ieshims[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

ieshims.dll
Size

193KB
MD5

4c8452054132700afaef0ea354934333
SHA1

5cf0c1c271bda16bfd3655b9bfa6260899ef33c9
SHA256

1892cd0d6218f1f5883fc259bbfa9326b95a34f902696faa2f18b573feec1cda
SHA512

70e9fee8505ab7e6390930399a3c70d025b704236253b5cc275d278be13bfcaf8c3f41215bbd7e05c3fe0173dbbafd48aa47f690060152fabe7c9323d80c99a6
SSDEEP

3072:KCbYPaorTBb4jD3fQZTMNjz97T76H6mFDo0ZKP133BBUMM:KCbitsvQiNjz9WH1/ZKP1nj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ieshims.dll

Files

ieshims.dll
.dll windows:6 windows x86 arch:x86

44acb5a229b060be26fbcc2f2f1e7e1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ieshims.pdb

Imports

msvcrt

_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
fclose
_wfopen
fputws
calloc
wcsncmp
_vscwprintf
_wcslwr
??1type_info@@UAE@XZ
free
_except_handler4_common
?terminate@@YAXXZ
memmove
_CxxThrowException
_unlock
__dllonexit
_lock
_onexit
wcsspn
memcpy
memset
realloc
__CxxFrameHandler3
malloc
_wcsnicmp
iswspace
towlower
wcstok
wcsstr
wcsrchr
wcspbrk
wcschr
_vsnwprintf
_wcsicmp
iswctype

ntdll

RtlNtStatusToDosError
NtQueryObject

kernel32

LoadLibraryW
InitializeCriticalSection
EnterCriticalSection
EncodePointer
FindFirstFileW
CreateMutexW
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
QueryDosDeviceW
GetLogicalDriveStringsW
OpenProcess
WaitForSingleObject
TerminateProcess
FindNextFileW
FindClose
DecodePointer
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
OutputDebugStringW
OutputDebugStringA
GetModuleHandleA
VirtualProtect
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
lstrlenW
lstrcmpiW
CopyFileW
CreateDirectoryW
GetFileInformationByHandle
DeviceIoControl
GetCurrentThreadId
GetFileAttributesW
SearchPathW
SetLastError
LocalAlloc
GetModuleFileNameW
VirtualQuery
LocalFree
GetCurrentDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
FreeLibrary
GetProcAddress
HeapFree
GetProcessHeap
InterlockedDecrement
HeapAlloc
InterlockedIncrement
GetLongPathNameW
GetFullPathNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
GetEnvironmentVariableW
GetModuleHandleExW
GetCurrentProcessId
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
CloseHandle
WaitForSingleObjectEx
OpenEventW
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
GetProcessId
CreateFileW
GetFileSizeEx
SetFileAttributesW

shlwapi

PathFindFileNameW
StrDupW
PathSkipRootW
ord437
ord158
ord156
ord157
ord152
SHRegGetValueW
PathIsUNCW
PathGetArgsW

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysFreeString

advapi32

RegCloseKey
RegQueryValueW
RegOpenKeyExW
DecryptFileW
EncryptFileW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegCreateKeyExW

iertutil

ord50
ord170
ord45
ord305
ord58

shell32

ShellExecuteExW
SHGetFolderPathW

user32

GetClassNameW
GetForegroundWindow
GetWindowThreadProcessId
GetPropW
AllowSetForegroundWindow
GetGUIThreadInfo

Exports

Exports

AcRedirNotify
AcRedirNotifySetEnabled
AcRedirSetEnabled
IEShims_GetOriginatingThreadId
IEShims_InDllMainContext
IEShims_Initialize
IEShims_SetRedirectRegistryForThread
IEShims_Uninitialize

Sections

.text
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44acb5a229b060be26fbcc2f2f1e7e1a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

shlwapi

ole32

oleaut32

advapi32

iertutil

shell32

user32

Exports

Exports

Sections

.text Size: 173KB - Virtual size: 172KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 173KB - Virtual size: 172KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB