cdprt[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cdprt.dll
Size

1.3MB
MD5

59184191fb7ca0e5fc7eb8809cfe0f83
SHA1

084ced9a3411647850394d23e5389a315680d78d
SHA256

ee900129965318e67ed84e3dbec305d9b39da67071cfa9af5d185f5d51880af2
SHA512

98633130453122d3dfc4eabfa7a78a794e953048319d39c981d56785e66a335ee9a226f501755245be6626da8cd790aca45e0b6d537c44a2a48c2db429fa1abc
SSDEEP

24576:P66UPg1tKTg/l8JO+2HzLOxLuqxYttuItLWVtucdyOe1mQ3NLca5oXmctjxeWmMI:PyPg1tKTg/l8JL2HzLcSeoQtLdyh1mQb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cdprt.dll

Files

cdprt.dll
.dll windows:10 windows x86 arch:x86

2f95b78da757a631a1a56c9008837606

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cdprt.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__ui64tow_s
_o__wcsicmp
_o__wcstoui64
memmove
_o_atoi
_o_ceil
_o_free
_o_malloc
_o_modf
_o_realloc
_o_strcpy_s
_o_strncpy_s
_o_strtol
_o_terminate
_o_toupper
strstr
_except_handler4_common
_o__beginthreadex
_o__dtest
_CxxThrowException
wcsrchr
wcschr
__std_type_info_compare
strchr
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__crt_atexit
_o___std_exception_copy
_o__configure_narrow_argv
_o__execute_onexit_table
_o__errno
__std_terminate
_o__cexit
__CxxFrameHandler3
memcmp
_o__callnewh
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsspn

cdp

CDPCreateAppRegistrationManager
CDPCreateUuid
CDPCreateTelemetryTask
CDPCreateAppRegistrationManagerForUser
CDPCreateActivityStoreReader
CDPCreateDeviceQuery
CDPGetSystemAppId
CDPCreateAppControlClient
CDPGetLogger
CDPCreateResourceCollection
CDPShutdown
CDPCreateBinaryHost
CDPCreateAppId
CDPCreateBinaryClient
CDPCreateBinaryHostInternal
CDPCreateCrossPlatformAppId
CDPCreateActivityStoreInfoInternal
CDPGetActivityStoreForStoreInfoAndUser
CDPGetActivityStore
CDPGetActivityStoreForAccount
CDPGetActivityStoreForStoreInfo
CDPGetActivityStoreForUser
CDPGetUserActivitySettings
CDPAccountFromWebAccount
CDPCreateActivity
CDPCreateDedupedDeviceQueryParameters
CDPCreateDedupedDeviceQueryForUser
CDPCreateDedupedDevice
CDPInitialize
CDPCreateAccountInternalWithStableUserId
CDPCreateAllDevicesQuery

windows.storage

SHCreateItemFromParsingName

kernelbase

GetSystemAppDataKey
LocalAlloc
GetPackageFullName
Sleep
GetPackageFamilyName
GetCurrentPackageFamilyName
GetCurrentPackageFullName
GetApplicationUserModelIdFromToken
CouldMultiUserAppsBehaviorBePossibleForPackage
GetPackageFullNameFromToken
OpenStateExplicit
CloseState

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadStringW
GetModuleFileNameA
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

CreateEventExW
WaitForMultipleObjectsEx
CreateSemaphoreExW
InitializeSRWLock
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
SetEvent
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
RaiseException
GetLastError
UnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsDuplicateString
WindowsGetStringLen

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentProcessId
GetProcessId
OpenThreadToken
GetProcessTimes
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentThread

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoTransformError
RoOriginateErrorW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoMarshalInterface
CoTaskMemRealloc
CoCreateGuid
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoWaitForMultipleHandles
CoGetCallContext
StringFromGUID2
CreateStreamOnHGlobal

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventSetInformation
EventProviderEnabled
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-security-base-l1-1-0

GetTokenInformation

ws2_32

FreeAddrInfoW
GetAddrInfoW
inet_ntoa
WSAGetLastError

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse
SHTaskPoolGetUniqueContext

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegGetValueA
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegGetValueW

ntdll

NtQueryInformationToken
RtlInitUnicodeString
RtlFreeHeap
RtlQueryPackageClaims
RtlPublishWnfStateData
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlGetDeviceFamilyInfoEnum

rpcrt4

I_RpcBindingInqLocalClientPID

api-ms-win-rtcore-ntuser-window-l1-1-0

GetActiveWindow

api-ms-win-core-kernel32-legacy-l1-1-1

PowerCreateRequest
PowerSetRequest

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-security-capability-l1-1-0

RpcClientCapabilityCheck
CapabilityCheck

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

combase

ord90
ord157

msvcp_win

?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??1?$codecvt@GDU_Mbstatet@@@std@@MAE@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@I@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBG1AAPBGPAD3AAPAD@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?uncaught_exception@std@@YA_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?__ExceptionPtrToBool@@YA_NPBX@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
_Cnd_destroy_in_situ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
_Thrd_detach
?in@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAG3AAPAG@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?setf@ios_base@std@@QAEHHH@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Cnd_signal
_Mtx_current_owns
_Thrd_yield
_Query_perf_frequency
_Cnd_timedwait
_Query_perf_counter
_Xtime_get_ticks
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?_Syserror_map@std@@YAPBDH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Throw_C_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
_Cnd_init_in_situ
?__ExceptionPtrCreate@@YAXPAX@Z
_Cnd_unregister_at_thread_exit
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?_Xlength_error@std@@YAXPBD@Z
_Cnd_broadcast
_Mtx_unlock
_Cnd_wait
_Cnd_register_at_thread_exit
_Mtx_lock
_Mtx_init_in_situ
?__ExceptionPtrDestroy@@YAXPAX@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setf@ios_base@std@@QAEHH@Z
??7ios_base@std@@QBE_NXZ
_Mtx_destroy_in_situ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f95b78da757a631a1a56c9008837606

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

cdp

windows.storage

kernelbase

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-base-l1-1-0

ws2_32

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-registry-l1-1-0

ntdll

rpcrt4

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-synch-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-winrt-robuffer-l1-1-0

api-ms-win-security-capability-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-psapi-l1-1-0

combase

msvcp_win

api-ms-win-crt-time-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.data Size: 3KB - Virtual size: 25KB

.idata Size: 16KB - Virtual size: 15KB

.didat Size: 512B - Virtual size: 60B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 82KB - Virtual size: 81KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 3KB - Virtual size: 25KB

.idata
Size: 16KB - Virtual size: 15KB

.didat
Size: 512B - Virtual size: 60B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 82KB - Virtual size: 81KB