MrmIndexer[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

MrmIndexer.dll
Size

603KB
MD5

352e769fa86ecd9ca95c560b3b7d9ff8
SHA1

9e843fd95e3ee9d8b2e056d5376de9d87dbfbba4
SHA256

e1aaa403b4495a1668a1188dd50a14ca31f5f65440d6730fba6814f6efc4cc21
SHA512

951929fb93ef8a5b536b1d951ae6eedceddbc42b08ab4aeaa5b37f68078543728880d641cc969a18165f789de57a014baa3812324a8d3a31f0f921eb62abcf89
SSDEEP

12288:QWe/29yGuU3p5czm9TeKueOm1L4D0Hu3HgjUacqYj5NGtTh:QWe/9GuU3pO69TeKu64Su3AjUac5wt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MrmIndexer.dll

Files

MrmIndexer.dll
.dll windows:10 windows x86 arch:x86

b9c42b192be2b4b3e4dc8e5622430076

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MrmIndexer.pdb

Imports

msvcrt

__CxxFrameHandler3
memmove
_except_handler4_common
free
malloc
towlower
_wtoi
wcscpy_s
_vscwprintf_l
vswprintf_s
wcschr
wcsnlen
wcsncmp
_wfopen
realloc
_errno
fclose
_wcsnicmp
wcsstr
iswdigit
wcscspn
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
strcspn
_callnewh
sprintf_s
_fileno
fread
_filelengthi64
wprintf
_wtof
isalpha
isxdigit
strtol
isdigit
wcsrchr
iswctype
towupper
iswalnum
iswspace
qsort_s
_ui64tow_s
wcsncpy_s
bsearch
wcstoul
toupper
__pctype_func
___lc_handle_func
___lc_codepage_func
__mb_cur_max
setlocale
__crtGetStringTypeW
__crtLCMapStringW
___mb_cur_max_func
abort
__uncaught_exception
_CxxThrowException
_XcptFilter
_amsg_exit
??1type_info@@UAE@XZ
_onexit
_initterm
_wcsicmp
_unlock
??0exception@@QAE@ABQBD@Z
__dllonexit
localeconv
_lock
?what@exception@@UBEPBDXZ
memmove_s
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
fgetwc
memcpy
_purecall
memcpy_s
_vsnwprintf
?terminate@@YAXXZ
memcmp
vwprintf_s
wprintf_s
_ftol2
_ftol2_sse
memchr
memset

bcp47mrm

GetCompositeRegionCode
GetDistanceOfClosestLanguageInList
IsWellFormedTag
GetParentCompositeRegionCode
CompareBcp47Tags
GetClosenessOfUnIsoRegionTags
IsValidUnIsoRegionTag
FormatLanguageTag
IsValidTag

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
SetEvent
EnterCriticalSection
CreateMutexExW
InitializeSRWLock
ReleaseSemaphore
OpenSemaphoreW
WaitForSingleObject
AcquireSRWLockShared
InitializeCriticalSectionEx
ReleaseSRWLockShared
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateSemaphoreExW
WaitForSingleObjectEx
InitializeCriticalSection
CreateEventExW
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

LCMapStringEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError
RoOriginateErrorW
GetRestrictedErrorInfo
SetRestrictedErrorInfo

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-com-l1-1-0

CoReleaseMarshalData
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoCreateInstance
CreateStreamOnHGlobal
CoMarshalInterface

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDuplicateString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory

api-ms-win-core-url-l1-1-0

PathCreateFromUrlW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
AddAccessAllowedAceEx
EqualSid
GetTokenInformation
GetLengthSid
FreeSid
GetAce

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-file-l1-1-0

GetFullPathNameW
CreateFileW
GetFileAttributesExW
FindNextFileW
ReadFile
GetFileAttributesW
CreateDirectoryW
GetDriveTypeW
FlushFileBuffers
CompareFileTime
GetFileSizeEx
FindFirstFileW
GetFinalPathNameByHandleW
DeleteFileW
WriteFile
FindClose

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRelativePathToW
PathIsRelativeW
PathRemoveBackslashW
PathFileExistsW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-file-l1-2-0

GetTempPathW

oleaut32

VariantClear
SysStringByteLen
VariantInit
VariantChangeType
SysFreeString
SysAllocString
VariantChangeTypeEx
SysAllocStringByteLen
SysStringLen

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegGetValueW

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetNamedSecurityInfoW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

RtlPublishWnfStateData

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 559KB - Virtual size: 559KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9c42b192be2b4b3e4dc8e5622430076

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

bcp47mrm

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-processthreads-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-shcore-path-l1-1-0

api-ms-win-core-file-l1-2-0

oleaut32

api-ms-win-core-featurestaging-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-timezone-l1-1-0

rpcrt4

api-ms-win-core-heap-l2-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

ntdll

Exports

Exports

Sections

.text Size: 559KB - Virtual size: 559KB

.data Size: 4KB - Virtual size: 6KB

.idata Size: 9KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 24B

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 559KB - Virtual size: 559KB

.data
Size: 4KB - Virtual size: 6KB

.idata
Size: 9KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 27KB - Virtual size: 27KB