WindowsCodecsExt[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

WindowsCodecsExt.dll
Size

240KB
MD5

646bb8d0ae25fda355c2b7d8586095d9
SHA1

ad685cdeddb57607b618f2cf3b1edcd4b9e26e2c
SHA256

ec38fb1d705d9969047ca8eb5442576a482eb27aca3dfba5eb93851117476f93
SHA512

1e4388612d8048dea296815c0711464f3b2bfe5a822488a55a07ff8dbf30ebb3169299aafc53514262d95def1b0c2858cb9ac97679119907ed762357981eae8c
SSDEEP

3072:FwGmttHu0Kz6qqsQF+kyAfQ2DS+0xxHtVsULz+4Udml8AZSFbrBSRoH:ytDs6Ek7fQ2KHtVsg64UC8oQ8e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WindowsCodecsExt.dll

Files

WindowsCodecsExt.dll
.dll windows:6 windows x86 arch:x86

2381ecd5ffc309b53cad9a77b1b14525

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WindowsCodecsExt.pdb

Imports

msvcrt

_purecall
_vsnwprintf
realloc
_callnewh
_XcptFilter
_amsg_exit
_wcsicmp
memmove
_initterm
ldexp
frexp
memcpy
memcmp
_ftol2
_except_handler4_common
malloc
wcsncmp
_onexit
__dllonexit
free
_unlock
_lock
memset

api-ms-win-core-com-l1-1-1

CreateStreamOnHGlobal
CoTaskMemAlloc
PropVariantClear
CoCreateInstance
CoGetApartmentType
GetHGlobalFromStream
CoLockObjectExternal
CoTaskMemFree

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
Sleep
SleepEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
IsProcessorFeaturePresent
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

ntdll

RtlSetBits
RtlInitializeBitMap
DbgPrintEx
RtlCaptureStackBackTrace

api-ms-win-core-heap-l1-2-0

HeapAlloc
GetProcessHeap
HeapFree

oleaut32

VariantClear
VariantChangeType
VariantInit
SysStringLen
SysAllocString
SysAllocStringLen
SysFreeString

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalAlloc
GlobalUnlock
GlobalSize
GlobalFree

windowscodecs

WICMatchMetadataContent
WICMapSchemaToName

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

DllGetClassObject
IWICColorTransform_Initialize_Proxy
WICCreateColorTransform_Proxy

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2381ecd5ffc309b53cad9a77b1b14525

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-com-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

ntdll

api-ms-win-core-heap-l1-2-0

oleaut32

api-ms-win-core-string-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

windowscodecs

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 220KB - Virtual size: 219KB

.data Size: 2KB - Virtual size: 6KB

.idata Size: 3KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 220KB - Virtual size: 219KB

.data
Size: 2KB - Virtual size: 6KB

.idata
Size: 3KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB