dmenrollengine[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

dmenrollengine.dll
Size

543KB
MD5

e7a1316099efe2a49f60722af2ed1cfd
SHA1

c44e3fc617f014a279d2c98709045f275b4060b4
SHA256

a9bc43f838392b3839f02168e5ad207bd6145910126e62f0e779de0d91e7ae27
SHA512

ef241cf55164bd2b74d921940e73cc57c2e014b632fa18d3a5a027157e10a752d93b43e8a30a98e3bb2a0f9c1115718ab68487b49da0854951e02e667b5c9f85
SSDEEP

12288:KPqlHXlHplH1lH6oGxesAYhAYWFYhM5fDB5tKDMeSIF8vR:KPqlHXlHplH1lH6oGQHDYWFYKNB5tKDc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dmenrollengine.dll

Files

dmenrollengine.dll
.dll windows:10 windows x86 arch:x86

5ed71305dc951a9912f716ee66514b19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dmenrollengine.pdb

Imports

msvcp110_win

?_Orphan_all@_Container_base0@std@@QAEXXZ
??0id@locale@std@@QAE@I@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?_BADOFF@std@@3_JB
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG0@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UAEXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ

msvcrt

memcpy
memcmp
_CxxThrowException
memmove
??3@YAXPAX@Z
__CxxFrameHandler3
_vsnwprintf
_except_handler4_common
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
wcstod
wcsstr
swscanf_s
isspace
_wtol
wcsncmp
_itow_s
strncpy_s
_set_errno
strtol
swprintf
strchr
strrchr
sprintf_s
toupper
memset
wcstoul
realloc
wcsnlen
_errno
_vsnwprintf_s
_wtoi
wcschr
wcscpy_s
wcstok_s
free
_wcsdup
ldiv
_wcsicmp
??_V@YAXPAX@Z
_wcsnicmp
memmove_s
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_purecall
memcpy_s

ntdll

RtlIsStateSeparationEnabled
RtlNtStatusToDosError
RtlGetVersion

crypt32

CertComparePublicKeyInfo
CertSetCertificateContextProperty
CryptFindOIDInfo
CertFreeCertificateChain
CertGetCertificateChain
CryptAcquireCertificatePrivateKey
CryptExportPublicKeyInfoEx
CertFindCertificateInStore
CertOpenStore
CertFreeCertificateContext
CertDeleteCertificateFromStore
CertCloseStore
CertGetNameStringW
CryptEncodeObjectEx
CryptExportPublicKeyInfo
CryptSignAndEncodeCertificate
CryptMsgCalculateEncodedLength
CryptMsgOpenToEncode
CryptMsgUpdate
CryptMsgGetParam
CryptMsgClose
PFXImportCertStore
CertEnumCertificatesInStore
PFXExportCertStoreEx
CryptEncodeObject
CertAddCertificateContextToStore
CertGetCertificateContextProperty

oleaut32

VariantInit
VariantClear
SysAllocStringLen
VariantChangeType
SysAllocStringByteLen
SafeArrayCreate
SysStringByteLen
SafeArrayDestroy
SysFreeString
SysAllocString
SysStringLen
SafeArrayLock
SafeArrayGetLBound
SafeArrayUnlock
SafeArrayGetUBound

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls
LoadLibraryExW
GetProcAddress
FreeLibrary
GetModuleFileNameA

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
TerminateThread
CreateProcessW
CreateThread
CreateProcessAsUserW
GetExitCodeProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserDefaultLocaleName

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventProviderEnabled
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalFree

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle
GetHandleInformation

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseMutex
WaitForSingleObjectEx
InitializeCriticalSection
EnterCriticalSection
CreateEventExW
InitializeSRWLock
LeaveCriticalSection
CreateMutexExW
CreateSemaphoreExW
AcquireSRWLockShared
OpenEventW
ReleaseSRWLockShared
ReleaseSRWLockExclusive
CreateEventW
SetEvent
AcquireSRWLockExclusive
OpenSemaphoreW
ResetEvent
ReleaseSemaphore
WaitForSingleObject

api-ms-win-core-com-l1-1-0

IIDFromString
CoCreateGuid
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoWaitForMultipleHandles
CoRevertToSelf
CoCreateInstance

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoUninitialize
RoInitialize
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsCreateString
WindowsCreateStringReference

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetVersionExW
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetComputerNameExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegDeleteTreeW
RegEnumValueW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegCloseKey
RegNotifyChangeKeyValue
RegEnumKeyExW

rpcrt4

RpcBindingFree
UuidCreate
UuidFromStringW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
RoTransformError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-file-l1-1-0

WriteFile
CompareFileTime
CreateFileW
GetFileSize
ReadFile
DeleteFileW
GetFullPathNameW
FindClose
FindNextFileW
RemoveDirectoryW
FindFirstFileW

bcrypt

BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptDestroyHash
BCryptGenRandom
BCryptHashData
BCryptFinishHash
BCryptCreateHash
BCryptOpenAlgorithmProvider

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchAppend
PathCchCombine

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrcmpW

api-ms-win-core-url-l1-1-0

UrlEscapeW

devobj

DevObjDestroyDeviceInfoList
DevObjCreateDeviceInfoList
DevObjGetClassDevs
DevObjEnumDeviceInterfaces
DevObjGetDeviceInterfaceDetail

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

userenv

EnterCriticalPolicySection
LeaveCriticalPolicySection

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AutoEnrollMDM
CleanupExpiredOMADMSessions
DiscoverEndpoint
DiscoverEndpointEx
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
EnableLogging
EnrollEngineInitialize
FindDiscoveryService
FindDiscoveryServiceEx
FreeMmpcDiscoveryResultsData
GetCertificatePolicy
GetDatabaseManagerInstance
GetEnrollmentAadResourceUrl
GetEnrollmentAadSendDeviceToken
GetEnrollmentCertStore
GetEnrollmentClientCertThumbprint
GetEnrollmentClientContext
GetEnrollmentDiscoveryService
GetEnrollmentForceAadToken
GetEnrollmentPartnerOpaqueID
GetEnrollmentSID
GetEnrollmentState
GetEnrollmentType
GetEnrollmentUPN
GetProviderID
MmpcDiscoverEndpoint
OpenEnrollmentsHKEY
SetEnrollmentAadResourceUrl
SetEnrollmentAadSendDeviceToken
SetEnrollmentDormant
SetEnrollmentForceAadToken
SetEnrollmentPartnerOpaqueID
SetEnrollmentUPN
SetProviderID
SwitchAADLinkedEnrollment
SysprepGeneralize
_IsManagementRegistrationAllowed

Sections

.text
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ed71305dc951a9912f716ee66514b19

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp110_win

msvcrt

ntdll

crypt32

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-registry-l1-1-0

rpcrt4

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-file-l1-1-0

bcrypt

api-ms-win-core-file-l1-2-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-url-l1-1-0

devobj

api-ms-win-core-registry-l2-1-0

api-ms-win-stateseparation-helpers-l1-1-0

userenv

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 484KB - Virtual size: 484KB

.data Size: 2KB - Virtual size: 4KB

.idata Size: 14KB - Virtual size: 13KB

.didat Size: 512B - Virtual size: 496B

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 484KB - Virtual size: 484KB

.data
Size: 2KB - Virtual size: 4KB

.idata
Size: 14KB - Virtual size: 13KB

.didat
Size: 512B - Virtual size: 496B

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 22KB - Virtual size: 22KB