HmMerge[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

HmMerge.dll
Size

85KB
MD5

4f07153b94647a8f0dd844ad1f79c092
SHA1

1b59c179284c4675d5408391f96c95f8da2e9237
SHA256

7559b5bc65bcae4bfdff50af2343b117f631b60f5507efd3a3344c6684661dca
SHA512

5ec61c9791f4de674f2496bdc3bfd20ea8153b1e42017810a7f540dac6b613c11395293e9f63627a02ac8a8008e05faaafb9575dd914c48fe69017112efcd6c8
SSDEEP

1536:zyqciylsql8Ao9lgxjt+PyK+vh6d6Mt+Gu0aPnHuM+jZ/kd8j7Ja/f9N1+LOt6qf:z1FyOql8Ao9lY+PYvgu5PnHuBjZcd8jY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HmMerge.dll

Files

HmMerge.dll
.dll windows:5 windows x86 arch:x86

5ec1512186a0363060cc8a56239213ba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SVNPRO\JpegProcess\branches\2019\HmMerge灰度解压叠加\project\windows\Debug\HmMerge.pdb

Imports

kernel32

OutputDebugStringA
IsBadReadPtr
IsBadWritePtr
SetThreadPriority
WaitForSingleObject
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

msvcr90

printf
memmove
malloc
free
_beginthreadex
_endthreadex
_unlock
memcpy
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_CxxThrowException
__CxxFrameHandler3
memset
??3@YAXPAX@Z
sprintf
fopen
fwrite
fflush
fclose
vsprintf
_time64
_localtime64
??2@YAPAXI@Z
__dllonexit

Exports

Exports

HM_CreateHandle
HM_DestroyHandle
HM_EEMerge
HM_GetVersion
HM_HeatVal2RGB
HM_Merge
HM_Muti_Merge
HM_SetMergeStyle

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ec1512186a0363060cc8a56239213ba

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcr90

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 65KB

.rodata Size: 512B - Virtual size: 368B

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 10KB - Virtual size: 26KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 65KB - Virtual size: 65KB

.rodata
Size: 512B - Virtual size: 368B

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 10KB - Virtual size: 26KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB