MSVidCtl[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

MSVidCtl.dll
Size

2.1MB
MD5

52d809b4a3cfb140f480aa335ce6f1d6
SHA1

f45a717e205b25d566062bb6dcb4db974f275947
SHA256

7f3d5a1cfca29c86139e4114f029628c6ebac0c1f23f3841aa7296462b4bb9e6
SHA512

0a256d02a104ba18de07d0d0bcf215ca337a71d663a0637b41f5728ebfa1698e6585d5c91d3897e0280afa667be8d06ed6fcc413ebeed02266869f0185f8b0c9
SSDEEP

24576:w+aPYQsIzxCBl1BhyVVVc1mJymYF9Vm2N4BimZqg745ncsjt:1vcwoT21mvYFL9+BimZqg745ncm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MSVidCtl.dll

Files

MSVidCtl.dll
.dll regsvr32 windows:10 windows x86 arch:x86

57c9ea60bfab50709b176f1958d22953

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MSVidCtl.pdb

Imports

msvcrt

_except_handler4_common
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
memcpy
memcmp
floor
_ftol2_sse
_ftol2
__CxxFrameHandler3
memmove
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
iswalpha
wcsncmp
_wcsicmp
wcscspn
_wsplitpath_s
_ui64tow
_errno
wcstol
wcsstr
iswspace
??8type_info@@QBEHABV0@@Z
wcstoul
_vsnprintf
_wcsnicmp
_vsnwprintf
_itow
_wtoi
iswdigit
_purecall
realloc
wcscat_s
malloc
??0exception@@QAE@XZ
memmove_s
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
memcpy_s
??0exception@@QAE@ABV0@@Z
wcsnlen
free
wcscpy_s
_initterm
memset

ole32

GetRunningObjectTable
MkParseDisplayName
CreateBindCtx
OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
OleRegGetMiscStatus
CreateDataAdviseHolder
CoGetMalloc
CoInitializeEx
CoWaitForMultipleHandles
CoUninitialize
ProgIDFromCLSID
StringFromCLSID
OleSaveToStream
WriteClassStm
CreateItemMoniker
StringFromGUID2
CoCreateFreeThreadedMarshaler
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
ReadClassStm
HDC_UserMarshal
HDC_UserFree
HDC_UserUnmarshal
HDC_UserSize
HWND_UserMarshal
HWND_UserSize
HWND_UserFree
HWND_UserUnmarshal
OleLoadFromStream

oleaut32

OleCreatePictureIndirect
VarCmp
VariantChangeTypeEx
VariantInit
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
SafeArrayDestroy
SysAllocStringLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VariantChangeType
SysAllocStringByteLen
VarUI4FromStr
VariantClear
OleCreatePropertyFrame
LoadTypeLi
SysAllocString
SysStringLen
RegisterTypeLi
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserSize
BSTR_UserMarshal
VARIANT_UserMarshal
BSTR_UserUnmarshal
VARIANT_UserSize
VARIANT_UserUnmarshal
VARIANT_UserFree
BSTR_UserFree
BSTR_UserSize
SysFreeString
VariantCopy

kernel32

GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
GetProcessHeap
ExpandEnvironmentStringsW
IsProcessorFeaturePresent
DecodePointer
HeapAlloc
EncodePointer
LoadLibraryExA
VirtualFree
HeapFree
WriteFile
OutputDebugStringA
GetTempPathW
GetLocalTime
SetLastError
GetCurrentThreadId
GlobalAlloc
GlobalLock
GlobalUnlock
GetTickCount64
GetCurrentProcessId
IsValidLocale
GetDriveTypeW
LoadLibraryW
GetSystemDirectoryW
GetVersionExW
DeviceIoControl
CreateFileW
Sleep
GetLocaleInfoW
SetThreadExecutionState
DecodeSystemPointer
SizeofResource
GetCurrentProcess
DuplicateHandle
RaiseException
WaitForMultipleObjects
CreateThread
ResetEvent
SetEvent
CreateMutexW
LockResource
LoadResource
FindResourceW
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateEventW
MultiByteToWideChar
FormatMessageW
lstrlenA
OutputDebugStringW
DebugBreak
GetSystemInfo
VirtualQuery
VirtualAlloc
VirtualProtect
GetModuleHandleW
lstrcpynW
lstrcmpiW
lstrlenW
lstrcpyW
HeapDestroy
DisableThreadLibraryCalls
FreeLibrary
EncodeSystemPointer
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
WideCharToMultiByte

user32

GetWindowLongW
SetWindowLongW
FillRect
LoadCursorW
wsprintfW
GetClassInfoExW
RegisterClassExW
DefWindowProcW
CreateWindowExW
EndPaint
UnionRect
OffsetRect
SetWindowRgn
CallWindowProcW
CharNextW
LoadStringW
CharPrevW
wvsprintfW
MsgWaitForMultipleObjectsEx
BeginPaint
TranslateMessage
DispatchMessageW
PostThreadMessageW
IsWindow
CopyRect
MapWindowPoints
EqualRect
ReleaseDC
GetDC
SystemParametersInfoW
GetWindowRect
GetParent
IntersectRect
PostMessageW
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDesktopWindow
InvalidateRect
SetFocus
GetFocus
IsChild
ShowWindow
DestroyAcceleratorTable
LoadImageW
SetCursor
DestroyWindow
SendMessageW
PtInRect
GetClientRect
SetWindowPos
PeekMessageW

advapi32

CryptDestroyHash
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegSetValueW
RegQueryValueExW
RegQueryValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptCreateHash
CryptGetHashParam
CryptAcquireContextW
CryptHashData

gdi32

GetDeviceCaps
DeleteDC
CreateCompatibleDC
SelectObject
CreateDIBitmap
DeleteMetaFile
CloseMetaFile
RestoreDC
SetWindowOrgEx
SaveDC
SetWindowExtEx
CreateMetaFileW
CreateRectRgnIndirect
CreateSolidBrush
DeleteObject

shlwapi

UrlIsW
PathCreateFromUrlW

rpcrt4

NdrCStdStubBuffer_Release
NdrStubForwardingFunction
NdrStubCall2
IUnknown_AddRef_Proxy
NdrOleFree
NdrDllCanUnloadNow
IUnknown_Release_Proxy
NdrOleAllocate
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Invoke
NdrClientCall2
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrCStdStubBuffer2_Release
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllGetClassObject

slc

SLGetWindowsInformationDWORD

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57c9ea60bfab50709b176f1958d22953

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ole32

oleaut32

kernel32

user32

advapi32

gdi32

shlwapi

rpcrt4

slc

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.data Size: 208KB - Virtual size: 210KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 314KB - Virtual size: 314KB

.reloc Size: 172KB - Virtual size: 172KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 208KB - Virtual size: 210KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 314KB - Virtual size: 314KB

.reloc
Size: 172KB - Virtual size: 172KB