Windows[.]Web[.]Http[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

Windows.Web.Http.dll
Size

744KB
MD5

15c4bbfda91287f7deee8c60478c8b6f
SHA1

49437409741615f5fc64baeb140aef178b770448
SHA256

62a98d2abb9d986e3d2488b1cdeca271ae21b03fce1bd66c9bcba46120d68898
SHA512

4e9b4f742ba9ee419d90d088f3944100d25349713b7f9b4e041a3cfe1382819c3c67c3ce4e423ee6aa1d20379c37705799884c016eaf73ded0850601509fdd84
SSDEEP

6144:IllN4f5MZXapxevRbmEv6ob1qsEQ/kEnYEdD3qKWvqeGESV4G5zI:Nf5M1eYRyob1qJQ/kEnYK3qKWCe4VF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Windows.Web.Http.dll

Files

Windows.Web.Http.dll
.dll regsvr32 windows:6 windows x86 arch:x86

d0daa85ddbb834a696c8c0e4d834fd95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Windows.Web.Http.pdb

Imports

msvcrt

_initterm
_lock
_unlock
__dllonexit
_onexit
_except_handler4_common
_amsg_exit
memcpy
memcmp
swscanf_s
_XcptFilter
_ultow_s
_itow_s
wcschr
iswalnum
swprintf_s
realloc
iswdigit
??3@YAXPAX@Z
free
malloc
memmove_s
_wcsicmp
??2@YAPAXI@Z
_purecall
__CxxFrameHandler3
_ftol2
memset

ntdll

RtlUpcaseUnicodeChar

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-winrt-string-l1-1-0

WindowsSubstring
WindowsConcatString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsDeleteString
WindowsCompareStringOrdinal
WindowsGetStringLen
HSTRING_UserFree
WindowsDuplicateString
WindowsGetStringRawBuffer
HSTRING_UserSize
HSTRING_UserMarshal
WindowsReplaceString
HSTRING_UserUnmarshal
WindowsCreateString

api-ms-win-core-com-l1-1-1

CoDecrementMTAUsage
CoReleaseMarshalData
CoCreateFreeThreadedMarshaler
CreateStreamOnHGlobal
CoCreateGuid
RoGetAgileReference
CoIncrementMTAUsage
GetHGlobalFromStream
CoTaskMemAlloc
CoCopyProxy
CoSetProxyBlanket
CoCreateInstance
CoMarshalInterface

api-ms-win-core-winrt-error-l1-1-1

RoOriginateError
SetRestrictedErrorInfo
RoOriginateErrorW
RoTransformError
RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
GetRestrictedErrorInfo

api-ms-win-core-processthreads-l1-1-2

OpenThreadToken
OpenProcessToken
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
OpenProcess
GetCurrentProcessId
GetCurrentThread

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableCS
WakeAllConditionVariable
InitOnceInitialize
WaitForSingleObject
InitializeConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetEvent
CreateEventW
InitializeCriticalSection
InitializeSRWLock
InitOnceExecuteOnce
Sleep

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoGetActivationFactory
RoActivateInstance

api-ms-win-security-base-l1-2-0

RevertToSelf
ImpersonateSelf
GetTokenInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal
CompareStringW

rpcrt4

NdrCStdStubBuffer_Release
NdrDllRegisterProxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_QueryInterface
NdrDllGetClassObject
NdrDllUnregisterProxy
NdrCStdStubBuffer2_Release
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrStubForwardingFunction
CStdStubBuffer_DebugServerQueryInterface
NdrOleAllocate
UuidToStringW
CStdStubBuffer_CountRefs
RpcStringFreeW
NdrStubCall2
IUnknown_Release_Proxy
NdrDllCanUnloadNow
IUnknown_AddRef_Proxy
CStdStubBuffer_AddRef
CStdStubBuffer_Connect

crypt32

CertFreeCertificateChain
CertCreateCertificateContext
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertVerifyCertificateChainPolicy

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWrite

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleExW
LoadStringW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
GlobalFree
GlobalHandle
GlobalUnlock
GlobalLock

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

combase

ord18
ord15
ord21
ord20
ord23
ord17
ord14
ord22
ord24
ord19
ord33
ord11
ord16
ord13
ord2
ord7
ord6
ord34
ord9
ord5
ord32
ord10
ord8
ord12

api-ms-win-core-localization-l1-2-1

FormatMessageW

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen

api-ms-win-core-threadpool-l1-2-0

CallbackMayRunLong
FreeLibraryWhenCallbackReturns
SetThreadpoolWait
TrySubmitThreadpoolCallback
CreateThreadpoolWait
CloseThreadpoolWait

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 618KB - Virtual size: 617KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

minATL
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0daa85ddbb834a696c8c0e4d834fd95

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-string-l1-1-0

rpcrt4

crypt32

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-winrt-robuffer-l1-1-0

api-ms-win-shcore-stream-winrt-l1-1-0

combase

api-ms-win-core-localization-l1-2-1

oleaut32

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 618KB - Virtual size: 617KB

.orpc Size: 1KB - Virtual size: 1KB

.data Size: 10KB - Virtual size: 11KB

.idata Size: 7KB - Virtual size: 6KB

minATL Size: 512B - Virtual size: 132B

.rsrc Size: 14KB - Virtual size: 13KB

.reloc Size: 92KB - Virtual size: 92KB

.text
Size: 618KB - Virtual size: 617KB

.orpc
Size: 1KB - Virtual size: 1KB

.data
Size: 10KB - Virtual size: 11KB

.idata
Size: 7KB - Virtual size: 6KB

minATL
Size: 512B - Virtual size: 132B

.rsrc
Size: 14KB - Virtual size: 13KB

.reloc
Size: 92KB - Virtual size: 92KB