CallButtons[.]ProxyStub[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

CallButtons.ProxyStub.dll
Size

13KB
MD5

8eaf7950dffc18d8e14d6aa67ad20a09
SHA1

0069b1a82800969ccaa5980c615524f9674150ac
SHA256

a860f10c27c18a3331d719f817a33da777f110dec4566610516d6cbfc2f5468f
SHA512

a7693de2620833649f5f4823ed191d1c2fa04af031c44c99da05b72f94ec87f4e1dd4b685803698e51d01cc287ba9c4b34abaefe8c9127612a6b4ed14260f60e
SSDEEP

192:WMfBVTPiqjbArOpN32hcgx2ECW9UR5W9yrt:WsrzjD2hcpTW9u5Wy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CallButtons.ProxyStub.dll

Files

CallButtons.ProxyStub.dll
.dll regsvr32 windows:6 windows x86 arch:x86

f3fc456fc8fd5f20a07e95f093f451f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CallButtons.ProxyStub.pdb

Imports

rpcrt4

CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrStubForwardingFunction
NdrOleAllocate
NdrDllUnregisterProxy
CStdStubBuffer_CountRefs
NdrStubCall2
NdrDllGetClassObject
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrCStdStubBuffer2_Release
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllCanUnloadNow

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserMarshal
HSTRING_UserUnmarshal
HSTRING_UserFree
HSTRING_UserSize

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

combase

ord13
ord33
ord11
ord16
ord7
ord14
ord6
ord17
ord32
ord10
ord12
ord5
ord9
ord2
ord20
ord8
ord21
ord34
ord19
ord15
ord18

msvcrt

memcmp

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 503B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3fc456fc8fd5f20a07e95f093f451f0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

combase

msvcrt

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.orpc Size: 512B - Virtual size: 503B

.data Size: 512B - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 5KB

.orpc
Size: 512B - Virtual size: 503B

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB