WindowsCodecs[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

WindowsCodecs.dll
Size

1.4MB
MD5

7c18b2e762de353aa7da99399e9110d0
SHA1

af6e4904878e6c07778045ceffe4ee0005459023
SHA256

c308ba5b9f702cfcecc6669ad9787ba326e283bb46af3019d7b6a7d44beb753e
SHA512

34375017299c3060b13196ca19e095fcd15ea914a0676878e8905678b16fc3fa7973c8498ddb2147a035691a6e2cfa8903691da8a3dbe1ef2d11ca7ae5f5c03b
SSDEEP

24576:So8RHVDoqggU6tZ2lm4jBf9yFwuAinKmlZwJH0xs9b1VkFVpauOv06r9BPLtvJLz:6KhWwCpxxcrJuOv0GBPt2gU6

Score

1^/10

Malware Config

Signatures

Files

WindowsCodecs.dll
.dll windows:6 windows x86 arch:x86

738ba51f2912ab4be1cd15dfa10df861

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:6f:fe:ea:24:f1:2f:da:95:aa:03:42:0d:18:5a:d6:eb:34:5c:c0:5c:6b:f3:12:47:fb:b0:d2:8f:64:93:1d
Signer

Actual PE Digest

ba:6f:fe:ea:24:f1:2f:da:95:aa:03:42:0d:18:5a:d6:eb:34:5c:c0:5c:6b:f3:12:47:fb:b0:d2:8f:64:93:1d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WindowsCodecs.pdb

Imports

msvcrt

_purecall
realloc
memmove
qsort
_vsnwprintf
_aligned_malloc
_aligned_free
_wcsnicmp
_aligned_realloc
_wcsicmp
wcsstr
_stricmp
_isnan
strncmp
memmove_s
strcpy_s
calloc
free
strstr
rand
_onexit
__dllonexit
_CIatan2
_unlock
_ftol2
_lock
fprintf
_finite
_except_handler4_common
_initterm
_amsg_exit
_libm_sse2_log_precise
_libm_sse2_sqrt_precise
_XcptFilter
_callnewh
_seh_longjmp_unwind4
_setjmp3
memcmp
memcpy
memcpy_s
ldexp
malloc
_libm_sse2_exp_precise
memset

rpcrt4

NdrCStdStubBuffer2_Release
RpcRaiseException
NdrDllGetClassObject
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
NdrClientCall2
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrStubForwardingFunction
NdrOleAllocate
CStdStubBuffer_CountRefs
NdrStubCall2
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect

api-ms-win-core-synch-l1-2-0

InitializeCriticalSectionAndSpinCount
EnterCriticalSection
SleepEx
Sleep
LeaveCriticalSection
DeleteCriticalSection

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentProcess
OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
SetThreadToken
GetCurrentThread
OpenThreadToken

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW
GetSystemInfo

api-ms-win-core-errorhandling-l1-1-1

GetLastError
RaiseException
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

combase

ord2
ord3

ntdll

DbgPrintEx
RtlCaptureStackBackTrace
RtlSetBits
RtlInitializeBitMap
WinSqmAddToStream
WinSqmIsOptedIn

api-ms-win-core-file-l1-2-1

SetFilePointer
GetFileType
SetFilePointerEx
GetFileInformationByHandle
GetFileSize
CreateFileW
WriteFile
SetEndOfFile
ReadFile

api-ms-win-core-memory-l1-1-2

VirtualAlloc
VirtualFree
MapViewOfFileEx
UnmapViewOfFile

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueExW

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-normalization-l1-1-0

GetStringScripts

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-1

MulDiv
CreateFileMappingA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
GlobalAlloc

api-ms-win-core-stringansi-l1-1-0

IsCharAlphaNumericA

api-ms-win-security-base-l1-2-0

GetTokenInformation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllGetClassObject
IEnumString_Next_WIC_Proxy
IEnumString_Reset_WIC_Proxy
IPropertyBag2_Write_Proxy
IWICBitmapClipper_Initialize_Proxy
IWICBitmapCodecInfo_DoesSupportAnimation_Proxy
IWICBitmapCodecInfo_DoesSupportLossless_Proxy
IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy
IWICBitmapCodecInfo_GetContainerFormat_Proxy
IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy
IWICBitmapCodecInfo_GetDeviceModels_Proxy
IWICBitmapCodecInfo_GetFileExtensions_Proxy
IWICBitmapCodecInfo_GetMimeTypes_Proxy
IWICBitmapDecoder_CopyPalette_Proxy
IWICBitmapDecoder_GetColorContexts_Proxy
IWICBitmapDecoder_GetDecoderInfo_Proxy
IWICBitmapDecoder_GetFrameCount_Proxy
IWICBitmapDecoder_GetFrame_Proxy
IWICBitmapDecoder_GetMetadataQueryReader_Proxy
IWICBitmapDecoder_GetPreview_Proxy
IWICBitmapDecoder_GetThumbnail_Proxy
IWICBitmapEncoder_Commit_Proxy
IWICBitmapEncoder_CreateNewFrame_Proxy
IWICBitmapEncoder_GetEncoderInfo_Proxy
IWICBitmapEncoder_GetMetadataQueryWriter_Proxy
IWICBitmapEncoder_Initialize_Proxy
IWICBitmapEncoder_SetPalette_Proxy
IWICBitmapEncoder_SetThumbnail_Proxy
IWICBitmapFlipRotator_Initialize_Proxy
IWICBitmapFrameDecode_GetColorContexts_Proxy
IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy
IWICBitmapFrameDecode_GetThumbnail_Proxy
IWICBitmapFrameEncode_Commit_Proxy
IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy
IWICBitmapFrameEncode_Initialize_Proxy
IWICBitmapFrameEncode_SetColorContexts_Proxy
IWICBitmapFrameEncode_SetResolution_Proxy
IWICBitmapFrameEncode_SetSize_Proxy
IWICBitmapFrameEncode_SetThumbnail_Proxy
IWICBitmapFrameEncode_WriteSource_Proxy
IWICBitmapLock_GetDataPointer_STA_Proxy
IWICBitmapLock_GetStride_Proxy
IWICBitmapScaler_Initialize_Proxy
IWICBitmapSource_CopyPalette_Proxy
IWICBitmapSource_CopyPixels_Proxy
IWICBitmapSource_GetPixelFormat_Proxy
IWICBitmapSource_GetResolution_Proxy
IWICBitmapSource_GetSize_Proxy
IWICBitmap_Lock_Proxy
IWICBitmap_SetPalette_Proxy
IWICBitmap_SetResolution_Proxy
IWICColorContext_InitializeFromMemory_Proxy
IWICComponentFactory_CreateMetadataWriterFromReader_Proxy
IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy
IWICComponentInfo_GetAuthor_Proxy
IWICComponentInfo_GetCLSID_Proxy
IWICComponentInfo_GetFriendlyName_Proxy
IWICComponentInfo_GetSpecVersion_Proxy
IWICComponentInfo_GetVersion_Proxy
IWICFastMetadataEncoder_Commit_Proxy
IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy
IWICFormatConverter_Initialize_Proxy
IWICImagingFactory_CreateBitmapClipper_Proxy
IWICImagingFactory_CreateBitmapFlipRotator_Proxy
IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy
IWICImagingFactory_CreateBitmapFromHICON_Proxy
IWICImagingFactory_CreateBitmapFromMemory_Proxy
IWICImagingFactory_CreateBitmapFromSource_Proxy
IWICImagingFactory_CreateBitmapScaler_Proxy
IWICImagingFactory_CreateBitmap_Proxy
IWICImagingFactory_CreateComponentInfo_Proxy
IWICImagingFactory_CreateDecoderFromFileHandle_Proxy
IWICImagingFactory_CreateDecoderFromFilename_Proxy
IWICImagingFactory_CreateDecoderFromStream_Proxy
IWICImagingFactory_CreateEncoder_Proxy
IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy
IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_Proxy
IWICImagingFactory_CreateFormatConverter_Proxy
IWICImagingFactory_CreatePalette_Proxy
IWICImagingFactory_CreateQueryWriterFromReader_Proxy
IWICImagingFactory_CreateQueryWriter_Proxy
IWICImagingFactory_CreateStream_Proxy
IWICMetadataBlockReader_GetCount_Proxy
IWICMetadataBlockReader_GetReaderByIndex_Proxy
IWICMetadataQueryReader_GetContainerFormat_Proxy
IWICMetadataQueryReader_GetEnumerator_Proxy
IWICMetadataQueryReader_GetLocation_Proxy
IWICMetadataQueryReader_GetMetadataByName_Proxy
IWICMetadataQueryWriter_RemoveMetadataByName_Proxy
IWICMetadataQueryWriter_SetMetadataByName_Proxy
IWICPalette_GetColorCount_Proxy
IWICPalette_GetColors_Proxy
IWICPalette_GetType_Proxy
IWICPalette_HasAlpha_Proxy
IWICPalette_InitializeCustom_Proxy
IWICPalette_InitializeFromBitmap_Proxy
IWICPalette_InitializeFromPalette_Proxy
IWICPalette_InitializePredefined_Proxy
IWICPixelFormatInfo_GetBitsPerPixel_Proxy
IWICPixelFormatInfo_GetChannelCount_Proxy
IWICPixelFormatInfo_GetChannelMask_Proxy
IWICStream_InitializeFromIStream_Proxy
IWICStream_InitializeFromMemory_Proxy
WICConvertBitmapSource
WICCreateBitmapFromSection
WICCreateBitmapFromSectionEx
WICCreateColorContext_Proxy
WICCreateImagingFactory_Proxy
WICGetMetadataContentSize
WICMapGuidToShortName
WICMapSchemaToName
WICMapShortNameToGuid
WICMatchMetadataContent
WICSerializeMetadataContent
WICSetEncoderFormat_Proxy

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

738ba51f2912ab4be1cd15dfa10df861

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

ba:6f:fe:ea:24:f1:2f:da:95:aa:03:42:0d:18:5a:d6:eb:34:5c:c0:5c:6b:f3:12:47:fb:b0:d2:8f:64:93:1dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

combase

ntdll

api-ms-win-core-file-l1-2-1

api-ms-win-core-memory-l1-1-2

api-ms-win-core-registry-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-normalization-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-stringansi-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.orpc Size: 1KB - Virtual size: 1KB

.data Size: 6KB - Virtual size: 6KB

.idata Size: 5KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 280B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 61KB - Virtual size: 61KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

ba:6f:fe:ea:24:f1:2f:da:95:aa:03:42:0d:18:5a:d6:eb:34:5c:c0:5c:6b:f3:12:47:fb:b0:d2:8f:64:93:1d
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.orpc
Size: 1KB - Virtual size: 1KB

.data
Size: 6KB - Virtual size: 6KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 280B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 61KB - Virtual size: 61KB