IasMigPlugin[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

IasMigPlugin.dll
Size

495KB
MD5

39e000265246a5357d85fdb272673fa0
SHA1

7137c00b19c97f36a0b934a8d8cc4008e9a1f0ee
SHA256

82d05f98fed4b473165a1388ccbbcfb002225fd14e19dbfb2c2d7fbe3d1506dc
SHA512

dd3e6aed5c6fb1bf4545a650a8af6df37ec525b85344555e815ef630e758ab81f3008d8dfb74d1153bc00d3fcd87cc7407b77dbb91efe2e84ff66cd5aa098114
SSDEEP

6144:6Bsw8VQ7w3qrrrutJTwpDPmgx5ude0Hr/BlkhZ7uXPlnO:6BlFrrruTOrmgx5E9PA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
IasMigPlugin.dll

Files

IasMigPlugin.dll
.dll regsvr32 windows:6 windows x86 arch:x86

c4c128fd88142fbcf92887f92aa21c8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

IasMigPlugin.pdb

Imports

msvcrt

??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
free
_CxxThrowException
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
realloc
??1type_info@@UAE@XZ
memset
__CxxFrameHandler
_itoa
_errno
_callnewh
wctomb
_strnicmp
fgetwc
??0exception@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
___mb_cur_max_func
fgetc
fputwc
ferror
wcstol
fwrite
fseek
fgetpos
fsetpos
setvbuf
fflush
fclose
setlocale
__pctype_func
isupper
___lc_handle_func
___lc_codepage_func
__crtLCMapStringA
_strtoi64
_strtoui64
memchr
strcspn
memcmp
__crtGetStringTypeW
__crtLCMapStringW
_wfsopen
abort
islower
_Gettnames
_Getdays
_Getmonths
_Strftime
tolower
___lc_collate_cp_func
__crtCompareStringA
__crtCompareStringW
isalnum
_snprintf
_iob
__mb_cur_max
mbtowc
localeconv
_fileno
isleadbyte
isspace
isdigit
memmove
memcpy
_wcsupr
_purecall
wcsrchr
_resetstkoflw
malloc
calloc
_onexit
__badioinfo
__pioinfo
_isatty
_write
_lseeki64
ungetc
_unlock
ungetwc
_lock
__dllonexit
_wtol
_wcsicmp

ntdll

RtlFreeHeap
RtlUnwind
RtlImageNtHeader
RtlAllocateHeap

kernel32

GetLocaleInfoA
lstrlenA
SwitchToThread
TryEnterCriticalSection
FindResourceW
LoadLibraryExW
LocalAlloc
ExpandEnvironmentStringsW
GetComputerNameExW
VirtualQuery
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
OutputDebugStringA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
lstrcmpiA
FreeLibrary
GetProcAddress
LoadLibraryExA
GetModuleHandleA
IsDBCSLeadByte
RaiseException
SizeofResource
LoadResource
FindResourceExA
GetModuleFileNameA
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LockResource
CreateFileW
CloseHandle
FindFirstFileW
CopyFileW
FindClose
FindNextFileW
GetModuleFileNameW
LoadLibraryW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
DeleteFileW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
LocalFree
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

advapi32

RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
OpenSCManagerA
QueryServiceStatusEx
CloseServiceHandle
OpenServiceA
TraceMessage
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
UnregisterTraceGuids
RegisterTraceGuidsA
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstanceEx
OleRun
CoTaskMemFree
CoUninitialize
CoInitializeEx
StringFromCLSID
CoCreateInstance
StringFromGUID2

oleaut32

VariantCopy
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreateVector
SafeArrayCreate
VarUI4FromStr
SysFreeString
VariantChangeType
VariantInit
GetErrorInfo
VariantClear
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
RegisterTypeLi

user32

CharNextA
UnregisterClassA

shell32

SHGetFileInfoA

rpcrt4

UuidCreate

rtutils

TraceVprintfExA
TraceRegisterExW
TraceDeregisterW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4c128fd88142fbcf92887f92aa21c8c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

ole32

oleaut32

user32

shell32

rpcrt4

rtutils

Exports

Exports

Sections

.text Size: 214KB - Virtual size: 213KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 250KB - Virtual size: 250KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 214KB - Virtual size: 213KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 250KB - Virtual size: 250KB

.reloc
Size: 22KB - Virtual size: 22KB