devmgr[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

devmgr.dll
Size

401KB
MD5

f5f9cb23edbf2c77aae5a2a2fc4fc333
SHA1

973cb2bf8319fdb84ccdde7ae788074c5aaf35c6
SHA256

13eeff0afea3b4db10521da237902e2322948d42920da85e7b7bc95285cc75c1
SHA512

e16b15910bae53dd59f9e41e7801c788d7aa035dcf99a9d215839fc34816b44f19e8f1a04e3ab003a81c2d611fab8c5cf1f01e25586141ca61cef8cbae81d197
SSDEEP

6144:/PSqXYzfOniAHsLAXlLewNmMxDqecS6Y92PRhIKaEOMWWkmGUsKpzRcVGlQ:/YzfOn9oaqwNtDqnS6jPgKaEKUBC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
devmgr.dll

Files

devmgr.dll
.dll regsvr32 windows:6 windows x86 arch:x86

4631f6d491f1096ea78cb1bacd27da17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

devmgr.pdb

Imports

msvcrt

__CxxFrameHandler3
_vscwprintf
vswprintf_s
??_U@YAPAXI@Z
memset
??2@YAPAXI@Z
??_V@YAXPAX@Z
memmove_s
malloc
_vsnwprintf
_wcsicmp
wcsrchr
toupper
_vsnprintf
_purecall
_CxxThrowException
memcpy_s
wcschr
free
memmove
memcpy
iswspace
wcsstr
_wcslwr
_ftol2
_resetstkoflw
_XcptFilter
??3@YAXPAX@Z
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_except_handler4_common
??1type_info@@UAE@XZ
_amsg_exit
_initterm

kernel32

GetCommandLineA
MoveFileExW
FindFirstFileW
LCMapStringW
SetFileAttributesW
FindNextFileW
LoadLibraryA
GetModuleHandleA
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
SizeofResource
LockResource
LoadResource
FindResourceW
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
lstrlenW
GetCommandLineW
lstrcmpiW
DisableThreadLibraryCalls
InterlockedDecrement
FreeResource
InterlockedIncrement
MultiByteToWideChar
CloseHandle
CreateProcessW
GetSystemWindowsDirectoryW
CompareStringOrdinal
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
FormatMessageW
FreeLibrary
WideCharToMultiByte
LocalFree
RegQueryValueExW
GetComputerNameW
OpenEventW
GetDateFormatW
FileTimeToSystemTime
SetEndOfFile
EnterCriticalSection
LeaveCriticalSection
CreateThread
DeleteCriticalSection
Sleep
lstrcmpW
GetEnvironmentVariableW
MapViewOfFile
InitializeCriticalSection
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
IsProcessorFeaturePresent
GetSystemDirectoryW
SearchPathW
WaitForSingleObject
GetTimeFormatEx
GetDateFormatEx
FileTimeToLocalFileTime
LocalAlloc
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
GetVersionExA
InterlockedExchange
lstrlenA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
SetEvent
GetModuleFileNameA
GetCurrentThread
DeviceIoControl
CreateFileW
FlushFileBuffers
SetFilePointer
CreateFileMappingW
GetComputerNameExW
UnmapViewOfFile
CreateDirectoryW
LoadLibraryExW
ExpandEnvironmentStringsA
RegQueryValueExA
RegOpenKeyExA
FindResourceExW
WriteFile
WaitForSingleObjectEx
GetVersionExW
GetLocalTime
GetFileSize
DeleteFileW
GetFileInformationByHandle
CreateHardLinkW
FindClose

user32

InvalidateRect
MsgWaitForMultipleObjects
FindWindowExW
SetForegroundWindow
SetCursor
LoadCursorW
GetSystemMetrics
CharUpperW
IsWindow
RegisterClassW
CreateDialogParamW
PeekMessageW
DispatchMessageW
TranslateMessage
IsDialogMessageW
UnregisterClassA
GetMessagePos
ScreenToClient
GetClientRect
SetWindowPos
BeginDeferWindowPos
GetWindowRect
MapWindowPoints
DeferWindowPos
EndDeferWindowPos
CreatePopupMenu
DialogBoxParamW
GetCursorPos
TrackPopupMenu
DestroyMenu
GetKeyState
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetProcessDPIAware
GetDC
ReleaseDC
GetSysColor
EndDialog
GetForegroundWindow
CallWindowProcW
GetWindowTextW
GetWindowTextLengthW
CheckDlgButton
RegisterClipboardFormatW
GetClassInfoW
RegisterWindowMessageW
SetTimer
KillTimer
DefWindowProcW
SendMessageW
SetDlgItemTextW
SendDlgItemMessageW
DestroyIcon
GetParent
PostMessageW
IsDlgButtonChecked
CreateWindowExW
GetWindowLongW
LoadBitmapW
IsWindowEnabled
GetFocus
SetFocus
ShowWindow
AppendMenuW
EnableWindow
SetWindowLongW
GetDlgItem
LoadImageW
LoadIconW
LoadStringW
MessageBoxW
DestroyWindow

ole32

CoInitialize
CoUninitialize
CoCreateInstance
ReleaseStgMedium
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree

advapi32

EqualSid
IsValidSid
GetLengthSid
CopySid
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
WmiCloseBlock
WmiQuerySingleInstanceW
WmiOpenBlock
WmiDevInstToInstanceNameW
WmiSetSingleInstanceW
RegConnectRegistryW
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
InitiateSystemShutdownExW

gdi32

DeleteObject
GetDeviceCaps

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
pSetupIsBiDiLocalizedSystemEx
SetupDiGetClassDescriptionW
SetupDiGetClassPropertyKeysExW
SetupDiGetDevicePropertyKeys
SetupUninstallOEMInfW
SetupDiCreateDeviceInfoList
pSetupDiBuildInfoDataFromStrongName
SetupGetThreadLogToken
SetupSetThreadLogToken
SetupOpenFileQueue
SetupScanFileQueueW
SetupCloseFileQueue
SetupQueueCopyW
SetupDiSetSelectedDriverW
SetupDiDestroyDriverInfoList
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
pSetupInfGetDigitalSignatureInfo
SetupVerifyInfFileW
CM_Get_Device_ID_ExW
SetupDiGetClassImageListExW
SetupDiGetClassDevsExW
SetupDiDestroyClassImageList
SetupDiSetDeviceInstallParamsW
SetupDiEnumDeviceInfo
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInfoListDetailW
CM_Free_Log_Conf_Handle
CM_Free_Res_Des_Handle
CM_Get_Next_Res_Des_Ex
CM_Get_Res_Des_Data_Ex
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Hardware_Profile_Info_ExW
CM_Get_HW_Prof_Flags_ExW
CM_Reenumerate_DevNode_Ex
CM_Get_First_Log_Conf_Ex
CM_Get_DevNode_Status_Ex
CM_Locate_DevNode_ExW
CM_Get_Sibling_Ex
CM_Get_Child_Ex
SetupDiDestroyDeviceInfoList
pSetupInfIsInbox
SetupDiGetClassPropertyExW
SetupDiCreateDeviceInfoListExW
SetupDiBuildClassInfoListExW
SetupDiGetClassDevPropertySheetsW
SetupDiGetClassImageIndex
SetupDiLoadClassIcon
SetupDiLoadDeviceIcon
SetupDiGetDeviceInstallParamsW
SetupDiGetDevicePropertyW
CM_Connect_MachineW
CM_Open_Class_Key_ExW
CM_Disconnect_Machine
CM_Open_DevNode_Key_Ex
CM_Get_DevNode_Registry_Property_ExW
CM_Get_Parent_Ex
pSetupStringFromGuid
SetupDiSetClassInstallParamsW
SetupDiGetClassInstallParamsW
SetupDiCallClassInstaller

newdev

DiShowUpdateDevice
DiRollbackDriver

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shell32

ord730
ord245
ShellExecuteExW
SHGetStockIconInfo
ShellExecuteW

shlwapi

StrRChrW
StrToIntW

uxtheme

SetWindowTheme

ntdll

RtlUnicodeToMultiByteN
RtlUnicodeToMultiByteSize
NtSetInformationFile
NtQueryInformationFile
RtlMultiByteToUnicodeN
NtQuerySystemInformation
RtlMultiByteToUnicodeSize
RtlNtStatusToDosError

Exports

Exports

DeviceAdvancedPropertiesA
DeviceAdvancedPropertiesW
DeviceCreateHardwarePage
DeviceCreateHardwarePageCustom
DeviceCreateHardwarePageEx
DeviceManager_ExecuteA
DeviceManager_ExecuteW
DeviceProblemTextA
DeviceProblemTextW
DeviceProblemWizardA
DeviceProblemWizardW
DeviceProblenWizard_RunDLLA
DeviceProblenWizard_RunDLLW
DevicePropertiesA
DevicePropertiesExA
DevicePropertiesExW
DevicePropertiesW
DeviceProperties_RunDLLA
DeviceProperties_RunDLLW
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4631f6d491f1096ea78cb1bacd27da17

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

ole32

advapi32

gdi32

setupapi

newdev

version

shell32

shlwapi

uxtheme

ntdll

Exports

Exports

Sections

.text Size: 181KB - Virtual size: 181KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 206KB - Virtual size: 206KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 181KB - Virtual size: 181KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 206KB - Virtual size: 206KB

.reloc
Size: 9KB - Virtual size: 9KB