Microsoft[.]Uev[.]AgentWmi[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

Microsoft.Uev.AgentWmi.dll
Size

1.0MB
MD5

10528ca8bdfd1f0a8031b7643e2ba488
SHA1

2de145bc2cc1cc3dd3598b9034fc8554efb56254
SHA256

b1370e087876367d2190c4e41630f17ff973b963f43e25a55ab93236c6d562ee
SHA512

ca9a7161b459c47d49d5a13ab44d5ff17bc03a780b35d2587899010b4b9ae29503a8f484160b7e829e169e05d77361248310d2eb58d409b6811048523b635fc7
SSDEEP

24576:GX4lEqOyfL/TKcJpDffb4iqosljiodMg+DW9YM0h3a73aEW1HANFr3X+L+qd5an9:GolfybdOD64YKEW1gNFrHud5an9

Score

1^/10

Malware Config

Signatures

Files

Microsoft.Uev.AgentWmi.dll
.dll regsvr32 windows x86

980059678da699cc1242ca1e4d9ce8e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strchr
time
mbstowcs_s
ftell
_wfopen_s
fseek
fread
ferror
feof
_stricmp
_wtoi
strerror
_wcsicmp
_wfsopen
fgetc
fclose
fflush
fputc
_vsnwprintf
setvbuf
__CxxFrameHandler3
??_V@YAXPAX@Z
memcpy_s
wcscpy_s
wcscat_s
_purecall
free
towlower
_fseeki64
fsetpos
ungetc
fgetpos
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_vsnprintf_s
isalnum
memcmp
___lc_collate_cp_func
memchr
tolower
isspace
_Strftime
_Gettnames
__mb_cur_max
_Wcsftime
_W_Gettnames
_W_Getmonths
_W_Getdays
_Getmonths
_Getdays
ldexp
realloc
abort
__uncaught_exception
_wsetlocale
__crtLCMapStringA
__crtLCMapStringW
__crtCompareStringA
__crtCompareStringW
??8type_info@@QBEHABV0@@Z
_wcsdup
islower
memset
_ismbblead
___mb_cur_max_func
___lc_codepage_func
___lc_handle_func
isupper
__pctype_func
setlocale
_unlock
_lock
_errno
memmove
memcpy
_CxxThrowException
??0exception@@QAE@XZ
_callnewh
calloc
memmove_s
??0exception@@QAE@ABQBDH@Z
sprintf_s
localeconv
strcspn
?name@type_info@@QBEPBDXZ
ldiv
??0exception@@QAE@ABV0@@Z
swprintf_s
isdigit
fwrite
_wcsnicmp
malloc
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
wcsncpy_s
??3@YAXPAX@Z

user32

CharNextW
UnregisterClassA

kernel32

OpenEventA
FormatMessageA
AreFileApisANSI
CopyFileW
GetCurrentDirectoryW
GetFileAttributesExW
SetFileTime
RemoveDirectoryW
DeviceIoControl
CreateDirectoryW
LocalAlloc
GetProcessMitigationPolicy
FindClose
FindNextFileW
FindFirstFileW
AcquireSRWLockShared
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
GetTempPathW
GetLongPathNameW
lstrlenA
GetExitCodeProcess
SystemTimeToFileTime
OpenProcess
GetFileTime
LocalUnlock
GetFileSize
MoveFileExW
DeleteFileW
SetFileAttributesW
GetComputerNameExW
GetFileAttributesW
CreateFileW
TlsSetValue
WriteFile
LocalLock
ReadFile
IsDebuggerPresent
DebugBreak
GetProcessHeap
CreateMutexExW
GetLocalTime
SizeofResource
SetThreadLocale
EnterCriticalSection
GetModuleFileNameW
GetThreadLocale
LeaveCriticalSection
MultiByteToWideChar
GetLastError
RaiseException
FindResourceExW
LoadResource
GetProcAddress
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
InitializeCriticalSection
DeleteCriticalSection
CreateEventA
SetEvent
CloseHandle
WideCharToMultiByte
LocalFree
GetStringTypeW
InitializeCriticalSectionEx
GetLocaleInfoW
Sleep
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
HeapFree
HeapAlloc
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
FormatMessageW
ReleaseMutex
WaitForSingleObject
SetLastError
ReleaseSemaphore
ResetEvent
TlsAlloc
TlsGetValue
TlsFree
CreateSemaphoreExW
ProcessIdToSessionId
ExpandEnvironmentStringsW
GetModuleHandleExW
GetModuleFileNameA

ole32

OleRun
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoImpersonateClient

oleaut32

SafeArrayGetUBound
VariantInit
VariantChangeType
SysAllocStringByteLen
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayCreateVector
SafeArrayAccessData
VariantClear
UnRegisterTypeLi
LoadTypeLi
SysFreeString
RegisterTypeLi
SysAllocString
SysStringLen
VarUI4FromStr
SysAllocStringLen
SysStringByteLen

advapi32

EqualSid
CreateWellKnownSid
GetNamedSecurityInfoW
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegSetKeyValueW
RegDeleteKeyExW
RegEnumValueW
RegDeleteTreeW
RegQueryValueExW
RegGetValueW
EventWriteTransfer
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
EventUnregister
EventSetInformation
EventRegister
RegDeleteValueW

shell32

SHGetKnownFolderPath

activeds

ord3

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 953KB - Virtual size: 953KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

980059678da699cc1242ca1e4d9ce8e2

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

user32

kernel32

ole32

oleaut32

advapi32

shell32

activeds

Exports

Exports

Sections

.text Size: 953KB - Virtual size: 953KB

.data Size: 30KB - Virtual size: 36KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 54KB - Virtual size: 54KB

.text
Size: 953KB - Virtual size: 953KB

.data
Size: 30KB - Virtual size: 36KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 54KB - Virtual size: 54KB