dmcertinst[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

dmcertinst.exe
Size

164KB
MD5

d3855d26acb7b9d80825e6e04d6576fa
SHA1

df7931099943173f60089fe34a2e21615aedc81b
SHA256

c385a87606f50ff7be946145072a30d1960e8d4d11474f84cf1a7d27d92ce0a5
SHA512

3387530654fc398b683d6d041da1947de51bee2bca190e3c1ead7de7969a3f4b1d0fb7e8203e40247c59c038129b77711cdf1c3ba94d1fd27a597eac5587c4be
SSDEEP

3072:4wBTM22n+tVt8n39cdrgpZYZTh+WDYJuz47KQOQ2WOivS1tZ0Yfs:4wBTMPxtcGY/+rysKQOQ2svS1km

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dmcertinst.exe

Files

dmcertinst.exe
.exe windows x64

2064ccc8d877e771ab8b868ad581a1a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp110_win

??1?$codecvt@GDH@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??_7codecvt_base@std@@6B@
??_7?$codecvt@GDH@std@@6B@
??Bid@locale@std@@QEAA_KXZ
?in@?$codecvt@GDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAG3AEAPEAG@Z
??0?$codecvt@GDH@std@@QEAA@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?id@?$codecvt@GDH@std@@2V0locale@2@A
?_Getcat@?$codecvt@GDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z

msvcrt

memset
memmove
memcpy
_CxxThrowException
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
_wcsnicmp
strrchr
strchr
strtol
_errno
malloc
__CxxFrameHandler3
_set_errno
strncpy_s
sprintf_s
_vsnprintf
swprintf_s
wcstoul
wcstok_s
wcscpy_s
??3@YAXPEAX@Z
_purecall
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_vsnwprintf
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
free
wcscmp
memcpy_s
_vsnprintf_s
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??_V@YAXPEAX@Z
wcsrchr
wcsstr
_wcsicmp

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleW
FreeLibrary
LoadLibraryExW
LoadStringW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenProcessToken
GetCurrentProcess
GetStartupInfoW
TerminateProcess
GetCurrentProcessId

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
SetEvent
InitializeSRWLock
ReleaseSemaphore
ReleaseSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockExclusive
CreateMutexW
CreateMutexExW
ReleaseSRWLockShared
OpenEventW
AcquireSRWLockShared
WaitForSingleObject
WaitForSingleObjectEx
ReleaseMutex
OpenSemaphoreW
CreateEventExW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteTreeW
RegQueryInfoKeyW
RegDeleteKeyExW

api-ms-win-core-namedpipe-l1-1-0

WaitNamedPipeW

api-ms-win-core-file-l1-1-0

ReadFile
CreateFileW

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoGetApartmentType
CoUninitialize
CoCreateInstance
CoInitializeEx
GetHGlobalFromStream
CreateStreamOnHGlobal

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalFree

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64
GetSystemTime

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock

omadmapi

ord35
ord64

certenroll

ord45

oleaut32

SysStringLen
VariantInit
SysFreeString
SysAllocString
VariantClear

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

ncrypt

NCryptOpenStorageProvider
NCryptGetProperty
NCryptDeleteKey
NCryptFreeObject
NCryptOpenKey

crypt32

CertFindCertificateInStore
CryptSetKeyIdentifierProperty
CertFreeCertificateContext
CertCloseStore
CryptBinaryToStringW
CryptUnprotectData
CryptEncodeObjectEx
CertOpenStore
CertDeleteCertificateFromStore
CertGetCertificateContextProperty

rpcrt4

UuidCreate

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpool
CreateThreadpool

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

NtPowerInformation
vDbgPrintEx
RtlAllocateHeap
ZwClose
TpReleaseAlpcCompletion
ZwAlpcSendWaitReceivePort
ZwAlpcDisconnectPort
TpAllocAlpcCompletion
RtlWakeAddressAll
ZwAlpcCancelMessage
RtlIsStateSeparationEnabled
RtlFreeHeap
AlpcGetMessageAttribute
AlpcInitializeMessageAttribute
TpWaitForAlpcCompletion
ZwAlpcConnectPort
RtlWaitOnAddress
ZwAlpcQueryInformation
RtlInitUnicodeString

dmcmnutils

HexStringToBinary
OmaDmRegistryGetDWORD
CopyString
BinaryToHexString
UnicodeToMB

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2064ccc8d877e771ab8b868ad581a1a4

Headers

DLL Characteristics

File Characteristics

Imports

msvcp110_win

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

omadmapi

certenroll

oleaut32

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

ncrypt

crypt32

rpcrt4

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

ntdll

dmcmnutils

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 160B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 484B

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 160B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 484B