Windows[.]Globalization[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Windows.Globalization.dll
Size

784KB
MD5

1f288d2aa7a2635c69df973327e0a442
SHA1

9edf9f7badfcf49bc2994053dddde34d2c930119
SHA256

c17c012a5d2485ab89597aae6d1ed3f1953c4eb1fa8bf9380dc41981dd871eed
SHA512

b7243feb3987151249d0fe28d998c059e1b6cf0f257452c12e4ab6ce4501e5ae2fd0ee48c11982321a9eefa511023b0b14b18d51d5536aacb9d637189ee3af58
SSDEEP

24576:CCmd243pfruWe7QnQ7Q7QbQ+88k7QK7QXSx7QnQnQ7QHQ7Q2bQz1pbQ7lbQnQLS8:a3FuF5fPAAN03PpMJRMTUpMXa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Windows.Globalization.dll

Files

Windows.Globalization.dll
.dll windows:6 windows x86 arch:x86

4eb92dbee111fcfa827f2090c603af07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Windows.Globalization.pdb

Imports

msvcrt

_CxxThrowException
__CxxFrameHandler3
memcpy
setlocale
_lock
memset
_unlock
___lc_collate_cp_func
memcmp
__pctype_func
_ismbblead
___lc_codepage_func
calloc
_callnewh
__uncaught_exception
_wcsdup
??8type_info@@QBEHABV0@@Z
__crtCompareStringW
___lc_handle_func
___mb_cur_max_func
wcstod
__crtLCMapStringW
modf
_get_current_locale
_free_locale
ceil
abort
??0exception@@QAE@XZ
_ecvt_s
??0exception@@QAE@ABQBDH@Z
??3@YAXPAX@Z
_ftol2_sse
_ftol2
_CIlog10
_CIfmod
wcstol
_errno
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_initterm
_amsg_exit
_XcptFilter
wcscpy_s
realloc
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_purecall
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??_V@YAXPAX@Z
strchr
malloc
free
memmove
memmove_s
floor

api-ms-win-core-winrt-error-l1-1-1

RoOriginateErrorW
RoTransformError
RoOriginateError

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCompareStringOrdinal
HSTRING_UserFree
HSTRING_UserUnmarshal
HSTRING_UserMarshal
HSTRING_UserSize
WindowsCreateStringReference
WindowsGetStringLen
WindowsCreateString
WindowsDuplicateString

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitializeCriticalSectionEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
InitializeSRWLock
InitOnceInitialize
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWrite
EventRegister

api-ms-win-core-libraryloader-l1-2-0

FindStringOrdinal
DisableThreadLibraryCalls

api-ms-win-core-com-l1-1-1

CoCreateInstance
CLSIDFromString
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-localization-l1-2-1

ResolveLocaleName
EnumSystemGeoID
GetUserGeoID
GetGeoInfoW
GetUserDefaultLocaleName
GetLocaleInfoEx
FormatMessageW
IsValidLocaleName
EnumSystemLocalesEx

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegEnumValueW
RegEnumKeyExW
RegGetValueW

api-ms-win-core-timezone-l1-1-0

GetDynamicTimeZoneInformationEffectiveYears
GetTimeZoneInformationForYear
EnumDynamicTimeZoneInformation
GetDynamicTimeZoneInformation
GetTimeZoneInformation

api-ms-win-core-path-l1-1-0

PathCchAppend

rpcrt4

NdrStubForwardingFunction
NdrOleFree
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
NdrOleAllocate
CStdStubBuffer_CountRefs
NdrStubCall2
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
CStdStubBuffer_Connect
CStdStubBuffer_AddRef

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-localization-obsolete-l1-2-0

LCIDToLocaleName

api-ms-win-core-kernel32-legacy-l1-1-1

RaiseFailFastException

api-ms-win-core-localization-l2-1-0

EnumTimeFormatsEx
EnumCalendarInfoExEx

api-ms-win-core-normalization-l1-1-0

GetStringScripts

ntdll

RtlQueryWnfStateData
RtlNtStatusToDosError
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
ord1

combase

ord10
ord12
ord32
ord5
ord9
ord2
ord6
ord14
ord7
ord20
ord8
ord21
ord34
ord19
ord16
ord11
ord22
ord33
ord13
ord15
ord18
ord17

bcp47langs

GetApplicationLanguageOverride
Bcp47Normalize
Bcp47GetExtensionSubstring
Bcp47GetIsoScriptCode
GetUserLanguages
ClearApplicationLanguageOverride
SetApplicationLanguageOverride
GetApplicationManifestLanguages
Bcp47IsWellFormed
GetApplicationLanguages
ResolveLanguages
Bcp47GetDistance

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 710KB - Virtual size: 709KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 523B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

minATL
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4eb92dbee111fcfa827f2090c603af07

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-localization-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-path-l1-1-0

rpcrt4

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-localization-l2-1-0

api-ms-win-core-normalization-l1-1-0

ntdll

combase

bcp47langs

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 710KB - Virtual size: 709KB

.orpc Size: 1024B - Virtual size: 523B

.data Size: 11KB - Virtual size: 10KB

.idata Size: 7KB - Virtual size: 7KB

minATL Size: 512B - Virtual size: 96B

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 44KB - Virtual size: 44KB

.text
Size: 710KB - Virtual size: 709KB

.orpc
Size: 1024B - Virtual size: 523B

.data
Size: 11KB - Virtual size: 10KB

.idata
Size: 7KB - Virtual size: 7KB

minATL
Size: 512B - Virtual size: 96B

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 44KB - Virtual size: 44KB