MFMediaEngine[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

MFMediaEngine.dll
Size

3.5MB
MD5

c16b90a0d9524240817504d0a8376cbe
SHA1

2462541b23169cfd838dce93b285f93d5bdcefd3
SHA256

f605f6822efbe31226eb5cc727ae92c7c3373338206ebc0a32cec66f74d9d34c
SHA512

350ffcf231b76fb4fc56297df672be4f89aa4f8d11224e5658ae301727a7af7444f967ad46dff20b04336e7ff2e4ed54af133e1a9c65e9cf0a7daaa497e747c0
SSDEEP

49152:GGc8pnuf7lD5WFyhB+PYM2wcEUHrDH1C1iUYlh/eNHjNEnHXQ4vBpzROvgYXoEFH:GGM4yuPY+iVHh/elV4vBGcaC/k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MFMediaEngine.dll

Files

MFMediaEngine.dll
.dll windows:10 windows x86 arch:x86

cca57d6f2efd345a4e01a77dd3b19e73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MFMediaEngine.pdb

Imports

msvcrt

abort
_Wcsftime
_wcsdup
memset
_ismbblead
_vsnprintf
_Gettnames
_Strftime
_Getmonths
isspace
___lc_handle_func
___mb_cur_max_func
setlocale
_unlock
_Getdays
memchr
___lc_collate_cp_func
_lock
memmove
memcpy
_CxxThrowException
_ltoa_s
_i64toa_s
_gcvt_s
memcmp
isalnum
islower
strcspn
localeconv
sprintf_s
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
_wtof
wcstoul
isdigit
time
ctime
atoi
wcstombs_s
memmove_s
_W_Gettnames
iswdigit
iswalpha
wcscspn
swscanf
strncmp
strncpy_s
strnlen
wcstod
__mb_cur_max
??0exception@@QAE@ABQBD@Z
_errno
isxdigit
strtol
_strtoui64
_XcptFilter
_strnicmp
_amsg_exit
isalpha
_wtoi
_initterm
__dllonexit
wcsrchr
wcsstr
wcschr
wcspbrk
??0exception@@QAE@ABQBDH@Z
?what@exception@@UBEPBDXZ
_vsnprintf_s
??0exception@@QAE@XZ
_onexit
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
__CxxFrameHandler3
wcscpy_s
swscanf_s
?terminate@@YAXXZ
_wcsicmp
ldexp
_W_Getmonths
__uncaught_exception
__pctype_func
isupper
_W_Getdays
_ui64toa_s
??1type_info@@UAE@XZ
_except_handler4_common
_ftol2_sse
_ultow_s
towlower
tolower
_ltow_s
_ultoa_s
realloc
_wsetlocale
__crtLCMapStringA
_stricmp
isprint
_finite
_isnan
__crtLCMapStringW
calloc
__crtCompareStringA
_vsnwprintf
_wcsnicmp
wcsncmp
qsort
memcpy_s
towupper
wcstok_s
_callnewh
malloc
free
_purecall
__crtCompareStringW
___lc_codepage_func
_ftol2
floor

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep
InitOnceExecuteOnce

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError
RaiseException

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
EnterCriticalSection
AcquireSRWLockShared
WaitForMultipleObjectsEx
ReleaseSRWLockShared
InitializeCriticalSection
LeaveCriticalSection
CreateMutexW
SetWaitableTimer
CreateWaitableTimerExW
ReleaseSRWLockExclusive
SetEvent
CreateEventW
WaitForSingleObject
InitializeSRWLock
AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseSemaphore
CreateEventExW
ResetEvent
ReleaseMutex
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
InitializeCriticalSectionEx

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
UnregisterTraceGuids
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableFlags

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
DisableThreadLibraryCalls
LoadStringW
GetModuleHandleExW
GetModuleFileNameA
FreeLibrary
GetProcAddress
GetModuleFileNameW
GetModuleHandleW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
OpenProcessToken
TlsGetValue
CreateThread
GetCurrentThreadId
TlsSetValue
GetCurrentProcessId

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNIW
StrToIntW
StrStrW
StrChrW
StrCmpNW
StrSpnW
StrCmpW
StrStrIW
StrTrimW
StrCmpIW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal
GetStringTypeW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
DebugBreak
OutputDebugStringW

api-ms-win-core-console-l3-2-0

GetConsoleWindow

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetTickCount
GetSystemInfo

api-ms-win-core-url-l1-1-0

UrlHashW

api-ms-win-core-path-l1-1-0

PathCchFindExtension
PathIsUNCEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess

api-ms-win-power-base-l1-1-0

PowerRegisterSuspendResumeNotification
PowerUnregisterSuspendResumeNotification

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalFree

xmllite

CreateXmlReader

api-ms-win-core-shlwapi-legacy-l1-1-0

IsCharSpaceW

api-ms-win-core-string-l2-1-0

IsCharAlphaW

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

api-ms-win-appmodel-runtime-l1-1-2

AppPolicyGetMediaFoundationCodecLoading
AppPolicyGetWindowingModel
AppPolicyGetLifecycleManagement

api-ms-win-appmodel-runtime-l1-1-0

PackageIdFromFullName
GetPackagesByPackageFamily
GetCurrentPackageFullName

api-ms-win-dx-d3dkmt-l1-1-0

GdiEntry13

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-file-l1-1-0

SetFilePointerEx
CreateFileA
FlushFileBuffers
SetFilePointer
WriteFile

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA
lstrcmpiW

api-ms-win-core-console-l1-1-0

AllocConsole

api-ms-win-core-console-l2-2-0

SetConsoleTitleW

bcrypt

BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptDecrypt

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

rtworkq

RtwqSetLongRunning

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cca57d6f2efd345a4e01a77dd3b19e73

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-console-l3-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-power-base-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-heap-l2-1-0

xmllite

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-power-setting-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-appmodel-runtime-l1-1-2

api-ms-win-appmodel-runtime-l1-1-0

api-ms-win-dx-d3dkmt-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-console-l2-2-0

bcrypt

api-ms-win-core-synch-l1-2-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

rtworkq

Exports

Exports

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.data Size: 8KB - Virtual size: 13KB

.idata Size: 10KB - Virtual size: 9KB

.didat Size: 1024B - Virtual size: 736B

.rsrc Size: 81KB - Virtual size: 81KB

.reloc Size: 225KB - Virtual size: 225KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 8KB - Virtual size: 13KB

.idata
Size: 10KB - Virtual size: 9KB

.didat
Size: 1024B - Virtual size: 736B

.rsrc
Size: 81KB - Virtual size: 81KB

.reloc
Size: 225KB - Virtual size: 225KB