wmidcom[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

wmidcom.dll
Size

172KB
MD5

f1d17fa0d8d90a0bf2b357507d3e80a2
SHA1

460342c89eb60a577387dbda9c9bf6489bca8916
SHA256

be83f4888ef9fc18db6dc99a19765e988c4a1e329608b9ac7566de0933c86fd9
SHA512

79373bd014848769239bc929de7249a8267d47fe22cec36e7aa0807196b4a70681f99a03514369e067bf9718f36244d00d8298aa049fd1052b465b3d97351a4b
SSDEEP

1536:TWwJom6rxnLUEQ4irkPA4mX8URbk4vrQkoqfY+3Js+rYUnqtVt/k0AMge/Ozvqr0:df6rxv1nANDvm+MdAU+rR/mnA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
wmidcom.dll

Files

wmidcom.dll
.dll windows x64

2882ca99594c872c0c6916879dccd179

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
_XcptFilter
_amsg_exit
free
malloc
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__dllonexit
_onexit
memset
__CxxFrameHandler3
__C_specific_handler
??0exception@@QEAA@AEBQEBD@Z
_vsnwprintf
_unlock
_wcsicmp
_purecall
_lock
?what@exception@@UEBAPEBDXZ
memmove
memcpy
_CxxThrowException
wcscmp

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
SubmitThreadpoolWork
CallbackMayRunLong
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolWorkCallbacks
FreeLibraryWhenCallbackReturns
WaitForThreadpoolTimerCallbacks

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateEventW
InitializeCriticalSectionEx
SetEvent
WaitForSingleObject

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoSetProxyBlanket
CoDisconnectContext
CoInitializeEx
CoUninitialize

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount64

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
LoadLibraryExW

api-ms-win-security-base-l1-1-0

RevertToSelf
AdjustTokenPrivileges
ImpersonateLoggedOnUser
ImpersonateSelf
GetTokenInformation

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
OpenThreadToken
SetThreadToken
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread

crypt32

CryptUnprotectMemory
CryptProtectMemory

sspicli

LogonUserExExW

api-ms-win-core-localization-l1-2-0

LocaleNameToLCID

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

miutils

CimErrorFromErrorCode
SetModifiedPropertyNamesToContext
OperationOptions_CopyOptions
OptionsValueToContextValue
ValueToVariant
RtlInterlockedWakeAll
ParametersToWMIObject
RtlInterlockedCompareWait
ClassCache_GetClass
PublishClientOperationInfo
VariantToValue
InstanceToWMIObject
WMIExtendedObjectToInstance
CreateConversionContext
WMIObjectToClass
TypeToCimType
Instance_New
OperationOptions_Create
WMIObjectToInstance
ClassCache_AddClass
GetMethodParameters
ValueClear
GetReferenceFromWMIObjectPath
Instance_InitDynamic
IsLifeCycleIndicationQuery
WriteWBEM_MC_CLIENT_REQUEST_FAILURE
?GetFlags@MiSchema@@UEBAJXZ
SetCorrelationIdToWbemContext
??0IndicationSchema@@QEAA@XZ
?GetMiClass@IndicationSchema@@UEAAJPEBG00PEAPEBU_MI_Class@@@Z
?GetNoneCachedWmiClass@WMISchema@@UEAAJPEBGPEAUIWbemServices@@AEAV?$CComPtr@UIWbemClassObject@@@ATL@@PEAUIConversionContext@@@Z
?GetWmiClass@WMISchema@@UEAAJPEBG0AEAV?$CComPtr@UIWbemClassObject@@@ATL@@PEAUIConversionContext@@@Z
??1WMISchema@@UEAA@XZ
??0WMISchema@@QEAA@XZ
PublishDebugMessage
PublishDebugInfo
ResultFromHRESULT
?DeInitialize@WMISchema@@QEAAJXZ
ResultToHRESULT
ClassCache_Delete
?CreateInstance@DynamicSchema@@UEAAJPEBGPEAUIWbemClassObject@@KPEBU_MI_PropertySet@@_NAEAPEAU_MI_Instance@@PEAUIConversionContext@@@Z
?GetMiClass@DynamicSchema@@UEAAJPEBG00PEAPEBU_MI_Class@@@Z
??0DynamicSchema@@QEAA@XZ
ClassCache_New
GetCorrelationId
?SetFlags@MiSchema@@MEAAJJ@Z
?CreateInstance@IndicationSchema@@UEAAJPEBGPEAUIWbemClassObject@@KPEBU_MI_PropertySet@@_NAEAPEAU_MI_Instance@@PEAUIConversionContext@@@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

??0CCritSec@@QEAA@XZ
??1CCritSec@@QEAA@XZ
??4CAutoSetActivityId@@QEAAAEAV0@AEBV0@@Z
??4CCritSec@@QEAAAEAV0@AEBV0@@Z
MI_Application_InitializeV1

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2882ca99594c872c0c6916879dccd179

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-processthreads-l1-1-0

crypt32

sspicli

api-ms-win-core-localization-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

miutils

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 72B

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 1024B - Virtual size: 612B

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 72B

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 1024B - Virtual size: 612B