MsSpellCheckingFacility[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

MsSpellCheckingFacility.dll
Size

615KB
MD5

b2e99690fff73ee580efafa0663c2cb6
SHA1

b96eb02ff9b258e84e2bf9812db031bffb4ab90e
SHA256

d345b57355934978a572d5222e7bdb9f2befaae88e2889be5e16c9a767c29892
SHA512

803f5127934196460a17d0fed85acde006f99681e8c5e2cbdc23adf5f6f56c10820a07a982cdd59a5260ea68f7977a84d148100df6ba9ff014850b2f4749254a
SSDEEP

12288:O2NE+49R2kJSP1e8r+dhlzXP9nK0EeksUKXWoleC00fCu:O2NPC2B1e8CFR3IjKXWoleC0o7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MsSpellCheckingFacility.dll

Files

MsSpellCheckingFacility.dll
.dll regsvr32 windows:6 windows x86 arch:x86

704ebbb7fd214bad2e8d20e8deb5e574

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msspellcheckingfacility.pdb

Imports

msvcrt

_amsg_exit
memcmp
___lc_collate_cp_func
__CxxFrameHandler3
setlocale
_CxxThrowException
_callnewh
_resetstkoflw
malloc
calloc
memset
realloc
strchr
_initterm
??0bad_cast@@QAE@ABV0@@Z
memmove_s
memcpy_s
wcschr
toupper
?what@exception@@UBEPBDXZ
_isctype
towupper
iswspace
wcsrchr
swscanf_s
??0exception@@QAE@ABV0@@Z
memmove
??0exception@@QAE@XZ
__pctype_func
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?terminate@@YAXXZ
_lock
_unlock
_XcptFilter
__dllonexit
??3@YAXPAX@Z
___lc_handle_func
___lc_codepage_func
_onexit
_errno
_except_handler4_common
memcpy
_wfopen_s
fclose
fseek
ftell
fread
wcsncmp
wcstombs_s
wcscspn
iswalpha
iswupper
iswlower
wcsstr
towlower
iswdigit
iswxdigit
??1type_info@@UAE@XZ
??1bad_cast@@UAE@XZ
abort
_purecall
wcscat_s
free
wcsncpy_s
wcscpy_s
_vsnwprintf
___mb_cur_max_func
__crtLCMapStringW
__crtCompareStringW
??_V@YAXPAX@Z
tolower
iswctype
_ftol2_sse

oleaut32

VariantClear
SetErrorInfo
CreateErrorInfo
VariantCopy
VarUI4FromStr
SysStringLen
VariantInit
SysFreeString

api-ms-win-core-synch-l1-2-0

CreateEventExW
LeaveCriticalSection
ReleaseSRWLockShared
SetEvent
CreateEventW
InitOnceExecuteOnce
WaitForMultipleObjectsEx
WaitForSingleObject
DeleteCriticalSection
InitializeSRWLock
SleepEx
CreateMutexW
ReleaseMutex
ReleaseSemaphore
OpenSemaphoreW
ReleaseSRWLockExclusive
Sleep
EnterCriticalSection
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
AcquireSRWLockExclusive
InitializeCriticalSection

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentProcess
DeleteProcThreadAttributeList
CreateProcessW
UpdateProcThreadAttribute
GetCurrentThread
OpenThreadToken
InitializeProcThreadAttributeList
TlsAlloc
GetCurrentProcessId
TlsSetValue
GetCurrentThreadId
OpenProcess
CreateThread
OpenProcessToken
TlsFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
SizeofResource
GetModuleHandleExW
GetModuleHandleW
LoadLibraryExW
LoadLibraryExA
LockResource
LoadStringW
GetModuleFileNameW
FindResourceExW
DisableThreadLibraryCalls
FreeLibraryAndExitThread
LoadResource
FreeLibrary

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-2-0

RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
FreeSid

api-ms-win-core-com-l1-1-1

CoRevertToSelf
CoCopyProxy
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoWaitForMultipleHandles
CoTaskMemFree
CLSIDFromString
StringFromGUID2
CoEnableCallCancellation
CoCancelCall
CoDisableCallCancellation
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoImpersonateClient

api-ms-win-core-memory-l1-1-2

CreateFileMappingW
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile

api-ms-win-core-heap-l1-2-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWrite

api-ms-win-core-winrt-error-l1-1-1

RoOriginateErrorW
RoTransformError
RoOriginateError

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsIsStringEmpty

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-string-l2-1-0

CharNextW
CharUpperW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumKeyExW
RegQueryValueExA
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExA
RegDeleteValueW
RegEnumValueW
RegGetValueW
RegNotifyChangeKeyValue

api-ms-win-core-localization-l1-2-1

GetThreadLocale
LCMapStringW
FormatMessageW
SetThreadLocale
LocaleNameToLCID

api-ms-win-core-string-l1-1-0

FoldStringW
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal
GetStringTypeW

api-ms-win-core-file-l1-2-1

UnlockFile
SetFilePointer
FlushFileBuffers
CreateDirectoryW
SetFileTime
FindFirstChangeNotificationW
FindNextChangeNotification
GetFileSize
FindClose
SetEndOfFile
SetFilePointerEx
GetFileSizeEx
WriteFile
LockFile
ReadFile
FindFirstFileExW
FindNextFileW
CreateFileW
GetFileTime

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
FreeLibraryWhenCallbackReturns
CreateThreadpoolTimer
TrySubmitThreadpoolCallback
CloseThreadpoolTimer
CallbackMayRunLong

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount
GetSystemWindowsDirectoryW
GetVersionExW
GetSystemTime

rpcrt4

UuidCreateSequential

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

api-ms-win-core-shlwapi-legacy-l1-1-0

PathCombineW
PathStripPathW
PathIsPrefixW
PathAppendW
PathFileExistsW
PathFindNextComponentW

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-kernel32-legacy-l1-1-1

MoveFileW
CreateSemaphoreW
FindResourceW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

user32

PostThreadMessageW
DispatchMessageW
UnregisterClassA
PeekMessageW
TranslateMessage
MsgWaitForMultipleObjectsEx

shell32

ord47
SHGetKnownFolderPath

shlwapi

PathIsDirectoryW
SHSetThreadRef
SHGetThreadRef
SHCreateThreadRef
PathIsNetworkPathW

bcp47langs

Bcp47GetDistance
GetUserLanguages

ntdll

RtlWakeAddressAll
RtlWaitOnAddress

normaliz

NormalizeString

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 542KB - Virtual size: 541KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

minATL
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

704ebbb7fd214bad2e8d20e8deb5e574

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

oleaut32

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-memory-l1-1-2

api-ms-win-core-heap-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

rpcrt4

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

user32

shell32

shlwapi

bcp47langs

ntdll

normaliz

Exports

Exports

Sections

.text Size: 542KB - Virtual size: 541KB

.data Size: 8KB - Virtual size: 10KB

.idata Size: 9KB - Virtual size: 9KB

minATL Size: 512B - Virtual size: 16B

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 43KB - Virtual size: 43KB

.text
Size: 542KB - Virtual size: 541KB

.data
Size: 8KB - Virtual size: 10KB

.idata
Size: 9KB - Virtual size: 9KB

minATL
Size: 512B - Virtual size: 16B

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 43KB - Virtual size: 43KB