msimg32[.]dll | Triage

Sharing

General

Target

msimg32.dll
Size

8KB
MD5

123191c6fccd0f1a94f55dee608b194b
SHA1

0e10d601bc5f16d612401d1fc3190b48020a898f
SHA256

c20bc3feb9614cb3ad82a89c2fc5bcc746b45127887aaada6d2fc6f4d7bd5f6a
SHA512

717320af0c3d0f2205f10f89fe9f39658705dcead879c254a524b9eb457bc8ca26b21b8e262c6b7d2b234b45e05d5895de81810409803ffe25f6fdea33244c1a
SSDEEP

96:PHKX1jkQCkcVBdi/oUw4WEPx9h+Q8L/ybGxwx8a2uFMLY0g:PqFzm0/vPPx9f8zmGxwx2uJp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
msimg32.dll

Files

msimg32.dll
.dll windows:5 windows x64 arch:x64

733a914a9919d0bca8e1634b1a240157

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msimg32.pdb

Imports

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtProtectVirtualMemory

kernel32

QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
SetLastError
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExA
DisableThreadLibraryCalls
GetCurrentProcessId
GetCommandLineW
GetModuleHandleA
GetProcAddress
CreateThread

gdi32

GetDeviceCaps
GetObjectA
GetCurrentObject
GdiAlphaBlend
GdiGradientFill
GdiTransparentBlt
GetObjectType

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ