UserDataLanguageUtil[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

UserDataLanguageUtil.dll
Size

36KB
MD5

cedbcad986ee4dd421e6f3cf6eac4139
SHA1

1bebf5bd8ef74a8e5de0eecb1941aabee7ea527a
SHA256

c1e0e991a6ced9acdf55390588eca7681a0926d0dc07c0966d8c47a57c95745f
SHA512

df54ad32d11bfc3df46d9bdb28af2b05fc21f10e76a2e1a31cbf3b85ae941e3570b89dad03f13b04023df7ef88c08f3a5673072027279b6dcfc3e748aca5f427
SSDEEP

768:BbCW26RhxFm1BYUUQL+HxKpbYRNZzGpPcM:gcRh3m1BY9vXDNGpP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UserDataLanguageUtil.dll

Files

UserDataLanguageUtil.dll
.dll windows:10 windows x86 arch:x86

efa4c1fff1a210ad760bf3e5eb903e8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

UserDataLanguageUtil.pdb

Imports

msvcrt

_callnewh
iswspace
malloc
_vsnwprintf
iswdigit
memmove
__CxxFrameHandler3
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
iswalpha
_initterm
_amsg_exit
free
iswpunct
wcsstr
_purecall
bsearch_s
_XcptFilter
memcpy
memset

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW

api-ms-win-core-file-l1-1-0

GetFileInformationByHandle
CreateFileW

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringEx

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-localization-l1-2-0

GetUserDefaultLangID
GetSystemDefaultLCID
GetLocaleInfoEx
GetSystemDefaultLangID
IsValidCodePage
LCMapStringEx

api-ms-win-core-normalization-l1-1-0

GetStringScripts
NormalizeString

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CHSPinYinHelper_CreateInstance
CHSPinYinHelper_HasPossibleCHSPinYin
CHSPinYinHelper_HasPossiblePinYin
CHSPinYinHelper_Initialize
CanConvertStringFromUnicode
ConvertToMultiByte
ConvertToWideStream
ConvertWideStreamToMultiByte
DecomposeHangulSyllables
DetermineStringEALangId
DetermineStringEALangIdNLS
GetCodepageName
GetConvertedTextForMatching
GetCurrentLangIdForMatching
GetMultiLanguage2
GetNarrowSzCodepage
GetSystemDefaultCodepage
GetWideSz
GetWideSzAlloc
InitializeLanguageUtil
IsAltChar
IsCHNChar
IsEAChar
IsHangulSyllable
IsJPNChar
IsLocalePseudoLoc
IsMatchingEAPrefix
IsMatchingEAPrefixEx
IsMatchingPrefix
IsMatchingPrefixEx
IsSkippableCharacter
IsSupportedCodepage
MapCharToBaseChar
MapStringToBaseCharacters
UninitializeLanguageUtil

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

efa4c1fff1a210ad760bf3e5eb903e8f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-normalization-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 28B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 28B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB