
SHGetIDListFromObject
SHCreateItemFromIDList
SHCreateItemWithParent
ord818
ord16
ord17
ord25
ord876
ord874
SHCreateShellItemArrayFromIDLists
ord880
SHParseDisplayName
ord910
SHGetFolderPathEx
SHSetLocalizedName
SHCreateItemInKnownFolder
SHCreateShellItemArrayFromShellItem
SHBindToParent
ord18
ord825
SHCreateDataObject
ord74
SHGetKnownFolderIDList
SHBindToObject
ord68
ord102
ord849
ord814
ord830
ord789
ord788
Shell_GetCachedImageIndexW
ord823
ord241
SHGetKnownFolderPath
ord75
ord171
SHChangeNotify
ord898
ord702
AssocCreateForClasses
SHCreateAssociationRegistration
ord6
ord895
ord824
ord51
SHEvaluateSystemCommandTemplate
SHGetKnownFolderItem
ord847
ord4
ord2
ord645
ord644
ord147
ord817
ord100
ord90
ShellExecuteExW
ord850
SHGetPathFromIDListEx
ord21
ord27
ord846
ord23
ord844
ord816
SHGetStockIconInfo
ord95
SHGetNameFromIDList
ord873
ord152
ord781
ord928
SHGetItemFromObject
ord819
ord911
ord914
AssocGetDetailsOfPropKey
ord851
ord791
SHCreateItemFromParsingName
ord866
ord264
ord740
SHCreateDefaultExtractIcon
ord256
SHCreateDefaultContextMenu
ord19

shlwapi

ord219
ord212
ord184
StrChrW
SHStrDupW
ord460
ord158
ord487
ord156
ord596
ord597
ord213
ord12
PathAppendW
SHCreateStreamOnFileEx
PathRemoveFileSpecW
PathFindFileNameW
ord217
ord176
StrDupW
ord154
StrToIntW
PathIsUNCW
ord629
PathRemoveExtensionW
ord388
PathParseIconLocationW
ord24
StrStrIW
AssocCreate
StrCmpW
ord175
ord174
ord544
PathCompactPathExW
PathRemoveBackslashW
ord16
ord168
PathIsNetworkPathW
StrStrW
StrCmpIW
StrCmpLogicalW
StrCmpNW
StrToIntExW
PathMatchSpecExW
PathBuildRootW
StrRetToBufW
PathSkipRootW
ord216
ord236
ord193
ord157
ord515
ord456
ord619
StrTrimW
StrPBrkW
ord611
ord317
ord214
ord632
SHRegGetValueW
ord215
ord476
StrRetToBSTR
StrRetToStrW
ord152
SHStrDupA
ord344
StrStrNIW
StrToIntA
StrRStrIW
StrStrA
PathFileExistsW
ord172
ord164
ord29
ord331
PathMatchSpecW
StrRChrW
PathIsRootW
ord630
SHQueryValueExW
StrCmpNIW
PathFindExtensionW
PathRemoveBlanksW
PathQuoteSpacesW
PathRemoveArgsW
PathGetArgsW
ord618
StrCSpnW
ord278
ord615
PathGetDriveNumberW
SHSetThreadRef
SHCreateThreadRef
SHGetThreadRef
ord199

kernel32

GetSystemPreferredUILanguages
ResolveLocaleName
GetSystemTime
lstrcmpiA
IsDBCSLeadByteEx
GetStringTypeExA
GetTimeZoneInformation
IsDBCSLeadByte
PackageIdFromFullName
ConvertSystemTimeToCalDateTime
ConvertCalDateTimeToSystemTime
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetCurrentThread
LCMapStringW
MulDiv
GetSystemDefaultLCID
lstrcmpiW
DuplicateHandle
GetStringTypeW
GetDriveTypeW
GetVolumePathNameW
SetErrorMode
MultiByteToWideChar
LocalReAlloc
lstrcmpA
GetLocalTime
LocaleNameToLCID
IsValidLocaleName
HeapReAlloc
FormatMessageW
SizeofResource
RegGetValueW
GetProcAddress
LoadLibraryExW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
GetModuleHandleW
RaiseException
ResetEvent
WideCharToMultiByte
lstrlenA
GetVersionExW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetLocaleInfoEx
GetCalendarSupportedDateRange
CompareCalendarDates
AdjustCalendarDate
UpdateCalendarDayOfWeek
CreateMutexW
LCMapStringEx
FindNLSString
ReleaseMutex
WaitForMultipleObjectsEx
InitializeSRWLock
CompareFileTime
WaitForMultipleObjects
CreateEventW
GetUserDefaultLCID
TlsGetValue
CreateSemaphoreW
OpenSemaphoreW
GetCurrentProcessId
Sleep
GetTickCount
TlsSetValue
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
CallbackMayRunLong
WaitForSingleObject
CreateThread
FreeLibrary
TrySubmitThreadpoolCallback
GetModuleHandleExW
CreateEventExW
SetEvent
DeleteTimerQueueTimer
CreateTimerQueueTimer
GetCurrentThreadId
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
ReleaseSemaphore
GlobalUnlock
GlobalLock
GlobalSize
lstrlenW
lstrcmpW
GetTickCount64
UnmapViewOfFile
CloseHandle
CompareStringW
LockResource
LoadResource
FindResourceExW
GetTempPathW
GetModuleFileNameW
GetLastError
CompareStringOrdinal
GlobalAlloc
GlobalFree
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
LocalFree
DisableThreadLibraryCalls
TlsFree
TlsAlloc
InitializeCriticalSection
EncodePointer
DecodePointer
DeleteCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-com-private-l1-1-0

CoRevokeInitializeSpy
CoRegisterInitializeSpy

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

gdi32

DeleteObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 862KB - Virtual size: 862KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b0e5fe2f99071fa37a0449766512cd3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-url-l1-1-0

user32

shell32

shlwapi

kernel32

api-ms-win-core-com-private-l1-1-0

api-ms-win-core-delayload-l1-1-1

gdi32

Exports

Exports

Sections

.text Size: 862KB - Virtual size: 862KB

.data Size: 5KB - Virtual size: 5KB

.idata Size: 10KB - Virtual size: 10KB

.didat Size: 1024B - Virtual size: 648B

.rsrc Size: 40KB - Virtual size: 40KB

.reloc Size: 56KB - Virtual size: 56KB

.text
Size: 862KB - Virtual size: 862KB

.data
Size: 5KB - Virtual size: 5KB

.idata
Size: 10KB - Virtual size: 10KB

.didat
Size: 1024B - Virtual size: 648B

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 56KB - Virtual size: 56KB