msxml6[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

msxml6.dll
Size

1.3MB
MD5

121e2e789be080eb86da71f95b611df2
SHA1

48e0b0e706cbd6006c9c36e6c40d4abe022beebc
SHA256

165c1739dcd0a691e5d6216bf41d0b8da65fa58c56f3a19adb875f6a9025a57c
SHA512

80709d92d5dc9b2f02928f1516ed3ec14d9bcf4c70dcb8b745c03934f92b195dcb7f124bb1f9b61dfa64618687997064ff4b85ca106a146fb7bc3936865a0387
SSDEEP

24576:P7eiLxysMXDHw4Uww+Ql80LT2phTKei5S4FruOOTAf/7wPHWARgFMAy4wZrQEgBY:CoyjzqN2zi5S4wlaNf+U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
msxml6.dll

Files

msxml6.dll
.dll regsvr32 windows:6 windows x86 arch:x86

23295c343f7cc7bb5d114ea944d4459c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msxml6.pdb

Imports

msvcrt

_except_handler4_common
_XcptFilter
malloc
free
_initterm
_amsg_exit
_unlock
__dllonexit
_lock
_onexit
memcpy
_wtof
_ftol2_sse
bsearch
memset
memmove
_resetstkoflw
wcsrchr
wcsncmp
_vsnwprintf
ceil
floor
qsort
_CIfmod
_clearfp
_controlfp
_purecall
wcschr
_ftol2

ntdll

ord1

kernel32

FileTimeToSystemTime
LocalFree
DebugBreak
LCMapStringW
WideCharToMultiByte
GetCPInfo
GetUserDefaultLCID
CreateFileW
GetFileType
WriteFile
ReadFile
SetEndOfFile
FlushFileBuffers
CreateThread
FreeLibraryAndExitThread
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CompareStringW
GetDateFormatW
GetTimeFormatW
GetThreadLocale
GetTickCount
SystemTimeToFileTime
LocalAlloc
LockResource
SizeofResource
TlsGetValue
GetLastError
OutputDebugStringW
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
DelayLoadFailureHook
GetProcAddress
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapFree
GetProcessHeap
CloseHandle
TlsSetValue
GetCurrentThreadId
DuplicateHandle
GetCurrentThread
GetCurrentProcess
GetVersionExW
TlsAlloc
TlsFree
InitializeCriticalSection
WaitForSingleObject
ReleaseSemaphore
InterlockedExchange
CreateSemaphoreW
CreateEventW
InterlockedExchangeAdd
TryEnterCriticalSection
SwitchToThread
Sleep
VirtualQuery
GetThreadContext
ResumeThread
SuspendThread
SetEvent
ResetEvent
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
GetModuleHandleW
SetLastError
GetSystemInfo
RaiseException
MultiByteToWideChar
FormatMessageW
LoadLibraryExW
LoadLibraryW
LoadResource
FindResourceW

ole32

CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
StringFromCLSID
CoCreateFreeThreadedMarshaler
CreateBindCtx
CreateStreamOnHGlobal
CoCreateInstance
CoCreateGuid

shlwapi

PathCreateFromUrlW
UrlUnescapeW
UrlCreateFromPathW
PathSearchAndQualifyW
PathIsURLW
StrCmpNW
UrlCanonicalizeW
PathIsRelativeW
UrlIsW
UrlGetLocationW
StrToIntW
StrCmpNIW
StrCmpW

oleaut32

SafeArrayUnaccessData
VarFormat
SafeArrayCopy
VariantCopy
SysAllocString
SysStringLen
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeTypeEx
VarDateFromUdate
VarParseNumFromStr
VarNumFromParseNum
VarUdateFromDate
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayGetDim
SafeArrayDestroy
SysAllocStringLen
SysFreeString
CreateErrorInfo
GetErrorInfo
SetErrorInfo
VariantInit
VariantClear
VariantChangeType
LoadTypeLi

bcrypt

BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptCloseAlgorithmProvider

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllSetProperty
DllUnregisterServer

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23295c343f7cc7bb5d114ea944d4459c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

ole32

shlwapi

oleaut32

bcrypt

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 41KB - Virtual size: 48KB

.rsrc Size: 191KB - Virtual size: 191KB

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 41KB - Virtual size: 48KB

.rsrc
Size: 191KB - Virtual size: 191KB

.reloc
Size: 56KB - Virtual size: 55KB