PresentationHostProxy[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PresentationHostProxy.dll
Size

61KB
MD5

d8f596e228deaf3c65b34ff39b57caa9
SHA1

dbbc94082d7688b41b667532a8d99448b9fee26a
SHA256

7c2f2977366503f3a627671cf111fca68fca614af1f8ef70b54bd6bb228b9aab
SHA512

e1aabbb7ef5cb6b8cc9270a7058203bc2e0d691ddf31284d50eb8818f507529fef3f5b511d03c96e3f864bce628dba076955cca10887bcee8edc691ced7a8252
SSDEEP

1536:XMM+wCOFcnXSTHQ3FeoTMXgY3qnc7cbKNK+RMKOMb1lYF:Xd+wdFWhMXgVc7ce8+RMKOMbo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PresentationHostProxy.dll

Files

PresentationHostProxy.dll
.dll regsvr32 windows:10 windows x86 arch:x86

34297c9be53dfffeb7f558f7543ab715

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PresentationHostProxy.pdb

Imports

msvcrt

_beginthreadex
_vsnwprintf
_purecall
wcscat_s
memcpy
wcscpy_s
memcpy_s
tolower
free
memmove
isdigit
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
iswdigit
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_XcptFilter
_amsg_exit
_CxxThrowException
_initterm
?terminate@@YAXXZ
_except_handler4_common
??1type_info@@UAE@XZ
_errno
realloc
_lock
_unlock
__dllonexit
_onexit
memcmp
__CxxFrameHandler3
??0exception@@QAE@ABV0@@Z
_callnewh
malloc
wcsncpy_s
memmove_s
memset

oleaut32

VariantClear
SysAllocString
SysAllocStringLen
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysFreeString
VarUI4FromStr
VariantInit

ole32

ObjectStublessClient4
CoTaskMemFree
CStdStubBuffer2_Connect
ObjectStublessClient16
CoTaskMemRealloc
ObjectStublessClient10
CoTaskMemAlloc
ObjectStublessClient17
ObjectStublessClient12
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient6
CoCreateInstance
ObjectStublessClient14
HWND_UserMarshal
ObjectStublessClient19
CoRegisterPSClsid
CStdStubBuffer2_QueryInterface
ObjectStublessClient5
CoUnmarshalInterface
ObjectStublessClient11
CStdStubBuffer2_CountRefs
OleUninitialize
StringFromGUID2
ObjectStublessClient3
CoGetStdMarshalEx
CoMarshalInterThreadInterfaceInStream
HWND_UserUnmarshal
ObjectStublessClient18
ObjectStublessClient13
HWND_UserSize
ObjectStublessClient7
CStdStubBuffer2_Disconnect
ObjectStublessClient15
HWND_UserFree
OleInitialize
NdrProxyForwardingFunction3

kernel32

HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
LocalFree
LocalAlloc
Sleep
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OutputDebugStringA
QueryPerformanceCounter
GetExitCodeThread
WaitForMultipleObjects
SetEvent
OutputDebugStringW
GetCurrentThreadId
CloseHandle
CreateEventW
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
RaiseException
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
FreeLibrary
lstrcmpiW
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
DelayLoadFailureHook
ResolveDelayLoadedAPI

user32

CharNextW
PostQuitMessage
UnregisterClassA
TranslateMessage
DispatchMessageW
GetMessageW

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

rpcrt4

NdrCStdStubBuffer2_Release
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
NdrStubForwardingFunction
NdrStubCall2
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy

urlmon

ObtainUserAgentString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34297c9be53dfffeb7f558f7543ab715

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

oleaut32

ole32

kernel32

user32

advapi32

version

rpcrt4

urlmon

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 49KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 12B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 49KB - Virtual size: 49KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB