MCCSEngineShared[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

MCCSEngineShared.dll
Size

137KB
MD5

7998bddca42ab7aa0526f6e2367125e0
SHA1

ed009b9d6e564635630e301a8666f689a6c9d465
SHA256

8c037ca1260c4252b00ef6f530186d1da32801a1ac32b398bc5430b5ebb10858
SHA512

902cc8d69f0d9d89829e7f30b268c7ea44f34248053dcb222d458e6282efd01a32fbe82d375413243d11470fcbc8f98b0731aea1b63bb46436460a7ce55f7010
SSDEEP

3072:dz1I9HgGE60HK6dTgNurpoDDS70nzlmObH/AWW7NGV:fPK6tgNurpoDDS74bfAWW7N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MCCSEngineShared.dll

Files

MCCSEngineShared.dll
.dll windows:10 windows x86 arch:x86

57940dcbc36ef3cb1a1f2dd85387517d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MCCSEngineShared.pdb

Imports

msvcrt

calloc
memcpy
_strnicmp
_vsnwprintf
iswdigit
_wcsicmp
wcsrchr
wcstoul
_vsnwprintf_s
wcstok_s
_stricmp
_XcptFilter
wcschr
strchr
_vsnprintf
_vsnprintf_s
__CxxFrameHandler3
wcsstr
?terminate@@YAXXZ
_callnewh
wcsncpy_s
_amsg_exit
malloc
free
_onexit
memmove
_initterm
_except_handler4_common
_errno
memcpy_s
realloc
_lock
_unlock
strtoul
_purecall
__dllonexit
memset

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
SysAllocString
SysStringLen
VariantInit
VarUI4FromStr

api-ms-win-core-libraryloader-l1-2-0

LoadResource
GetModuleHandleW
FindResourceExW
GetProcAddress
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameW
GetModuleFileNameA
SizeofResource
FreeLibrary

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
WaitForSingleObject
CreateMutexExW
ReleaseSemaphore
CreateSemaphoreExW
ReleaseMutex
OpenSemaphoreW
WaitForSingleObjectEx
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx

api-ms-win-core-com-l1-1-0

CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegGetValueW
RegEnumKeyExW
RegSetValueExW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetLocalTime

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak
OutputDebugStringA

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLangID
FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

cemapi

IsMessageClassSPlusV2
FreeProws
GetMsgStoreFromMessage
HrGetOneProp
HrSetOneProp
MAPIFreeBuffer

userdatalanguageutil

ConvertToMultiByte
GetMultiLanguage2
ConvertToWideStream
GetNarrowSzCodepage
IsSupportedCodepage
CanConvertStringFromUnicode

userdatatypehelperutil

ReadStreamContent
MapiIdToEmailUdmId
SafeLPWSTR
DupString
CreateTempFileStm
ReplaceChar
FormatPoomIdToString
CompressWhitespaceNW

syncutil

ord109
ord34
ord66
ord23

phoneutil

GetDialableNumber

policymanager

PolicyManager_FreeStringValue
PolicyManager_GetPolicyString

ntdll

RtlQueryWnfStateData
RtlCaptureContext
RtlReportException

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-url-l1-1-0

UrlUnescapeA

Exports

Exports

BuildISO8601String
BuildISO8601StringFromSysTime
CopyMimeAttachmentsToMapi
CreateTemporaryFileStream
DllCanUnloadNow
DllGetClassObject
DownloadToVirtualStream
FindMatchingNameForAddress
GetAccountDomainForAccountAccessor
GetAccountManagedState
GetDataProtectionPropertyForStore
GetDomainFromAccountName
GetDomainNamesForEmailSyncList
GetDplPropertyForStore
GetIStoreForAccountGuid
GetMimeStreamFromMMSMessage
GetMimeStreamFromMessage
GetProtectedDomainList
GetProtectionPolicyState
GetSmProviderInfo
GetSmRecipientType
IsDPLInEffect
IsDomainInDelimitedList
ParseISO8601String
SearchDelimitedList
SetDataProtectionPropertyForStore
SetDplPropertyForStore
SetSmProviderInfo
StringCompareWithWildcard
SyncNormalizePhoneNumber
WriteInputStreamToNetworkStream
WriteMapiBodiesFromMimeReader
WriteMapiBodiesFromMimeStream
WriteMapiBodiesFromMimeStreamEx

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57940dcbc36ef3cb1a1f2dd85387517d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

cemapi

userdatalanguageutil

userdatatypehelperutil

syncutil

phoneutil

policymanager

ntdll

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-url-l1-1-0

Exports

Exports

Sections

.text Size: 119KB - Virtual size: 118KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 32B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 119KB - Virtual size: 118KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 32B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 6KB - Virtual size: 5KB