SearchFolder[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SearchFolder.dll
Size

311KB
MD5

a0dc844f0763fed8a3065ff004c0e11d
SHA1

63fa61bbb1d881499a6e36192eda5eee3a776c93
SHA256

375727694db47b31cb1436fef30cd53a269b7f104578a64bdc6fb84002410340
SHA512

f717724e666ba7daa2f6926bf2ea86a09765c379cf57d61dea1864d0e6417742d1bab863f55b9aaf9717dd368eb1759e8f2eb3769dd74565633735271aab5a5d
SSDEEP

3072:F2sknD2l+wOMNH/EWGAo4CWEMiWCo3vSFb1cyLce/UeKyOhgnZwztaByjmmlJCpG:5eMNH/ElAVrECsIJQ5qDC6LyaWoH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SearchFolder.dll

Files

SearchFolder.dll
.dll regsvr32 windows:10 windows x86 arch:x86

b3152d56ebef5fb22fc526f5bc6d95e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SearchFolder.pdb

Imports

msvcrt

_unlock
_initterm
_amsg_exit
_wtoi
memcpy
_XcptFilter
wcschr
_get_errno
_set_errno
malloc
free
memmove
memcpy_s
__dllonexit
_onexit
__CxxFrameHandler3
_except_handler4_common
memcmp
_vsnwprintf
_ftol2_sse
_lock
memset

api-ms-win-shcore-unicodeansi-l1-1-0

SHUnicodeToAnsi
SHAnsiToUnicode

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_QueryService
IUnknown_Set
IUnknown_SetSite

api-ms-win-shcore-registry-l1-1-1

SHQueryValueExW
SHRegGetValueW
SHRegGetValueFromHKCUHKLM

api-ms-win-shcore-stream-l1-1-0

IStream_Read
SHCreateMemStream
IStream_Reset
IStream_Size
IStream_Write
SHCreateStreamOnFileEx

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW
SHStrDupA

shcore

ord150
ord142
ord200
ord143
ord193
ord190
ord123
ord130

shell32

SHGetSpecialFolderLocation
SHBindToParent
ord25
ord19
SHCreateShellItemArrayFromIDLists
ord895
ord824
ord51
SHEvaluateSystemCommandTemplate
SHGetNameFromIDList
SHGetKnownFolderIDList
SHCreateItemWithParent
SHGetKnownFolderItem
ord21
ord866
ord6
ord16
ord155
ord18
ord100
SHGetIDListFromObject
ord17
SHBindToObject
SHCreateItemInKnownFolder
ord102
ord850
ord823
SHBindToFolderIDListParentEx
SHGetKnownFolderPath
Shell_GetCachedImageIndexW
ord241
ord75
ord171
SHBindToFolderIDListParent
SHChangeNotify
ord898
ord702
AssocCreateForClasses
SHCreateDefaultContextMenu
ord256
SHCreateItemFromIDList
ord880
ord152
SHCreateShellItemArrayFromShellItem
SHParseDisplayName
SHCreateItemFromParsingName

shlwapi

ord456
StrToIntA
StrStrNIW
StrCmpW
StrStrA
ord156
PathParseIconLocationW
UrlHashW
ord15
PathFileExistsW
ord29
ord331
PathMatchSpecW
StrRChrW
PathRemoveFileSpecW
PathRemoveBackslashW
PathIsRootW
PathCreateFromUrlW
UrlEscapeW
ord2
ord219
StrStrIW
ord158
ord157
PathIsUNCW
UrlCompareW
PathSkipRootW
PathIsURLW
PathFindNextComponentW
PathRemoveExtensionW
PathFindFileNameW
ord388
PathCompactPathExW
ord164
ord154
UrlGetPartW
ord236
StrPBrkW
PathMatchSpecExW
PathGetArgsW
PathRemoveArgsW
PathQuoteSpacesW
StrCmpIW
PathRemoveBlanksW
PathFindExtensionW
StrCmpNIW
ord24
ord172
StrDupW
ord152
UrlIsW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LockResource
GetModuleHandleW
GetModuleFileNameW
DisableThreadLibraryCalls
LoadStringA
SizeofResource
LoadResource
GetProcAddress
GetModuleFileNameA
LoadLibraryExW
LoadStringW
FindResourceExW

api-ms-win-core-synch-l1-2-0

DeleteCriticalSection
InitializeCriticalSectionEx
CreateMutexW
InitOnceComplete
Sleep
AcquireSRWLockShared
CreateSemaphoreExW
ReleaseSemaphore
ReleaseSRWLockShared
WaitForSingleObject
ReleaseSRWLockExclusive
InitOnceBeginInitialize
AcquireSRWLockExclusive
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-localization-l1-2-1

LCMapStringW
LocaleNameToLCID
GetSystemPreferredUILanguages
ResolveLocaleName
LCMapStringEx
GetSystemDefaultLCID
IsDBCSLeadByte
IsDBCSLeadByteEx
FormatMessageW
FindNLSStringEx
FindNLSString

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-1

CoTaskMemRealloc
StringFromGUID2
PropVariantClear
CoGetMalloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
PropVariantCopy
CreateStreamOnHGlobal
CoCreateFreeThreadedMarshaler
GetHGlobalFromStream

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal
CompareStringW

api-ms-win-core-sysinfo-l1-2-1

GetLocalTime
GetSystemTime
GetTickCount
GetVersionExW
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegGetValueW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRemoveFileSpec
PathCchCombine

api-ms-win-core-winrt-error-l1-1-1

RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-core-string-l2-1-0

CharLowerW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-file-l1-2-1

GetTempPathW

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
ActivateActCtx
CreateActCtxW
DeactivateActCtx

api-ms-win-core-kernel32-legacy-l1-1-1

GetStringTypeExA

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiA
lstrlenA
lstrcmpiW
lstrcmpW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock
GlobalSize

api-ms-win-winrt-search-folder-l1-1-0

CreateSingleVisibleInList
SHCreateSearchIDListFromAutoList
CreateResultSetFactory
SHCreateScopeItemFromIDList
SHCreateTransientVFolderIDList
SHCreateScopeItemFromKnownFolder
CreateDefaultProviderResolver
SEARCH_RemoteLocationsCscStateCache_IsRemoteLocationInCsc
SHCreateScopeItemFromShellItem
GetGatherAdmin
GetScopeFolderType
SHCreateScopeFromShellItemArray
SHCreateAutoList
SEARCH_WriteAutoListContents
SHCreateScope
SHCreateScopeFromIDListsEx
SHCreateAutoListWithID
IsMSSearchEnabled

ntdll

EtwEventEnabled
EtwEventActivityIdControl
EtwEventWriteTransfer
EtwEventSetInformation
EtwEventRegister
EtwEventUnregister
EtwEventWrite

user32

InsertMenuItemW
CreateMenu
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemInfoW
GetMenuItemCount
DestroyMenu
RemoveMenu
GetSubMenu
LoadMenuW
GetKeyboardLayout
SendMessageW
GetCursorPos
GetWindowRect
RegisterClipboardFormatW
GetKeyState
DeleteMenu

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

AppendHiddenSearchContext
CDBFolderUI_CreateInstance
CSearchDelegateFolderUI_CreateInstance
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetAggregateQueryError
s_GetStartMenuFilesScope

Sections

.text
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3152d56ebef5fb22fc526f5bc6d95e9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-shcore-unicodeansi-l1-1-0

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-shcore-registry-l1-1-1

api-ms-win-shcore-stream-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

shcore

shell32

shlwapi

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-winrt-search-folder-l1-1-0

ntdll

user32

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 265KB - Virtual size: 264KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 344B

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 265KB - Virtual size: 264KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 344B

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 16KB - Virtual size: 16KB