Microsoft[.]Uev[.]Office2013CustomActions[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Microsoft.Uev.Office2013CustomActions.dll
Size

513KB
MD5

6b23815b22e98dc52a0c1f9a1e8dc137
SHA1

08bbd9bce75214c6941e0c104c137b7edc1b9346
SHA256

faa632e75ef1d8531f28f2482c3fa981b863897f53ee98f9952b4de0962578ca
SHA512

e765be94aeffba31c9263bdf1ba75d0530090a4d33484b465a558c42830bb9827fc59280652e017cc0c523b167461494cfe5c14f45a30eb45b730bbcbd08b86a
SSDEEP

12288:BXWWRItU/jdEmGa/adiZhlnnYV5EhNNkOHI6/kH:dFR9/JEmGa/aduhlnMEOOHI6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Microsoft.Uev.Office2013CustomActions.dll

Files

Microsoft.Uev.Office2013CustomActions.dll
.dll regsvr32 windows:10 windows x86 arch:x86

87e228e626f376f82aa5ca49cd90f0b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Uev.Office2013CustomActions.pdb

Imports

msvcrt

_fseeki64
ldiv
?name@type_info@@QBEPBDXZ
strerror
fseek
_wfsopen
ungetc
__CxxFrameHandler3
??_V@YAXPAX@Z
_purecall
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
??0bad_cast@@QAE@ABV0@@Z
fgetc
fflush
fputc
_vsnprintf_s
fwrite
fclose
_vsnwprintf
setvbuf
fsetpos
fgetpos
_stricmp
calloc
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
isdigit
isalnum
memcmp
___lc_collate_cp_func
memchr
tolower
isspace
_Strftime
_Gettnames
__mb_cur_max
_Wcsftime
_W_Gettnames
_W_Getmonths
_W_Getdays
_Getmonths
_Getdays
ldexp
realloc
abort
_free_locale
_get_current_locale
__crtLCMapStringA
__crtLCMapStringW
__crtCompareStringA
__crtCompareStringW
??8type_info@@QBEHABV0@@Z
_wcsdup
islower
memset
_ismbblead
___mb_cur_max_func
___lc_codepage_func
___lc_handle_func
isupper
__pctype_func
__uncaught_exception
setlocale
_unlock
_lock
_errno
memmove
memcpy
_CxxThrowException
strcspn
??0exception@@QAE@ABQBDH@Z
_callnewh
_wcsicmp
wcsncpy_s
malloc
_wcsnicmp
wcscat_s
wcscpy_s
memcpy_s
sprintf_s
free
localeconv
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??3@YAXPAX@Z

user32

CharNextW
UnregisterClassA

kernel32

OpenSemaphoreW
LocalLock
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TlsFree
TlsGetValue
TlsAlloc
TlsSetValue
ResetEvent
OpenEventA
FormatMessageA
AreFileApisANSI
DeviceIoControl
GetUserDefaultLCID
GetSystemInfo
GetFileAttributesW
CreateFileW
ExpandEnvironmentStringsW
IsDebuggerPresent
LocalUnlock
DebugBreak
GetProcessHeap
LocalFree
CreateMutexExW
HeapAlloc
GetModuleFileNameA
OutputDebugStringW
FormatMessageW
ReleaseMutex
WaitForSingleObject
GetModuleFileNameW
MultiByteToWideChar
GetLastError
SizeofResource
SetThreadLocale
EnterCriticalSection
GetThreadLocale
LeaveCriticalSection
RaiseException
FindResourceExW
LoadResource
GetProcAddress
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
WaitForSingleObjectEx
CreateEventA
InitializeCriticalSection
SetEvent
CloseHandle
GetLocalTime
DeleteCriticalSection
SystemTimeToFileTime
WideCharToMultiByte
GetStringTypeW
InitializeCriticalSectionEx
GetLocaleInfoW
Sleep
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId

ole32

CoCreateInstance
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CLSIDFromString

oleaut32

SafeArrayCreate
SafeArrayUnaccessData
SysFreeString
VarUI4FromStr
SysStringLen
SysAllocString
RegisterTypeLi
SafeArrayAccessData
UnRegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SafeArrayPutElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayCreateEx
GetRecordInfoFromTypeInfo
SafeArrayRedim
SysAllocStringLen
VariantInit

advapi32

EventRegister
RegOpenKeyExW
RegSetKeyValueW
RegDeleteKeyExW
RegEnumValueW
EventWriteTransfer
RegGetValueW
RegDeleteValueW
EventSetInformation
EventUnregister
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW

mapi32

ord19
ord75
ord23
ord11
ord21
ord140

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

shell32

SHGetKnownFolderPath

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 450KB - Virtual size: 450KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87e228e626f376f82aa5ca49cd90f0b4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

kernel32

ole32

oleaut32

advapi32

mapi32

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

shell32

Exports

Exports

Sections

.text Size: 450KB - Virtual size: 450KB

.data Size: 20KB - Virtual size: 23KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 450KB - Virtual size: 450KB

.data
Size: 20KB - Virtual size: 23KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 25KB - Virtual size: 24KB