LanguageOverlayUtil[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

LanguageOverlayUtil.dll
Size

186KB
MD5

6855bdf934ab453ce8d45ccd89734b7d
SHA1

4516d4875c9dd0d5c8a2ce3f7d9d6b0c0c4af441
SHA256

59c847f26d15e6631bd59995dea751480bde6895d3d03dc139cbde83ce971beb
SHA512

7080ba7dacb1ef741606b766559f3ddd2ed750842d1c02598b10cc55fadfc01f76be6fc03cd22849fc850a12ed64a904f67d4b2785ed0b26190c50407387b7a6
SSDEEP

3072:0dL5ga/qeqUJhvAr3lq/7LjieeAGIvZr4pvjbzWdyhtWFovWYqJuyuffrme:Egg7bvAry7Lj5hGsr4xvpeGWYq0h9

Score

1^/10

Malware Config

Signatures

Files

LanguageOverlayUtil.dll
.dll windows:10 windows x86 arch:x86

81bf3a668872ed04fcc595cfc2804dc6

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b5:31:8b:1e:d8:ff:f5:21:b4:7f:3c:b7:95:c7:e4:c5:4c:77:3d:59:c3:82:ba:71:0b:2f:c7:c6:9d:c2:c4:d9
Signer

Actual PE Digest

b5:31:8b:1e:d8:ff:f5:21:b4:7f:3c:b7:95:c7:e4:c5:4c:77:3d:59:c3:82:ba:71:0b:2f:c7:c6:9d:c2:c4:d9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

LanguageOverlayUtil.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
__std_terminate
_o___stdio_common_vsprintf_s
memmove
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o_ceil
_o_free
_o_malloc
_o_realloc
_o_toupper
_o_towlower
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcstol
_o_wcstoul
_except_handler4_common
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler3
wcsstr
_o___stdio_common_vswprintf
memcmp
memcpy
_CxxThrowException
strchr

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
DeleteCriticalSection
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
EventProviderEnabled
EventActivityIdControl

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

GetSystemPreferredUILanguages
FormatMessageW
GetUserPreferredUILanguages

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

msvcp_win

??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?tolower@?$ctype@G@std@@QBEGG@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1_Locinfo@std@@QAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
_Wcsxfrm
?id@?$ctype@G@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xout_of_range@std@@YAXPBD@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?is@?$ctype@G@std@@QBE_NFG@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
??0_Locinfo@std@@QAE@PBD@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Xlength_error@std@@YAXPBD@Z
_Wcscoll
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MAE@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@I@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAG3AAPAG@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?tolower@?$ctype@G@std@@QBEPBGPAGPBG@Z

kernelbase

GetSystemDefaultUILanguage
NotifyRedirectedStringChange
ResolveDelayLoadedAPI
EnumUILanguagesW
GetUserDefaultUILanguage

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteTreeW
RegOpenCurrentUser
RegQueryInfoKeyW
RegCopyTreeW
RegDeleteKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegGetValueW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

oleaut32

VariantInit

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

RtlpSetPreferredUILanguages
RtlLCIDToCultureName
RtlLocaleNameToLcid
RtlIsStateSeparationEnabled
RtlConvertLCIDToString
NtQueryValueKey
NtOpenKey
RtlFreeHeap
RtlGetNtSystemRoot
NtClose
RtlQueryEnvironmentVariable_U
RtlInitUnicodeString
NtGetMUIRegistryInfo
RtlGetThreadPreferredUILanguages
RtlGetPersistedStateLocation
RtlAppendUnicodeToString
RtlAllocateHeap
LdrStandardizeSystemPath

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

rpcrt4

UuidCreate

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

Exports

Exports

AddLanguageToMachineLanguageList
CloseOverlayPaths
DeleteLanguageInstallationRequest
DeleteLanguageInstallationState
EnumOverlayPaths
EnumerateInstalledLanguageFeatures
EnumerateInstalledLanguages
EnumerateInstalledLocalExperiencePacks
EnumerateInstalledMachineLanguagePacks
EnumerateQueuedLanguageInstallations
EnumerateSupportedUILanguages
FetchLanguageOverlayPackageForFirstLogon
GetBcp47TagFromPackageFamilyName
GetLanguageDataForLogging
GetLanguageInstallationState
GetLanguageOverlayPackageFamilyName
GetLanguagesInUse
GetLanguagesNotInUse
GetOverlayFilePath
GetSystemPreferredUILanguage
GetWindowsUpdateServer
GroupUserLanguages
InvalidateLanguageResourceCaches
IsGroupingUserLanguagesNeeded
IsLegacyLanguagePackInstalledForLanguage
IsLocalExperiencePackReadyForRemoval
OnMachineUILanguageInit
OnMachineUILanguageSwitch
OpenOverlayPaths
OverlaySetPreferredUILanguages
RemoveLanguageFromMachineLanguageList
SetLanguageInstallationState
SetSystemPreferredUILanguage
StartLanguageInstallation
StartLanguageUninstallation

Sections

.text
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81bf3a668872ed04fcc595cfc2804dc6

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

b5:31:8b:1e:d8:ff:f5:21:b4:7f:3c:b7:95:c7:e4:c5:4c:77:3d:59:c3:82:ba:71:0b:2f:c7:c6:9d:c2:c4:d9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

msvcp_win

kernelbase

api-ms-win-core-registry-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-heap-l2-1-0

oleaut32

api-ms-win-core-delayload-l1-1-0

ntdll

api-ms-win-core-registry-l1-1-1

rpcrt4

api-ms-win-security-base-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-stateseparation-helpers-l1-1-0

Exports

Exports

Sections

.text Size: 154KB - Virtual size: 153KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 200B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

b5:31:8b:1e:d8:ff:f5:21:b4:7f:3c:b7:95:c7:e4:c5:4c:77:3d:59:c3:82:ba:71:0b:2f:c7:c6:9d:c2:c4:d9
Signer

.text
Size: 154KB - Virtual size: 153KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 200B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB