Microsoft[.]Uev[.]Office2013CustomActions[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Microsoft.Uev.Office2013CustomActions.dll
Size

528KB
MD5

540f9baa3a9356092dfb15a6ea060b21
SHA1

7070262a24822f74e887dc1190bb91bcd813a65c
SHA256

57aa6b2929eeee4b4850dfd0172d95adf375910b07084f3515391079fe944c01
SHA512

b41b218b42c68baae8c55f136a25a3acdcd75d56521609e167caea7e394bc8e5bdf6becca74c89fd8e5acf2205ad2a04f73259f6afba83a97fc712e1014eb278
SSDEEP

12288:pM/wcySn8hl6z7URfgWKj7qHU8uP3pMap5i:2IyDbWdU8uP3pMap5i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Microsoft.Uev.Office2013CustomActions.dll

Files

Microsoft.Uev.Office2013CustomActions.dll
.dll regsvr32 windows:10 windows x86 arch:x86

c1a7ea36c302ac8ca7ddb1363431bd44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Uev.Office2013CustomActions.pdb

Imports

msvcrt

fsetpos
_fseeki64
?name@type_info@@QBEPBDXZ
setvbuf
strerror
fseek
_wfsopen
__CxxFrameHandler3
??_V@YAXPAX@Z
_purecall
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
??0bad_cast@@QAE@ABV0@@Z
fgetpos
fgetc
fflush
fputc
_vsnprintf_s
fwrite
fclose
_vsnwprintf
ungetc
_stricmp
calloc
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
isdigit
isalnum
memcmp
___lc_collate_cp_func
memchr
tolower
isspace
_Strftime
_Gettnames
__mb_cur_max
_Wcsftime
_W_Gettnames
_W_Getmonths
_W_Getdays
_Getmonths
_Getdays
ldexp
realloc
abort
_wsetlocale
__crtLCMapStringA
__crtLCMapStringW
__crtCompareStringA
__crtCompareStringW
??8type_info@@QBEHABV0@@Z
_wcsdup
islower
memset
_ismbblead
___mb_cur_max_func
___lc_codepage_func
___lc_handle_func
isupper
__pctype_func
__uncaught_exception
setlocale
_unlock
_lock
_errno
memmove
memcpy
_CxxThrowException
??0exception@@QAE@ABQBDH@Z
strcspn
_callnewh
_wcsicmp
wcsncpy_s
malloc
_wcsnicmp
wcscat_s
wcscpy_s
memcpy_s
sprintf_s
free
localeconv
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??3@YAXPAX@Z

user32

CharNextW
UnregisterClassA

kernel32

GetTickCount
OutputDebugStringA
ReleaseSemaphore
SetLastError
GetSystemTimeAsFileTime
GetCurrentThreadId
FormatMessageW
GetModuleFileNameA
LocalLock
CreateSemaphoreExW
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TlsFree
TlsGetValue
TlsAlloc
TlsSetValue
ResetEvent
OpenEventA
FormatMessageA
AreFileApisANSI
DeviceIoControl
GetUserDefaultLCID
GetSystemInfo
GetFileAttributesW
CreateFileW
ExpandEnvironmentStringsW
IsDebuggerPresent
LocalUnlock
DebugBreak
GetProcessHeap
LocalFree
CreateMutexExW
HeapAlloc
OpenSemaphoreW
OutputDebugStringW
GetCurrentProcessId
ReleaseMutex
WaitForSingleObject
GetModuleHandleExW
MultiByteToWideChar
GetLastError
SizeofResource
SetThreadLocale
EnterCriticalSection
GetModuleFileNameW
GetThreadLocale
LeaveCriticalSection
RaiseException
FindResourceExW
LoadResource
GetProcAddress
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
WaitForSingleObjectEx
CreateEventA
InitializeCriticalSection
SetEvent
CloseHandle
LoadLibraryW
GetLocalTime
DeleteCriticalSection
SystemTimeToFileTime
WideCharToMultiByte
GetStringTypeW
InitializeCriticalSectionEx
GetLocaleInfoW
Sleep
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
HeapFree

ole32

CoCreateInstance
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CLSIDFromString

oleaut32

SysAllocStringLen
SysFreeString
VarUI4FromStr
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
VariantInit
LoadRegTypeLi
SafeArrayAccessData
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayPutElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayCreateEx
GetRecordInfoFromTypeInfo
SafeArrayRedim
RegisterTypeLi

advapi32

RegDeleteValueW
RegSetValueExW
RegSetKeyValueW
RegDeleteKeyExW
RegEnumValueW
EventWriteTransfer
RegGetValueW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
EventUnregister
EventRegister
EventSetInformation

mapi32

ord75
ord140
ord19
ord11
ord23
ord21

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

shell32

SHGetKnownFolderPath

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 466KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1a7ea36c302ac8ca7ddb1363431bd44

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

kernel32

ole32

oleaut32

advapi32

mapi32

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

shell32

Exports

Exports

Sections

.text Size: 466KB - Virtual size: 465KB

.data Size: 21KB - Virtual size: 22KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 466KB - Virtual size: 465KB

.data
Size: 21KB - Virtual size: 22KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 24KB - Virtual size: 24KB