dmdlgs[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dmdlgs.dll
Size

393KB
MD5

b2382442207916dc8a7a70ee226ba992
SHA1

d67038544d849871257f91f87474b0149d81ef00
SHA256

94faf0833820cf686b580845010829edbe6f07cb992c0c4f0f1cea5d5162637c
SHA512

bfb53cda4b630c3d37996f33512002ed99a89bc02a7af6190959f1940a7f89eaf36807b9b22d92e254706ec1348ec044060d5018056463b908057facbe1cd34a
SSDEEP

12288:eXBLMlxn8EiDUy55zqKGRFxTzmevkYKVi2y1:0LUxMoq5WzFxTzmevkYK2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dmdlgs.dll

Files

dmdlgs.dll
.dll regsvr32 windows:10 windows x86 arch:x86

a099e267fd9b0d3693408c09c4f7b554

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dmdlgs.pdb

Imports

mfc42u

ord1767
ord6048
ord4992
ord5261
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord616
ord2362
ord2350
ord859
ord2634
ord3087
ord2910
ord6195
ord5949
ord5977
ord3296
ord537
ord3991
ord536
ord6896
ord2755
ord2854
ord3798
ord4270
ord283
ord3568
ord472
ord3688
ord5784
ord5871
ord3605
ord656
ord2859
ord1899
ord3716
ord795
ord4253
ord3491
ord6172
ord4371
ord4970
ord5156
ord3714
ord793
ord3871
ord5154
ord3084
ord2567
ord4390
ord3569
ord609
ord4118
ord3312
ord5155
ord538
ord941
ord5706
ord4219
ord4829
ord5283
ord4848
ord4352
ord4942
ord4736
ord4899
ord489
ord768
ord3281
ord1900
ord771
ord1008
ord497
ord4254
ord2520
ord4709
ord4425
ord2046
ord4433
ord5284
ord1683
ord4269
ord561
ord815
ord5496
ord2717
ord6466
ord1129
ord4677
ord6350
ord3733
ord4616
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord4401
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord3393
ord3728
ord810
ord1933
ord927
ord3995
ord5852
ord3298
ord4120
ord6004
ord6278
ord686
ord2290
ord2291
ord5568
ord1808
ord1791
ord290
ord614
ord2615
ord1203
ord1220
ord4221
ord3998
ord446
ord743
ord2719
ord2722
ord2721
ord2607
ord5845
ord2332
ord2756
ord4272
ord500
ord772
ord6774
ord6138
ord5856
ord491
ord3614
ord6865
ord6279
ord925
ord3356
ord826
ord269
ord600
ord1240
ord1571
ord1250
ord1568
ord1570
ord342
ord1179
ord1248
ord1115
ord1194
ord1563
ord5276
ord4419
ord3592
ord2099
ord755
ord470
ord922
ord4229
ord2294
ord567
ord3634
ord3397
ord4395
ord2573
ord4214
ord692
ord3572
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord3347
ord2971
ord6898
ord6003
ord3993
ord2857
ord1634
ord1143
ord3621
ord3658
ord268
ord1560
ord2406
ord2385
ord3566
ord2088
ord384
ord693
ord3635
ord3365
ord4396
ord2574
ord1165
ord4155
ord940
ord942
ord4370
ord1155
ord4847
ord2932
ord2506
ord6330
ord5296
ord5886
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4391
ord1768
ord4073
ord2809
ord2769
ord1184
ord6928
ord6565
ord860
ord542
ord861
ord4704
ord4266
ord2371
ord6051
ord2568
ord4212
ord2016
ord2405
ord6362
ord1764
ord4638
ord641
ord324
ord4124
ord858
ord5679
ord535
ord2810
ord800
ord1128
ord540

msvcrt

__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler4_common
_initterm
memset
_onexit
_callnewh
malloc
free
_wcsicmp
wcstoul
_wtof
_ultow
_XcptFilter
_ftol2
_amsg_exit
memcpy
swprintf_s
wcsspn
wcstol
_vsnwprintf
__CxxFrameHandler3
floor

shell32

ord178

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
LocalAlloc
GlobalFree
FreeLibrary
GetCurrentThreadId
MoveFileW
CreateDirectoryW
FindNextFileW
FindClose
LocalFree
FormatMessageW
FindFirstFileExW
QueryDosDeviceW
lstrlenW
OutputDebugStringA
GetModuleFileNameW
LoadLibraryW
LoadLibraryA
GetLastError
GetProcAddress
GetModuleHandleA
SetLastError
GetModuleHandleW
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
LoadLibraryExW

user32

EnableWindow
SystemParametersInfoW
PostThreadMessageW
GetFocus
PostMessageW
GetParent
CopyRect
FillRect
GetSysColor
DrawFocusRect
ReleaseDC
GetDC
LoadImageW
GetClientRect
LoadBitmapW
SendMessageW

gdi32

GetDeviceCaps
ExtTextOutW
GetWindowOrgEx
GetTextExtentPoint32W
DeleteObject
CreateFontIndirectW

ole32

CoCreateInstance
CoTaskMemFree

dmdskmgr

?GetShortName@CDMNodeObj@@QAEXAAVCString@@@Z
?FindDriveLetter@CTaskData@@QAEX_JAAG@Z
?IsLocalMachine@CTaskData@@QAEHXZ
?HasNTFSwithDriveLetter@CTaskData@@QAEHXZ
?GetDeviceType@CDMNodeObj@@QAEKXZ
?GetParentDiskPtr@CDMNodeObj@@QAEPAV1@XZ
?GetName@CDMNodeObj@@QAEXAAVCString@@@Z
CompareDiskNames
CookieSort
?GetDiskInfo@CDMNodeObj@@QAEHAAUdiskinfoex@@@Z
?GetDiskCookies@CTaskData@@QAEXAAKPAPAJHKH@Z
?GetObjectId@CDMNodeObj@@QAEXAA_J@Z
namecmp
?GetUnallocSpace@CDMNodeObj@@QAE_JH@Z
?GetUsableContiguousSpaceInMB@CDMNodeObj@@QAE_JXZ
?EnumFirstVolumeMember@CDMNodeObj@@QAEXAAJ0@Z
?ContainsBootIniPartition@CDMNodeObj@@QAEHXZ
?ContainsSystemPartition@CDMNodeObj@@QAEHXZ
?GetDriveLetter@CDMNodeObj@@QAEXAAG@Z
?GetFileSystemTypes@CTaskData@@QAEXAAKPAPAUifilesysteminfo@@@Z
?GetFlags@CDMNodeObj@@QAEJXZ
?IsNTServer@CTaskData@@QAEHXZ
?GetServerName@CTaskData@@QAE?AVCString@@XZ
?GetDeviceAttributes@CDMNodeObj@@QAEKXZ
?GetDiskTypeName@CDMNodeObj@@QAEXAAVCString@@@Z
?GetDiskStatus@CDMNodeObj@@QAEHAAVCString@@@Z
?GetPartitionStyleString@CDMNodeObj@@QAEXAAVCString@@H@Z
?EnumDiskRegions@CDMNodeObj@@QAEXPAPAJAAJ@Z
?GetParentVolumePtr@CDMNodeObj@@QAEPAV1@XZ
?GetFileSystemLabel@CDMNodeObj@@QAEXAAVCString@@@Z
?GetSizeMB@CDMNodeObj@@QAEXAA_J@Z
?EnumNTFSwithDriveLetter@CTaskData@@QAEXPAHPAPAG@Z
?IsDiskEmpty@CDMNodeObj@@QAEHXZ
?GetImageNum@CDMNodeObj@@QAEHXZ
?IsMember@CDMNodeObj@@QAEHPAV1@@Z
?GetRegionInfo@CDMNodeObj@@QAEHAAUregioninfoex@@@Z
?GetVolumeInfo@CDMNodeObj@@QAEHAAUvolumeinfo@@@Z
?IsFTVolume@CDMNodeObj@@QAEHXZ
?GetPartitionStyle@CDMNodeObj@@QAE?AW4_PARTITIONSTYLE@@XZ
?GetMaxPartitionCount@CDMNodeObj@@QAEKXZ
?GetPrimaryPartitionCount@CDMNodeObj@@QAEKXZ
?HasExtendedPartition@CDMNodeObj@@QAEHXZ
?GetStorageType@CDMNodeObj@@QAE?AW4_STORAGE_TYPES@@XZ
?IsFirstFreeRegion@CDMNodeObj@@QAEHXZ
?GetLongName@CDMNodeObj@@QAEXAAVCString@@H@Z
?GetDiskCookiesForCreateVolume@CTaskData@@QAEXAAKPAPAJ@Z
?GetDriveLetters@CTaskData@@QAEXAAFPAPAGG@Z
?GetDiskCookiesForExtendVolume@CTaskData@@QAEXJAAKPAPAJ@Z
?SupportGpt@CTaskData@@QAEHXZ
?GetDiskCookiesForAddMirror@CTaskData@@QAEXJAAKPAPAJ@Z
?GetDiskInfoFromVolCookie@CTaskData@@QAEXJAAHAAKPAPAJKH@Z
?IsPreLonghornVdsVersion@CTaskData@@QAEHXZ
?GetFileSystemName@CDMNodeObj@@QAEXAAVCString@@@Z
?GetVolumeFileSystemTypes@CDMNodeObj@@QAEJAAKPAPAUilhfilesysteminfo@@@Z
?GetVolumeTotalSizeMB@CDMNodeObj@@QAE_JXZ
?GetShrinkableSizeInMB@CDMNodeObj@@QAE_JXZ
?IsUpgradeable@CDMNodeObj@@QAEHXZ
?CanHaveGPT@CDMNodeObj@@QAEHXZ
?GetIVolumeClientVersion@CTaskData@@QAEFXZ
?GetSize@CDMNodeObj@@QAEXAA_JH@Z
?IsEfi@CTaskData@@QAEHXZ
?GetMaxAdjustedFreeSize@CDMNodeObj@@QAEXAA_J@Z
?IsCurrSystemVolume@CDMNodeObj@@QAEHXZ
?IsCurrBootVolume@CDMNodeObj@@QAEHXZ
?FindRegionPtrFromRegionId@CTaskData@@QAEH_JPAPAVCDMNodeObj@@@Z

dmutil

ShowMessage

winbrand

BrandingFormatString

Exports

Exports

?AddLDMObjMapEntry@CDataCache@@QAEXPAU_LDM_OBJ_MAP_ENTRY@@@Z
?GetDiskCount@CDataCache@@QAEKXZ
?GetLdmObjectId@CDMNodeObj@@QAE_JXZ
?GetNumMembers@CDMNodeObj@@QAEKXZ
?GetOcxFrameCWndPtr@CTaskData@@QAEPAVCWnd@@XZ
?GetRegionColorStructPtr@CTaskData@@QAEXPAPAU_REGION_COLORS@@AAH@Z
?GetServerName@CDataCache@@QAE?AVCString@@XZ
?GetVolumeCount@CDataCache@@QAEKXZ
DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a099e267fd9b0d3693408c09c4f7b554

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

shell32

kernel32

user32

gdi32

ole32

dmdskmgr

dmutil

winbrand

Exports

Exports

Sections

.text Size: 151KB - Virtual size: 150KB

.data Size: 3KB - Virtual size: 11KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 208KB - Virtual size: 208KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 151KB - Virtual size: 150KB

.data
Size: 3KB - Virtual size: 11KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 208KB - Virtual size: 208KB

.reloc
Size: 21KB - Virtual size: 20KB