WMPhoto[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WMPhoto.dll
Size

349KB
MD5

b8a8ae0693ef986e41980118839bbf3c
SHA1

01238119693c1dd29c0d74d04e98787930949fca
SHA256

4ba308ba258e40d3d39c501955c0051afbfb30869f58101cdd6191d45809b24a
SHA512

e94adec96e791af43e38b1326e772e1b1e2391509aea45f33cca91cf4cb6f13f3a501d7305f0d9b28265ff982bdfff267a32e7b789cdc603af338a86d07e7e02
SSDEEP

6144:evoXkPFzoM+3j3m5MIzkn4Y73gZNCt4RP9EGeHnGRbvi+eFsK0mFc26:evBP5+z22Izs93gZMtWhdP00mF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WMPhoto.dll

Files

WMPhoto.dll
.dll regsvr32 windows:6 windows x86 arch:x86

110bea38b94d974195e0d039ac77fce7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wmphoto.pdb

Imports

msvcrt

_aligned_free
_aligned_malloc
_callnewh
??0exception@@QAE@XZ
_except_handler4_common
??1type_info@@UAE@XZ
??1exception@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
memcpy_s
_amsg_exit
feof
calloc
fopen
fread
fwrite
ftell
fseek
fclose
strstr
printf
_XcptFilter
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler3
??0exception@@QAE@ABQBD@Z
_initterm
free
?what@exception@@UBEPBDXZ
memmove_s
_purecall
_vsnwprintf
malloc
_CxxThrowException
_ftol2
memcmp
memcpy
memset

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-synch-l1-2-0

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
Sleep
LeaveCriticalSection

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameW
GetProcAddress

api-ms-win-core-com-l1-1-1

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
StringFromIID

api-ms-win-core-errorhandling-l1-1-1

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-2-1

SetFilePointer
CreateFileA
GetTempFileNameW
ReadFile
DeleteFileA
WriteFile
GetTempPathW

oleaut32

VariantClear
VariantInit

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-kernel32-legacy-l1-1-1

LoadLibraryW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWrite
EventRegister

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

110bea38b94d974195e0d039ac77fce7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-file-l1-2-1

oleaut32

api-ms-win-core-handle-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 258KB - Virtual size: 258KB

.data Size: 4KB - Virtual size: 5KB

.idata Size: 3KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 8B

.rsrc Size: 74KB - Virtual size: 74KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 258KB - Virtual size: 258KB

.data
Size: 4KB - Virtual size: 5KB

.idata
Size: 3KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 74KB - Virtual size: 74KB

.reloc
Size: 6KB - Virtual size: 6KB