WMPhoto[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WMPhoto.dll
Size

349KB
MD5

498d5bc0289f8dd995feee8e7cd906ca
SHA1

7a4f567208c1df2b678befbe96115cc7d7dafa2b
SHA256

798c50f59a58e13603057e68f513d54d97d224871e53d635ee8bb729aed55c8d
SHA512

b120380fc4a9ec599e5ada729b8cb263164f38f48bbce8f4f8ac5a68f13fe8c378d0eb08d9fe74b4113d53de6685bfd45f1b161099f480224e6edb6492a99fb9
SSDEEP

6144:M4TaXjGUtA6GJB6mQVWpYk6KZ9iUbk8xEGeHnG0uV3feFsL0mFcDn:M4T4j8zJvQYj6KZ8UFhHVvh0mF+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WMPhoto.dll

Files

WMPhoto.dll
.dll regsvr32 windows:6 windows x86 arch:x86

110bea38b94d974195e0d039ac77fce7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wmphoto.pdb

Imports

msvcrt

_aligned_free
_aligned_malloc
_callnewh
??0exception@@QAE@XZ
_except_handler4_common
??1type_info@@UAE@XZ
??1exception@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
memcpy_s
_amsg_exit
feof
calloc
fopen
fread
fwrite
ftell
fseek
fclose
strstr
printf
_XcptFilter
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler3
??0exception@@QAE@ABQBD@Z
_initterm
free
?what@exception@@UBEPBDXZ
memmove_s
_purecall
_vsnwprintf
malloc
_CxxThrowException
_ftol2
memcmp
memcpy
memset

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-synch-l1-2-0

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
Sleep
LeaveCriticalSection

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameW
GetProcAddress

api-ms-win-core-com-l1-1-1

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
StringFromIID

api-ms-win-core-errorhandling-l1-1-1

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-2-1

SetFilePointer
CreateFileA
GetTempFileNameW
ReadFile
DeleteFileA
WriteFile
GetTempPathW

oleaut32

VariantClear
VariantInit

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-kernel32-legacy-l1-1-1

LoadLibraryW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWrite
EventRegister

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

110bea38b94d974195e0d039ac77fce7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-file-l1-2-1

oleaut32

api-ms-win-core-handle-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 258KB - Virtual size: 258KB

.data Size: 4KB - Virtual size: 5KB

.idata Size: 3KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 8B

.rsrc Size: 74KB - Virtual size: 74KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 258KB - Virtual size: 258KB

.data
Size: 4KB - Virtual size: 5KB

.idata
Size: 3KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 74KB - Virtual size: 74KB

.reloc
Size: 6KB - Virtual size: 6KB