cdprt[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cdprt.dll
Size

1.3MB
MD5

fb45f8116b668b47490d5d682f2e7d30
SHA1

965f76116a0b46e778400fe225fb797700685f7e
SHA256

bb144dc2759b548043a3b567fdd4a6aa0c2b74dc02e38660b084e4dd18f72595
SHA512

7d3ba817236e67a67a6f2fd675051f9b5cf8201650cd521cadc467a9c9a7f1863c981c430cc57dd5e2647853590f4c6489503c2ddad74325e0ead846a6c88fb5
SSDEEP

24576:zHAm76pdqmdGpSDbSc/DkCXh7oMDh2BbO6SZv137G+YQXtgwN3c4lE0BjJlRmQ0f:cm76pdqmdG0h7oMDh2theGJotgwNM4l4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cdprt.dll

Files

cdprt.dll
.dll windows:10 windows x86 arch:x86

12eb47d26b5ea2fa60492327d45cb7b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cdprt.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__ui64tow_s
_o__wcsicmp
_o__wcstoui64
memmove
_o_atoi
_o_ceil
_o_free
_o_malloc
_o_modf
_o_realloc
_o_strcpy_s
_o_strncpy_s
_o_strtol
_o_terminate
_o_toupper
strstr
_except_handler4_common
_o__beginthreadex
_o__dtest
_CxxThrowException
wcsrchr
wcschr
__std_type_info_compare
strchr
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__crt_atexit
_o___std_exception_copy
_o__configure_narrow_argv
_o__execute_onexit_table
_o__errno
__std_terminate
_o__cexit
__CxxFrameHandler3
memcmp
_o__callnewh
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsspn

cdp

CDPCreateAccountInternalWithStableUserId
CDPCreateAppRegistrationManager
CDPCreateUuid
CDPCreateTelemetryTask
CDPCreateAppRegistrationManagerForUser
CDPCreateActivityStoreReader
CDPCreateDeviceQuery
CDPGetSystemAppId
CDPCreateAppControlClient
CDPGetLogger
CDPCreateResourceCollection
CDPShutdown
CDPCreateBinaryHost
CDPCreateAppId
CDPCreateBinaryClient
CDPCreateBinaryHostInternal
CDPCreateCrossPlatformAppId
CDPCreateActivityStoreInfoInternal
CDPGetActivityStoreForStoreInfoAndUser
CDPGetActivityStore
CDPGetActivityStoreForAccount
CDPGetActivityStoreForStoreInfo
CDPGetActivityStoreForUser
CDPGetUserActivitySettings
CDPAccountFromWebAccount
CDPCreateActivity
CDPCreateDedupedDeviceQueryParameters
CDPCreateDedupedDeviceQueryForUser
CDPCreateDedupedDevice
CDPInitialize
CDPCreateAllDevicesQuery

windows.storage

SHCreateItemFromParsingName

kernelbase

GetPackageFullName
LocalAlloc
Sleep
GetPackageFamilyName
GetCurrentPackageFamilyName
GetCurrentPackageFullName
GetApplicationUserModelIdFromToken
CouldMultiUserAppsBehaviorBePossibleForPackage
GetPackageFullNameFromToken
GetSystemAppDataKey
OpenStateExplicit
CloseState

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadStringW
GetModuleFileNameA
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

CreateEventExW
InitializeSRWLock
WaitForMultipleObjectsEx
InitializeCriticalSectionAndSpinCount
CreateEventW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
SetEvent
ReleaseSemaphore
EnterCriticalSection
ResetEvent

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateString
WindowsDuplicateString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsGetStringLen

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister
EventActivityIdControl

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetProcessId
OpenThreadToken
GetCurrentProcess
GetCurrentProcessId
GetProcessTimes
GetCurrentThreadId
OpenProcessToken
GetCurrentThread

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoOriginateError
RoTransformError
RoOriginateErrorW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CoMarshalInterface
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateGuid
CoCreateInstance
CoWaitForMultipleHandles
CoGetCallContext
StringFromGUID2
CoReleaseMarshalData
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream

api-ms-win-security-base-l1-1-0

GetTokenInformation

ws2_32

FreeAddrInfoW
inet_ntoa
GetAddrInfoW
WSAGetLastError

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse
SHTaskPoolGetUniqueContext

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-registry-l1-1-0

RegGetValueA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegGetValueW

ntdll

NtQueryInformationToken
RtlInitUnicodeString
RtlFreeHeap
RtlQueryPackageClaims
RtlPublishWnfStateData
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlGetDeviceFamilyInfoEnum

rpcrt4

I_RpcBindingInqLocalClientPID

api-ms-win-rtcore-ntuser-window-l1-1-0

GetActiveWindow

api-ms-win-core-kernel32-legacy-l1-1-1

PowerSetRequest
PowerCreateRequest

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-security-capability-l1-1-0

RpcClientCapabilityCheck
CapabilityCheck

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

combase

ord90
ord157

msvcp_win

?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??1?$codecvt@GDU_Mbstatet@@@std@@MAE@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@I@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBG1AAPBGPAD3AAPAD@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?uncaught_exception@std@@YA_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?__ExceptionPtrToBool@@YA_NPBX@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
_Cnd_destroy_in_situ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
_Thrd_detach
?in@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAG3AAPAG@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?setf@ios_base@std@@QAEHHH@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Cnd_signal
_Mtx_current_owns
_Thrd_yield
_Query_perf_frequency
_Cnd_timedwait
_Query_perf_counter
_Xtime_get_ticks
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?_Syserror_map@std@@YAPBDH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Throw_C_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
_Cnd_init_in_situ
?__ExceptionPtrCreate@@YAXPAX@Z
_Cnd_unregister_at_thread_exit
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?_Xlength_error@std@@YAXPBD@Z
_Cnd_broadcast
_Mtx_unlock
_Cnd_wait
_Cnd_register_at_thread_exit
_Mtx_lock
_Mtx_init_in_situ
?__ExceptionPtrDestroy@@YAXPAX@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setf@ios_base@std@@QAEHH@Z
??7ios_base@std@@QBE_NXZ
_Mtx_destroy_in_situ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12eb47d26b5ea2fa60492327d45cb7b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

cdp

windows.storage

kernelbase

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-security-base-l1-1-0

ws2_32

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-registry-l1-1-0

ntdll

rpcrt4

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-synch-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-winrt-robuffer-l1-1-0

api-ms-win-security-capability-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-psapi-l1-1-0

combase

msvcp_win

api-ms-win-crt-time-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.data Size: 3KB - Virtual size: 25KB

.idata Size: 16KB - Virtual size: 15KB

.didat Size: 512B - Virtual size: 60B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 82KB - Virtual size: 82KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 3KB - Virtual size: 25KB

.idata
Size: 16KB - Virtual size: 15KB

.didat
Size: 512B - Virtual size: 60B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 82KB - Virtual size: 82KB