Windows[.]Media[.]SpeechSynthesis[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Windows.Media.SpeechSynthesis.dll
Size

161KB
MD5

bd6e1448551303a4809cb1283beded2b
SHA1

a16f4b4337db5042b321372df834cd76485b93ca
SHA256

02dcb98060abca9be485898a97bb6acecd14015b8218444139958c9c35578cf6
SHA512

d0326936b976c2c1c3d63cbb029c31ec6132805438fd94870004b919d9d0ff051156027a91968432c4a962f4f310906a976bb91f0eeceb32254cdd32316f5b48
SSDEEP

3072:ipGI3w8rnSeAE/WahmFZDFduIuCyru17yC/OwVADrxHnfvxV4Qu9ULU:iQPZ5Aiya1DO5rJf9u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Windows.Media.SpeechSynthesis.dll

Files

Windows.Media.SpeechSynthesis.dll
.dll windows:6 windows x86 arch:x86

addbb0bcac0528a6a470bef378954974

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Windows.Media.SpeechSynthesis.pdb

Imports

msvcrt

??_V@YAXPAX@Z
_purecall
_XcptFilter
_amsg_exit
free
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
memmove
_vsnwprintf
_wcsicmp
_wcsnicmp
memmove_s
realloc
strchr
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
wcstol
memcpy_s
wcsncpy_s
memset
calloc
_CxxThrowException
??0exception@@QAE@XZ
setlocale
memcpy
___mb_cur_max_func
_errno
___lc_handle_func
___lc_codepage_func
__pctype_func
__crtLCMapStringW
___lc_collate_cp_func
__crtCompareStringW
memcmp
abort
??1type_info@@UAE@XZ
_except_handler4_common
__CxxFrameHandler3
??2@YAPAXI@Z
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
malloc
??3@YAXPAX@Z

ntdll

WinSqmAddToStreamEx

kernel32

DeleteCriticalSection
GetFileAttributesW
WaitForSingleObject
SetEvent
FindResourceExW
OutputDebugStringA
GetStringTypeW
WideCharToMultiByte
LoadResource
SizeofResource
lstrcmpiW
EncodePointer
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
DisableThreadLibraryCalls
DecodePointer
AcquireSRWLockShared
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CompareStringEx
RaiseException
InitializeSRWLock
GetLastError
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
InitializeCriticalSectionEx
GetModuleHandleW
GetCurrentPackageFullName
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
SetThreadpoolWait
InitializeCriticalSection
GetTickCount64
InitOnceExecuteOnce
OpenProcess
CloseHandle
LCIDToLocaleName
ExpandEnvironmentStringsW
FreeLibrary
GetProcAddress
CreateEventW
MultiByteToWideChar
CreateFileW
ReadFile
WriteFile
SetFilePointer
SetEndOfFile
LockFileEx
UnlockFileEx
GetFileInformationByHandle
DuplicateHandle
LoadLibraryExW

urlmon

URLOpenBlockingStreamW
CoInternetParseUrl

user32

CharNextW
UnregisterClassA

api-ms-win-core-com-l1-1-1

CoReleaseMarshalData
CoCopyProxy
CoTaskMemAlloc
CLSIDFromProgID
CoTaskMemRealloc
CoTaskMemFree
CoMarshalInterface
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeEx
RoGetAgileReference
CoSetProxyBlanket
CoGetApartmentType
CoCreateFreeThreadedMarshaler

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsGetStringLen
WindowsConcatString
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
GetRestrictedErrorInfo
RoOriginateError
IsErrorPropagationEnabled
RoTransformError
SetRestrictedErrorInfo
RoOriginateErrorW
RoGetMatchingRestrictedErrorInfo

oleaut32

VariantInit
VarUI4FromStr
VariantClear
SysAllocString
LoadRegTypeLi
SysStringLen
LoadTypeLi
SysFreeString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoUninitialize
RoActivateInstance

api-ms-win-core-processthreads-l1-1-2

OpenProcessToken

api-ms-win-security-base-l1-2-0

GetTokenInformation

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

minATL
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

addbb0bcac0528a6a470bef378954974

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

urlmon

user32

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

oleaut32

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-security-base-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-shcore-stream-winrt-l1-1-0

Exports

Exports

Sections

.text Size: 138KB - Virtual size: 137KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

minATL Size: 512B - Virtual size: 20B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 138KB - Virtual size: 137KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

minATL
Size: 512B - Virtual size: 20B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB