fdPnp[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fdPnp.dll
Size

46KB
MD5

b246c04c748a17a6780f2aceb560fe39
SHA1

c414d7d38f71eff786b2febeb9aab5dd8e17efbc
SHA256

0b573372a437ed9fce0020cf832434a6909ed0a1fa97b2ca32a6d34d84275850
SHA512

e2918c13d27bcd568eb2df16762f22047edd088c97e76b8411510423e86b78fbb3a0e42fb7b4e6d65b6ee218f1a8f5d2c02dee8bd4386824c3d078f3d1350e34
SSDEEP

768:2SMwg0klj6DQhZHsN0izzZ6FJmCh3tEKpPsay13XzVYoi9YEVcDLIyeFeP:2a864Ns66sJmChOKpPsa83BJi9YBDLI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdPnp.dll

Files

fdPnp.dll
.dll windows:10 windows x86 arch:x86

d544d90a945fff48ff2a14b979ebbf90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

fdPnp.pdb

Imports

msvcrt

memmove
free
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
_wcsicmp
wcsncmp
realloc
_purecall
_except_handler4_common
memcmp
memcpy
memset

atl

ord32
ord15
ord21
ord16
ord23
ord30

oleaut32

SysFreeString
SafeArrayGetDim
SafeArrayGetLBound
SysStringByteLen
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayGetVartype
SafeArrayGetElemsize
SafeArrayGetUBound

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceLoggerHandle
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

CreateEventW
InitializeCriticalSection
DeleteCriticalSection
SetEvent
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObject
AcquireSRWLockExclusive

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateGuid
CoInitializeEx
IIDFromString
PropVariantClear
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCloseKey

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
CreateThread

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

FreeSid
CheckTokenMembership
AllocateAndInitializeSid

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

user32

DestroyWindow
SetWindowLongW
PeekMessageW
UnregisterDeviceNotification
DefWindowProcW
RegisterClassExW
UnregisterClassW
MsgWaitForMultipleObjects
RegisterDeviceNotificationW
CreateWindowExW
TranslateMessage
GetWindowLongW
DispatchMessageW

devobj

DevObjGetDeviceInterfacePropertyKeys
DevObjSetDeviceProperty
DevObjGetDevicePropertyKeys
DevObjCreateDeviceInfoList
DevObjSetDeviceInterfaceProperty
DevObjEnumDeviceInfo
DevObjDeleteDeviceInfo
DevObjEnumDeviceInterfaces
DevObjOpenDeviceInfo
DevObjGetClassDevs
DevObjGetDeviceInterfaceProperty
DevObjGetDeviceProperty
DevObjGetDeviceInterfaceDetail
DevObjDestroyDeviceInfoList
DevObjOpenClassRegKey
DevObjGetDeviceInstanceId
DevObjOpenDeviceInterface

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d544d90a945fff48ff2a14b979ebbf90

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

oleaut32

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

user32

devobj

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 36B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 35KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 36B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB