DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Static task
static1
1 signatures
General
-
Target
FfuProvider.dll
-
Size
619KB
-
MD5
df785c5e4aacaee3bd16642d91492815
-
SHA1
286330d2ab07512e1f636b90613afcd6529ada1e
-
SHA256
56cc8d139be12e969fff3bbf47b1f5c62c3db887e3fb97c79cf7d285076f9271
-
SHA512
3566de60fe76b63940cff3579da94f404c0bc713f2476ba00b9de12dc47973c7c22d5eed1fd667d20cea29b3c3c4fa648e5f44667e8369c192a4b69046e6f745
-
SSDEEP
6144:Dl7JmNA6s7wJzYlfa4QsFIKDys3NvGvcIKifgRw/zJkwT/F0MOAYIfsA46ItKata:Dld6A67qjFVKVSw/au2A4DclSZkL
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource FfuProvider.dll
Files
-
FfuProvider.dll.dll regsvr32 windows:10 windows x64 arch:x64
1e0aadd4dfd430f17cedbca6e1b9f6b2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
Imports
msvcrt
swscanf
__CxxFrameHandler3
strchr
wcstoul
_vsnprintf
iswspace
wcsrchr
_wcsnicmp
memmove
memcpy
memcmp
__RTDynamicCast
memset
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
malloc
_wcsicmp
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
_purecall
memmove_s
wcschr
wcstol
_vsnwprintf
_vscwprintf
memcpy_s
vswprintf_s
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler
_stricmp
bsearch
wcscmp
advapi32
RegDeleteKeyW
RegEnumKeyW
RegSetKeySecurity
RegFlushKey
AdjustTokenPrivileges
LookupPrivilegeValueW
RegLoadKeyW
RegUnLoadKeyW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
kernel32
GetSystemFirmwareTable
GetFileSize
LocalAlloc
ReleaseMutex
SetFilePointerEx
SetFileAttributesW
CreateMutexW
CopyFileExW
GetDriveTypeW
LCMapStringW
DeleteVolumeMountPointW
HeapFree
GetModuleHandleExW
HeapAlloc
GetProcAddress
GetProcessHeap
SetLastError
GetModuleHandleW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
GetLastError
GetModuleFileNameW
LoadLibraryExW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetThreadUILanguage
GetCurrentThreadId
GetCurrentProcessId
GetFileAttributesW
CompareStringW
CreateFileW
GetFileSizeEx
WriteFile
ReadFile
CloseHandle
GetTempPathW
CreateDirectoryW
RemoveDirectoryW
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapDestroy
MultiByteToWideChar
WideCharToMultiByte
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
VirtualQuery
SearchPathW
GetVersionExW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
VirtualProtect
LoadLibraryExA
ReleaseSRWLockExclusive
OutputDebugStringW
AcquireSRWLockExclusive
CreateIoCompletionPort
CreateEventW
DeviceIoControl
GetOverlappedResult
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
CopyFileW
GetVolumeInformationByHandleW
SetFilePointer
QueryPerformanceFrequency
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
GetFileTime
TrySubmitThreadpoolCallback
SetEvent
GetQueuedCompletionStatus
PostQueuedCompletionStatus
DeleteFileW
GetFirmwareEnvironmentVariableW
GetDiskFreeSpaceW
ole32
StringFromGUID2
CoTaskMemFree
CoCreateInstance
ProgIDFromCLSID
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoCreateGuid
user32
CharNextW
CharLowerBuffW
LoadStringW
oleaut32
VariantInit
GetErrorInfo
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
SysStringLen
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-heap-obsolete-l1-1-0
LocalFree
api-ms-win-core-file-l1-1-0
GetFullPathNameW
FindClose
FindNextFileW
FindFirstFileW
QueryDosDeviceW
GetFileInformationByHandle
GetVolumePathNameW
api-ms-win-core-processthreads-l1-1-0
OpenProcessToken
OpenThreadToken
GetCurrentThread
api-ms-win-core-file-l1-2-0
GetVolumeNameForVolumeMountPointW
api-ms-win-core-sysinfo-l1-1-0
GetSystemInfo
api-ms-win-core-libraryloader-l1-1-0
FreeLibrary
api-ms-win-core-registry-l1-1-0
RegSetValueExW
RegCreateKeyExW
ntdll
NtOpenFile
NtWaitForSingleObject
NtCreateFile
RtlNtStatusToDosError
NtQueryInformationFile
RtlExpandEnvironmentStrings
NtClose
RtlReAllocateHeap
NtReadFile
NtSetInformationFile
RtlRaiseStatus
NtYieldExecution
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
NtWriteFile
RtlFreeHeap
RtlAllocateHeap
RtlRandom
RtlNumberOfSetBits
RtlFindSetBits
RtlAreBitsClear
RtlSetBits
RtlClearAllBits
RtlInitializeBitMap
version
VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
bcrypt
BCryptDestroyHash
BCryptGetProperty
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
Exports
Exports
Sections
.text Size: 423KB - Virtual size: 422KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 149KB - Virtual size: 148KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 17KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 208B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ