dmocx[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dmocx.dll
Size

50KB
MD5

4f687240296c51973113284622ccd3b1
SHA1

db998ca4fa30236a26b4441a9c027f0448f56f97
SHA256

89806ff656fa9e77ec02a2641142c5e7365e3cb01ae9850bd4fe159779df92a2
SHA512

48421e535929656c180792507df0ffe2644b1c9b75a0c252a7c33f08143a8636190625095acee7cd870294bb1b169c0c527e8afcf49b3454d1fa361c788cb685
SSDEEP

768:wFeOOwuAUFn5Zra/MTvdagU8WWqLc/SBtub3dMZk:yeODih5ZnTvdah8WWq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dmocx.dll

Files

dmocx.dll
.dll regsvr32 windows:6 windows x64 arch:x64

de7ab1050b2942531e33fb5f77962266

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dmocx.pdb

Imports

mfc42u

ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord6053
ord5711
ord5730
ord5065
ord4368
ord5724
ord5722
ord3468
ord2412
ord5615
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord6440
ord4365
ord1778
ord5663
ord5586
ord4694
ord5712
ord4017
ord5229
ord4789
ord2670
ord2060
ord6814
ord3933
ord5484
ord1736
ord5683
ord2457
ord2140
ord5699
ord493
ord971
ord6886
ord1875
ord4276
ord2754
ord2757
ord2756
ord4573
ord2488
ord2712
ord1473
ord1510
ord1527
ord455
ord949
ord4209
ord2550
ord2546
ord5353
ord4609
ord4853
ord4808
ord5106
ord5473
ord2393
ord4752
ord6175
ord4985
ord4372
ord3165
ord3053
ord4816
ord3363
ord3244
ord3050
ord6807
ord2398
ord3020
ord4895
ord3537
ord2491
ord5385
ord3534
ord4761
ord5416
ord4962
ord4754
ord5110
ord5113
ord5111
ord4697
ord4702
ord4713
ord4941
ord5475
ord4997
ord4998
ord5011
ord5157
ord4695
ord5004
ord5017
ord5434
ord5056
ord5010
ord5031
ord5032
ord5033
ord5307
ord5308
ord5024
ord5339
ord5334
ord5329
ord5395
ord4951
ord4874
ord4904
ord5302
ord5012
ord5143
ord5025
ord5026
ord5978
ord3069
ord2917
ord5074
ord5072
ord5572
ord4121
ord3019
ord5629
ord1964
ord2159
ord6380
ord5322
ord5248
ord2181
ord6011
ord5000
ord5054
ord4683
ord1345
ord5946
ord1701
ord2450
ord3692
ord3850
ord3484
ord3384
ord5868
ord4822
ord6800
ord3447
ord6799
ord1427
ord1426
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord4082
ord4083
ord4077
ord3164
ord4371
ord4983
ord4770
ord3837
ord1530
ord6787
ord2408
ord1463
ord1517
ord287
ord2751
ord4213
ord1063
ord659
ord5399
ord6887

msvcrt

__CxxFrameHandler3
_XcptFilter
_amsg_exit
free
malloc
_initterm
__C_specific_handler
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memset

kernel32

LocalFree
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LocalAlloc

user32

ClientToScreen
GetKeyState
GetMessagePos
InvalidateRect
ScreenToClient
SendMessageW
EnableWindow
SetProcessDPIAware

oleaut32

LoadRegTypeLi

oleacc

LresultFromObject
CreateStdAccessibleProxyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de7ab1050b2942531e33fb5f77962266

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

kernel32

user32

oleaut32

oleacc

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 20KB

.data Size: 1024B - Virtual size: 11KB

.pdata Size: 1024B - Virtual size: 984B

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 1024B - Virtual size: 580B

.text
Size: 21KB - Virtual size: 20KB

.data
Size: 1024B - Virtual size: 11KB

.pdata
Size: 1024B - Virtual size: 984B

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 1024B - Virtual size: 580B