WindowsCodecs[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

WindowsCodecs.dll
Size

987KB
MD5

1db71a41daee6b3f8cd0dda8209fa2d5
SHA1

22a3861d5183cbcf6a2d37601a79d0773a9e1c5c
SHA256

add7b965d6d4f1fb4dabf8e40e0322e1fdc4652ca8fd670f487d1e875b770759
SHA512

b29f4fc255455e48e1884de0c1d7ec0e5126892bdd4a7af6939eb040331cbb0a0b57c5b863334a5d7567f753097b57655f6a145321f59c1366c0bc38b0f17196
SSDEEP

24576:1ygPfLV3ikKALeUL26IQCebIC8TmSxSke9okQHfzSeuXLsbDyn/OfFhpmn9F:191qffm2kQ+i+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WindowsCodecs.dll

Files

WindowsCodecs.dll
.dll windows:6 windows x86 arch:x86

4e1bf076addfcff0c5556a8fcf8a0032

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WindowsCodecs.pdb

Imports

msvcrt

_CIsqrt
_setjmp3
_CIexp
_wcsnicmp
_wcsicmp
wcsstr
memmove
free
realloc
malloc
_stricmp
_isnan
strncmp
memmove_s
strcpy_s
qsort
strstr
rand
fprintf
_XcptFilter
_initterm
_amsg_exit
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_CIlog
_CIatan2
_vsnwprintf
_ftol2_sse
_ftol2
memcpy
memset
wcschr
_seh_longjmp_unwind4

kernel32

GetModuleHandleW
RtlCaptureStackBackTrace
GetCurrentThreadId
GetCurrentProcess
ExitProcess
IsDebuggerPresent
DebugBreak
TerminateProcess
TerminateThread
GetCurrentThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
Sleep
MulDiv
SleepEx
IsProcessorFeaturePresent
GetVersionExW
GlobalAlloc
RaiseException
MultiByteToWideChar
GetStringScripts
GlobalFree
GetProcessHeap
DisableThreadLibraryCalls
HeapReAlloc
HeapAlloc
HeapFree
LoadLibraryExA
InterlockedCompareExchange
FreeLibrary
GetLastError
GetProcAddress
GlobalUnlock
GlobalLock
GlobalSize
ReadFile
SetFilePointerEx
GetFileInformationByHandle
GetFileSize
SetFilePointer
WriteFile
CloseHandle
SetEndOfFile
CreateFileW
InterlockedExchange
LoadLibraryW
lstrlenW
LocalFree
LocalAlloc
MapViewOfFileEx
GetSystemInfo
UnmapViewOfFile
lstrcmpW
lstrcmpiW
GetFileType
InterlockedDecrement
InterlockedIncrement
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetTickCount
WideCharToMultiByte
GetCurrentProcessId
GetSystemTimeAsFileTime
DelayLoadFailureHook
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount

user32

EqualRect
IsRectEmpty
ReleaseDC
GetDC
IsCharAlphaNumericA
GetIconInfo
GetGuiResources
IntersectRect

ole32

HBITMAP_UserUnmarshal
HICON_UserSize
HPALETTE_UserFree
CLSIDFromString
CoCreateInstance
CoTaskMemAlloc
PropVariantClear
StringFromGUID2
CoTaskMemFree
CLIPFORMAT_UserUnmarshal
CreateStreamOnHGlobal
GetHGlobalFromStream
PropVariantCopy
CLIPFORMAT_UserFree
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserSize
HBITMAP_UserFree
HBITMAP_UserMarshal
HICON_UserMarshal
HPALETTE_UserMarshal
HBITMAP_UserSize
HICON_UserUnmarshal
HICON_UserFree
HPALETTE_UserSize
HPALETTE_UserUnmarshal
CoLockObjectExternal

ntdll

DbgPrompt
NtQuerySystemInformation
DbgPrintEx
RtlSetBits
RtlInitializeBitMap

rpcrt4

NdrDllGetClassObject
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
NdrClientCall2
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
CStdStubBuffer_AddRef
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
NdrStubCall2
CStdStubBuffer_CountRefs
NdrOleAllocate
NdrStubForwardingFunction
NdrOleFree
IUnknown_QueryInterface_Proxy
RpcRaiseException

advapi32

RegEnumKeyExW
IsTextUnicode
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

gdi32

DeleteObject
CreateCompatibleDC
GetPaletteEntries
GetDIBits
DeleteDC
GetObjectW
GetDeviceCaps
CreateDIBSection
SetDIBits

Exports

Exports

DllGetClassObject
IEnumString_Next_WIC_Proxy
IEnumString_Reset_WIC_Proxy
IPropertyBag2_Write_Proxy
IWICBitmapClipper_Initialize_Proxy
IWICBitmapCodecInfo_DoesSupportAnimation_Proxy
IWICBitmapCodecInfo_DoesSupportLossless_Proxy
IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy
IWICBitmapCodecInfo_GetContainerFormat_Proxy
IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy
IWICBitmapCodecInfo_GetDeviceModels_Proxy
IWICBitmapCodecInfo_GetFileExtensions_Proxy
IWICBitmapCodecInfo_GetMimeTypes_Proxy
IWICBitmapDecoder_CopyPalette_Proxy
IWICBitmapDecoder_GetColorContexts_Proxy
IWICBitmapDecoder_GetDecoderInfo_Proxy
IWICBitmapDecoder_GetFrameCount_Proxy
IWICBitmapDecoder_GetFrame_Proxy
IWICBitmapDecoder_GetMetadataQueryReader_Proxy
IWICBitmapDecoder_GetPreview_Proxy
IWICBitmapDecoder_GetThumbnail_Proxy
IWICBitmapEncoder_Commit_Proxy
IWICBitmapEncoder_CreateNewFrame_Proxy
IWICBitmapEncoder_GetEncoderInfo_Proxy
IWICBitmapEncoder_GetMetadataQueryWriter_Proxy
IWICBitmapEncoder_Initialize_Proxy
IWICBitmapEncoder_SetPalette_Proxy
IWICBitmapEncoder_SetThumbnail_Proxy
IWICBitmapFlipRotator_Initialize_Proxy
IWICBitmapFrameDecode_GetColorContexts_Proxy
IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy
IWICBitmapFrameDecode_GetThumbnail_Proxy
IWICBitmapFrameEncode_Commit_Proxy
IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy
IWICBitmapFrameEncode_Initialize_Proxy
IWICBitmapFrameEncode_SetColorContexts_Proxy
IWICBitmapFrameEncode_SetResolution_Proxy
IWICBitmapFrameEncode_SetSize_Proxy
IWICBitmapFrameEncode_SetThumbnail_Proxy
IWICBitmapFrameEncode_WriteSource_Proxy
IWICBitmapLock_GetDataPointer_STA_Proxy
IWICBitmapLock_GetStride_Proxy
IWICBitmapScaler_Initialize_Proxy
IWICBitmapSource_CopyPalette_Proxy
IWICBitmapSource_CopyPixels_Proxy
IWICBitmapSource_GetPixelFormat_Proxy
IWICBitmapSource_GetResolution_Proxy
IWICBitmapSource_GetSize_Proxy
IWICBitmap_Lock_Proxy
IWICBitmap_SetPalette_Proxy
IWICBitmap_SetResolution_Proxy
IWICColorContext_InitializeFromMemory_Proxy
IWICComponentFactory_CreateMetadataWriterFromReader_Proxy
IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy
IWICComponentInfo_GetAuthor_Proxy
IWICComponentInfo_GetCLSID_Proxy
IWICComponentInfo_GetFriendlyName_Proxy
IWICComponentInfo_GetSpecVersion_Proxy
IWICComponentInfo_GetVersion_Proxy
IWICFastMetadataEncoder_Commit_Proxy
IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy
IWICFormatConverter_Initialize_Proxy
IWICImagingFactory_CreateBitmapClipper_Proxy
IWICImagingFactory_CreateBitmapFlipRotator_Proxy
IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy
IWICImagingFactory_CreateBitmapFromHICON_Proxy
IWICImagingFactory_CreateBitmapFromMemory_Proxy
IWICImagingFactory_CreateBitmapFromSource_Proxy
IWICImagingFactory_CreateBitmapScaler_Proxy
IWICImagingFactory_CreateBitmap_Proxy
IWICImagingFactory_CreateComponentInfo_Proxy
IWICImagingFactory_CreateDecoderFromFileHandle_Proxy
IWICImagingFactory_CreateDecoderFromFilename_Proxy
IWICImagingFactory_CreateDecoderFromStream_Proxy
IWICImagingFactory_CreateEncoder_Proxy
IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy
IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_Proxy
IWICImagingFactory_CreateFormatConverter_Proxy
IWICImagingFactory_CreatePalette_Proxy
IWICImagingFactory_CreateQueryWriterFromReader_Proxy
IWICImagingFactory_CreateQueryWriter_Proxy
IWICImagingFactory_CreateStream_Proxy
IWICMetadataBlockReader_GetCount_Proxy
IWICMetadataBlockReader_GetReaderByIndex_Proxy
IWICMetadataQueryReader_GetContainerFormat_Proxy
IWICMetadataQueryReader_GetEnumerator_Proxy
IWICMetadataQueryReader_GetLocation_Proxy
IWICMetadataQueryReader_GetMetadataByName_Proxy
IWICMetadataQueryWriter_RemoveMetadataByName_Proxy
IWICMetadataQueryWriter_SetMetadataByName_Proxy
IWICPalette_GetColorCount_Proxy
IWICPalette_GetColors_Proxy
IWICPalette_GetType_Proxy
IWICPalette_HasAlpha_Proxy
IWICPalette_InitializeCustom_Proxy
IWICPalette_InitializeFromBitmap_Proxy
IWICPalette_InitializeFromPalette_Proxy
IWICPalette_InitializePredefined_Proxy
IWICPixelFormatInfo_GetBitsPerPixel_Proxy
IWICPixelFormatInfo_GetChannelCount_Proxy
IWICPixelFormatInfo_GetChannelMask_Proxy
IWICStream_InitializeFromIStream_Proxy
IWICStream_InitializeFromMemory_Proxy
WICConvertBitmapSource
WICCreateBitmapFromSection
WICCreateBitmapFromSectionEx
WICCreateColorContext_Proxy
WICCreateImagingFactory_Proxy
WICGetMetadataContentSize
WICMapGuidToShortName
WICMapSchemaToName
WICMapShortNameToGuid
WICMatchMetadataContent
WICSerializeMetadataContent
WICSetEncoderFormat_Proxy

Sections

.text
Size: 937KB - Virtual size: 937KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e1bf076addfcff0c5556a8fcf8a0032

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

ole32

ntdll

rpcrt4

advapi32

gdi32

Exports

Exports

Sections

.text Size: 937KB - Virtual size: 937KB

.orpc Size: 1KB - Virtual size: 1KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 937KB - Virtual size: 937KB

.orpc
Size: 1KB - Virtual size: 1KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 33KB - Virtual size: 33KB