mfH265Enc[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

mfH265Enc.dll
Size

1010KB
MD5

bb63f2a265d5e893c5281d1ef80bfa55
SHA1

e2d138c26dbb4a1c42ec17a584a6589219f91f53
SHA256

cd22716d56a32665f90c3a1a40a6faf7ff90876fbf3b4921ac8e8302a2b617d9
SHA512

42ee915c230f3a061ec3e416f4fc7cd16e8cb68c538d635fab4c288d3fe9e08390f3cb5d422fc4b4762c58bf7b85eb54bf712eb82eb55e798655b9ea9749b8ef
SSDEEP

24576:koueHT0ji+BPD6zeWlEBUVUaz1Ajt+qbas:Z/HQe+BPDVVUVv1Aj8qbas

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mfH265Enc.dll

Files

mfH265Enc.dll
.dll windows:10 windows x64 arch:x64

a213c91495efdbd418c1e66b9e56568e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mfH265Enc.pdb

Imports

api-ms-win-crt-heap-l1-1-0

_callnewh
_free_base
free
_calloc_base
malloc
realloc
calloc

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
DeleteCriticalSection
AcquireSRWLockShared
ResetEvent
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSection
LeaveCriticalSection
SetEvent
EnterCriticalSection
WaitForSingleObject
CreateEventW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetLogicalProcessorInformation
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError

api-ms-win-core-fibers-l1-1-0

FlsGetValue
FlsSetValue
FlsFree
FlsAlloc

api-ms-win-crt-runtime-l1-1-0

terminate
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
abort
_cexit

api-ms-win-crt-string-l1-1-0

wcsncpy_s
wcsnlen
strcat_s
strcmp
strcpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__acrt_iob_func
fread

api-ms-win-crt-convert-l1-1-0

_strtoui64
atof
atoi

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

powf
sqrt
sqrtf
pow
logf
log
floorf
floor
exp
sin
ceilf

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 812KB - Virtual size: 809KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a213c91495efdbd418c1e66b9e56568e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-heap-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 812KB - Virtual size: 809KB

fothk Size: 4KB - Virtual size: 4KB

.rdata Size: 100KB - Virtual size: 97KB

.data Size: 4KB - Virtual size: 46KB

.pdata Size: 20KB - Virtual size: 18KB

.didat Size: 4KB - Virtual size: 80B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 812KB - Virtual size: 809KB

fothk
Size: 4KB - Virtual size: 4KB

.rdata
Size: 100KB - Virtual size: 97KB

.data
Size: 4KB - Virtual size: 46KB

.pdata
Size: 20KB - Virtual size: 18KB

.didat
Size: 4KB - Virtual size: 80B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB