devenum[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

devenum.dll
Size

701KB
MD5

bff650bcbef46d82a6d2cada7a851f90
SHA1

dba45f0e8332760a4f3d6e9af55a952573b0c56c
SHA256

c2b8e5928979d0f37d7c0c079d6879e12fd577b8e3aeaea0efe3177d424917ab
SHA512

cb17858cacbb246db7f818c20f4b827ad2f287289488fd4d3642553150e09d6168440940dd46964e957e4025bf0fd4ac3c01f03c57ff9338f9c95fde0e03ced7
SSDEEP

6144:S/oSBafLLtV/9Sbnk0Nm9Oie5XaScgU4aUpR+iWOf+rdEEXuy:Q9iZgk0wEiEXatp4anuadEEuy

Score

1^/10

Malware Config

Signatures

Files

devenum.dll
.dll regsvr32 windows x64

19dd7dd75f221b84e4c63873c205d28a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteTreeW
RegEnumKeyExW
RegEnumKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW

avicap32

capGetDriverDescriptionW

dsound

DirectSoundEnumerateW

kernel32

DelayLoadFailureHook
DisableThreadLibraryCalls
EnumResourceNamesW
FindResourceW
GetEnvironmentVariableW
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetTickCount
HeapAlloc
HeapFree
HeapReAlloc
IsBadStringPtrA
IsBadStringPtrW
LoadLibraryW
LoadResource
MultiByteToWideChar
ResolveDelayLoadedAPI
SizeofResource

msdmo

DMOEnum
DMOGetName
DMOGetTypes

ntdll

_vsnprintf

ole32

CLSIDFromString
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CreateBindCtx
StringFromGUID2

oleaut32

SafeArrayAccessData
SafeArrayCreate
SafeArrayCreateVector
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
VariantClear
VariantInit

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vswprintf
_strdup
_wcsdup
_wcsicmp
calloc
free
fwrite
getenv
malloc
memcmp
memcpy
memmove
realloc
strchr
strcmp
strcpy
strcspn
strlen
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncmp

winmm

midiOutGetDevCapsW
midiOutGetNumDevs
waveInGetDevCapsW
waveInGetNumDevs
waveOutGetDevCapsW
waveOutGetNumDevs

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 368B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19dd7dd75f221b84e4c63873c205d28a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

avicap32

dsound

kernel32

msdmo

ntdll

ole32

oleaut32

ucrtbase

winmm

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.data Size: 4KB - Virtual size: 240B

.rodata Size: 4KB - Virtual size: 24B

.rdata Size: 44KB - Virtual size: 42KB

.pdata Size: 4KB - Virtual size: 1KB

.xdata Size: 4KB - Virtual size: 1KB

.bss Size: - Virtual size: 368B

.edata Size: 72KB - Virtual size: 69KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 436B

/4 Size: 4KB - Virtual size: 576B

/19 Size: 232KB - Virtual size: 228KB

/31 Size: 12KB - Virtual size: 9KB

/45 Size: 32KB - Virtual size: 28KB

/57 Size: 12KB - Virtual size: 8KB

/70 Size: 8KB - Virtual size: 4KB

/81 Size: 76KB - Virtual size: 74KB

/92 Size: 12KB - Virtual size: 10KB

.text
Size: 36KB - Virtual size: 33KB

.data
Size: 4KB - Virtual size: 240B

.rodata
Size: 4KB - Virtual size: 24B

.rdata
Size: 44KB - Virtual size: 42KB

.pdata
Size: 4KB - Virtual size: 1KB

.xdata
Size: 4KB - Virtual size: 1KB

.bss
Size: - Virtual size: 368B

.edata
Size: 72KB - Virtual size: 69KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 436B

/4
Size: 4KB - Virtual size: 576B

/19
Size: 232KB - Virtual size: 228KB

/31
Size: 12KB - Virtual size: 9KB

/45
Size: 32KB - Virtual size: 28KB

/57
Size: 12KB - Virtual size: 8KB

/70
Size: 8KB - Virtual size: 4KB

/81
Size: 76KB - Virtual size: 74KB

/92
Size: 12KB - Virtual size: 10KB