msimg32[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

msimg32.dll
Size

2.6MB
MD5

f0c756cfdbef7ffa13cfda91edb1b8d1
SHA1

9b2dd6c7eb954a2364ef2c2a463d152c6afdb7e1
SHA256

68a144f4924faeadeb110c433d7b7afc5383a4c163704916e3e6c52f20bc449b
SHA512

89f7a367a353e73d2afb574443a595f10acf609e3f3014e1fbcdb8dd356f569676dd657d68a575f99dc171a56d834cf4881db00c9331dfb3d2d15642fed12275
SSDEEP

24576:cs17EV86bow9nnlC3RuHTqThZYe4u+k6neB6VOyxRaW5E4Y1PTNKTC9qIljCh/qv:c6Q0R2KMOydY1PTNmCgqjEea4DcnIz7H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
msimg32.dll

Files

msimg32.dll
.dll windows:5 windows x86 arch:x86

be18e006c2c29378a0969bf160fa95d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\CodeBlocks\yara-3.6.0\windows\vs2015\libyara\Release\x32\yara.pdb

Imports

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom

kernel32

CreateMutexA
SetEndOfFile
HeapSize
CreateFileW
SetStdHandle
SetFilePointerEx
FlushFileBuffers
GetProcessHeap
SetEnvironmentVariableW
ReadProcessMemory
TlsFree
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
GetTimeZoneInformation
TlsSetValue
TlsGetValue
TlsAlloc
WaitForSingleObject
ReleaseMutex
GetCurrentThreadId
FreeEnvironmentStringsW
GetSystemInfo
GetCurrentProcess
OpenProcess
VirtualQueryEx
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
HeapCreate
ReadFile
CreateFileA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
CloseHandle
GetFileSizeEx
SetEnvironmentVariableA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedIncrement
GetProcAddress
SwitchToThread
GetModuleHandleA
FormatMessageW
GetStdHandle
GetFileType
WriteFile
GetLastError
MultiByteToWideChar
SwitchToFiber
DeleteFiber
CreateFiber
WideCharToMultiByte
ConvertFiberToThread
ConvertThreadToFiber
GetTickCount
GlobalMemoryStatus
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FreeLibrary
LoadLibraryExW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ExitProcess
RaiseException
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentThread
GetACP
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
GetConsoleCP
GetStringTypeW
EncodePointer
DecodePointer

ws2_32

connect
closesocket
bind
accept
WSASetLastError
send
recv
getnameinfo
listen
getaddrinfo
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
ntohs
getsockopt
getsockname
ioctlsocket
setsockopt
socket
freeaddrinfo

crypt32

CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW

Exports

Exports

AlphaBlend
AlphaBlend
yr_compiler_add_string
yr_compiler_create
yr_compiler_define_boolean_variable
yr_compiler_define_float_variable
yr_compiler_define_integer_variable
yr_compiler_define_string_variable
yr_compiler_destroy
yr_compiler_get_current_file_name
yr_compiler_get_error_message
yr_compiler_get_rules
yr_compiler_set_callback
yr_filemap_map
yr_filemap_map_ex
yr_filemap_map_fd
yr_filemap_unmap
yr_filemap_unmap_fd
yr_finalize
yr_finalize_thread
yr_get_configuration
yr_get_tidx
yr_hash_table_add
yr_hash_table_add_raw_key
yr_hash_table_clean
yr_hash_table_create
yr_hash_table_destroy
yr_hash_table_lookup
yr_hash_table_lookup_raw_key
yr_initialize
yr_object_print_data
yr_rules_define_boolean_variable
yr_rules_define_float_variable
yr_rules_define_integer_variable
yr_rules_define_string_variable
yr_rules_destroy
yr_rules_load
yr_rules_load_stream
yr_rules_save
yr_rules_save_stream
yr_rules_scan_fd
yr_rules_scan_file
yr_rules_scan_mem
yr_rules_scan_mem_blocks
yr_rules_scan_proc
yr_set_configuration
yr_set_tidx

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 374KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 929KB - Virtual size: 929KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be18e006c2c29378a0969bf160fa95d6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ws2_32

crypt32

user32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 374KB - Virtual size: 376KB

.data Size: 22KB - Virtual size: 40KB

.gfids Size: 512B - Virtual size: 4KB

.rsrc Size: 929KB - Virtual size: 929KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 374KB - Virtual size: 376KB

.data
Size: 22KB - Virtual size: 40KB

.gfids
Size: 512B - Virtual size: 4KB

.rsrc
Size: 929KB - Virtual size: 929KB