MrmIndexer[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

MrmIndexer.dll
Size

585KB
MD5

8bb05a68026b725b79b5efaafbf64054
SHA1

9bb7b332feca617bb97b23bda641eb9385149977
SHA256

692de6cfedff43905fe0bc47d045e39c532a6de4fc13a04c5f97c423cf4388f9
SHA512

6605144f67fe5d5cc8dfa1c80bf8b996fcc7ea6e35a43f4f98e9b9e2d58030faaa82269a2e91ec5ef6ecc7cb61c8ce6e0b2aad93f5c0263307f50fb954e4f5d6
SSDEEP

12288:Cu214h3q5pz4hG83si2InxA5zw8QkYyllrdYz:F2w3q554w8ci2k2byyllrdYz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MrmIndexer.dll

Files

MrmIndexer.dll
.dll windows:10 windows x86 arch:x86

142bba5765b8325b8708e712729aabd1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MrmIndexer.pdb

Imports

msvcrt

_amsg_exit
memmove
_except_handler4_common
memmove_s
_initterm
towlower
_wtoi
wcscpy_s
_vscwprintf_l
vswprintf_s
wcschr
wcsnlen
wcsncmp
_wfopen
fgetwc
_errno
fclose
_wcsnicmp
wcsstr
iswdigit
wcscspn
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
strcspn
_CxxThrowException
sprintf_s
_fileno
fread
malloc
_vsnprintf
printf
wprintf
_wtof
isalpha
isxdigit
strtol
isdigit
iswctype
towupper
wcsrchr
iswalnum
iswspace
qsort_s
_ui64tow_s
wcsncpy_s
bsearch
wcstoul
__pctype_func
___lc_handle_func
___lc_codepage_func
__mb_cur_max
setlocale
__crtGetStringTypeW
__crtLCMapStringW
___mb_cur_max_func
abort
__uncaught_exception
_callnewh
?terminate@@YAXXZ
__CxxFrameHandler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
??0exception@@QAE@ABQBD@Z
free
?what@exception@@UBEPBDXZ
_purecall
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_unlock
_lock
_filelengthi64
realloc
memcpy
localeconv
memcpy_s
_vsnwprintf
_XcptFilter
memcmp
vwprintf_s
wprintf_s
_ftol2
_ftol2_sse
memchr
memset

bcp47mrm

IsValidUnIsoRegionTag
GetParentCompositeRegionCode
CompareBcp47Tags
IsWellFormedTag
FormatLanguageTag
IsValidTag
GetCompositeRegionCode
GetDistanceOfClosestLanguageInList
GetClosenessOfUnIsoRegionTags

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
GetModuleHandleExA

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
AcquireSRWLockShared
WaitForSingleObjectEx
CreateEventExW
CreateMutexExW
ReleaseMutex
AcquireSRWLockExclusive
WaitForSingleObject
InitializeCriticalSection
ReleaseSemaphore
ReleaseSRWLockShared
InitializeSRWLock
CreateSemaphoreExW
ReleaseSRWLockExclusive
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringEx

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
SetRestrictedErrorInfo
RoOriginateError
RoTransformError
GetRestrictedErrorInfo

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-com-l1-1-0

CreateStreamOnHGlobal
CoReleaseMarshalData
CoTaskMemAlloc
CoMarshalInterface
CoCreateFreeThreadedMarshaler
CoCreateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsCreateString
WindowsDeleteString
WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsDuplicateString
WindowsGetStringRawBuffer

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
FreeLibraryWhenCallbackReturns

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-url-l1-1-0

PathCreateFromUrlW

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

FreeSid
GetTokenInformation
GetAce
EqualSid
AddAccessAllowedAceEx
GetLengthSid
AllocateAndInitializeSid

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetTickCount
GetSystemWindowsDirectoryW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-file-l1-1-0

ReadFile
CreateFileW
GetFullPathNameW
GetFileAttributesW
WriteFile
FlushFileBuffers
DeleteFileW
CreateDirectoryW
GetFinalPathNameByHandleW
CompareFileTime
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesExW
GetFileSizeEx
GetDriveTypeW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveBackslashW
PathFileExistsW
PathRelativePathToW
PathIsRelativeW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-file-l1-2-0

GetTempPathW

oleaut32

VariantChangeType
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantClear
SysFreeString
SysAllocString
SysStringLen
VariantChangeTypeEx

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegGetValueW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW
GetNamedSecurityInfoW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

RtlPublishWnfStateData

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 543KB - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

142bba5765b8325b8708e712729aabd1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

bcp47mrm

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-processthreads-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-shcore-path-l1-1-0

api-ms-win-core-file-l1-2-0

oleaut32

api-ms-win-core-memory-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-timezone-l1-1-0

rpcrt4

api-ms-win-core-heap-l2-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

ntdll

Exports

Exports

Sections

.text Size: 543KB - Virtual size: 543KB

.data Size: 4KB - Virtual size: 6KB

.idata Size: 8KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 24B

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 543KB - Virtual size: 543KB

.data
Size: 4KB - Virtual size: 6KB

.idata
Size: 8KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 26KB - Virtual size: 25KB