umpnpmgr[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

umpnpmgr.dll
Size

164KB
MD5

7cfed937d857d12702e1f7e1ff553a19
SHA1

6d96a75219b7651eb142e6efb93e93d0196c29e3
SHA256

2c2b4c8e18a213b988cc3f33cc219414515f07fcca44b968f9bfe875634e5a5d
SHA512

4000579b90e945c10873f2970740de106c4a3601b5131b63f5314075053cd757e8d16970d9666cd41c54f473d353100e8d1b9dfeb774c45bf790b65db69c911b
SSDEEP

3072:Q4zXP6Oxq6vYPLmgN2R5vgSAxEFq/ZqYs:QYl8E1EEF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
umpnpmgr.dll

Files

umpnpmgr.dll
.dll windows:10 windows x64 arch:x64

a7bdf21d1a733c4fad9ce56589308456

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

umpnpmgr.pdb

Imports

msvcrt

_initterm
malloc
free
memmove
_amsg_exit
_XcptFilter
wcschr
memcpy
toupper
_vsnprintf
_resetstkoflw
_itow_s
__C_specific_handler
wcsstr
_vsnwprintf
wcsrchr
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtSetInformationFile
NtQueryInformationFile
NtDeleteValueKey
NtSetValueKey
NtQueryValueKey
NtCreateKey
NtOpenKey
RtlFreeUnicodeString
RtlFormatCurrentUserKeyPath
NtQuerySystemInformation
RtlGetVersion
RtlVirtualUnwind
RtlRandomEx
RtlCreateServiceSid
EtwEventUnregister
EtwEventRegister
RtlInitUnicodeString
RtlDeleteSecurityObject
RtlNtStatusToDosError
NtSetInformationThread
NtClose
RtlNewSecurityObject
RtlCreateAndSetSD
NtOpenThreadToken
RtlImpersonateSelf
RtlAdjustPrivilege
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
RtlDestroyHeap
RtlPublishWnfStateData
RtlNtStatusToDosErrorNoTeb
EtwEventWriteTransfer
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwEventSetInformation

api-ms-win-core-synch-l1-1-0

CreateMutexW
EnterCriticalSection
SleepEx
ReleaseMutex
WaitForMultipleObjectsEx
OpenEventW
InitializeCriticalSection
ResetEvent
SetEvent
WaitForSingleObjectEx
LeaveCriticalSection
DeleteCriticalSection
CreateEventW

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleW
GetProcAddress
LoadStringW
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteTreeW
RegOpenKeyExW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
CompareStringW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

rpcrt4

RpcServerInterfaceGroupClose
RpcServerInterfaceGroupDeactivate
RpcServerInterfaceGroupActivate
RpcServerInterfaceGroupCreateW
I_RpcBindingInqLocalClientPID
RpcImpersonateClient
RpcAsyncCompleteCall
RpcStringFreeW
RpcRevertToSelf
RpcStringBindingParseW
NdrServerCall2
NdrAsyncServerCall
NdrServerCallAll
Ndr64AsyncServerCallAll
I_RpcMapWin32Status
RpcBindingToStringBindingW
I_RpcBindingIsClientLocal

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
TerminateProcess
QueueUserAPC
GetCurrentThread
GetCurrentProcessId
CreateProcessW
GetCurrentThreadId
GetExitCodeProcess
GetCurrentProcess
OpenThreadToken
CreateThread

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount64
GetLocalTime

api-ms-win-core-file-l1-1-0

GetFullPathNameW
CreateDirectoryW
SetEndOfFile
FileTimeToLocalFileTime
WriteFile
GetFileSize
FlushFileBuffers
SetFilePointer
FindClose
FindFirstFileW
GetFileInformationByHandle
DeleteFileW
SetFileAttributesW
FindNextFileW
GetTempFileNameW
CreateFileW
GetFileAttributesW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-devices-config-l1-1-1

CM_Get_Device_ID_ListW
CM_Get_DevNode_Registry_PropertyW
CM_Set_DevNode_Registry_PropertyW
CM_Locate_DevNodeW
CM_Get_Device_ID_List_SizeW
CM_Register_Notification
CM_Unregister_Notification
CM_Get_DevNode_Status
CM_Get_DevNode_PropertyW
CM_Get_Depth
CM_Set_DevNode_PropertyW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
QueueUserWorkItem

api-ms-win-security-base-l1-1-0

GetLengthSid
GetTokenInformation
DuplicateTokenEx
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
MapGenericMask
AccessCheckAndAuditAlarmW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineA

api-ms-win-core-localization-l1-2-0

LCMapStringW

api-ms-win-core-file-l2-1-0

CreateHardLinkW
MoveFileExW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-service-private-l1-1-1

I_ScRegisterPreshutdownRestart

kernelbase

WTSGetServiceSessionId

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

PlugPlayServiceMain
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7bdf21d1a733c4fad9ce56589308456

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

rpcrt4

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-file-l1-2-4

api-ms-win-service-core-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-apiquery-l2-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-threadpool-private-l1-1-0

api-ms-win-service-private-l1-1-1

kernelbase

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 81KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 4KB - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 3KB

.didat Size: 4KB - Virtual size: 40B

.rsrc Size: 28KB - Virtual size: 24KB

.reloc Size: 4KB - Virtual size: 304B

.text
Size: 84KB - Virtual size: 81KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 3KB

.didat
Size: 4KB - Virtual size: 40B

.rsrc
Size: 28KB - Virtual size: 24KB

.reloc
Size: 4KB - Virtual size: 304B