directmanipulation[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

directmanipulation.dll
Size

524KB
MD5

5ce86a3d71cb8746e4e4eb7dfc397a64
SHA1

0fcb9db39bd3e1f9de7be89bfd5553ea0c323a1b
SHA256

92ad569f2c97a56dfc4552b5ce14d091527e6ffec2e7d5aa3f03ce99e829aefe
SHA512

aed4507f85c33332df47788ab1f8dbbf654b9d3e9dc33e5b03adb8128d22b9c6c379f00c2f1ad45a965b09b776dcdbf96abc90f5177488f0efd1ba87606e4d7a
SSDEEP

6144:JcySg+8M38jFz3Jfb1PX4ePYKwWgm8E6sxWY2keXKSaXFs6Hwlfa83TVwqVAVBxc:JcvIJb1HOmp1WxvCVjJYOXfugzKANz

Score

1^/10

Malware Config

Signatures

Files

directmanipulation.dll
.dll windows:10 windows x86 arch:x86

db627c3756d557f1c79ee4be12fd0a33

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:47:17:4a:ff:4b:3e:88:d3:80:be:54:57:2d:2a:42:f5:93:ca:1c:36:e1:a1:e7:cf:f0:de:a0:38:53:c2:c7
Signer

Actual PE Digest

5b:47:17:4a:ff:4b:3e:88:d3:80:be:54:57:2d:2a:42:f5:93:ca:1c:36:e1:a1:e7:cf:f0:de:a0:38:53:c2:c7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

directmanipulation.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__CIcos
_o__CIcosh
_o__CIlog
_o__CIpow
_o__CIsin
_o__CIsqrt
_o__CItanh
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wcsicmp
_o__wsplitpath_s
_o_floor
_o_free
_o_malloc
_o_memcpy_s
_o_qsort_s
_except_handler4_common
_o___stdio_common_vswprintf
_o__cexit
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memmove_s
memset

ntdll

EtwEventUnregister
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
EtwEventRegister
EtwEventSetInformation
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
NtQueryInformationProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

SetEvent
InitializeCriticalSectionAndSpinCount
ResetEvent
OpenEventW
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSection
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
AcquireSRWLockExclusive
CreateEventW
WaitForMultipleObjectsEx

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
HeapCreate
HeapDestroy

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TlsFree
ResumeThread
SetThreadPriority
GetCurrentProcessId
GetCurrentThreadId
TlsSetValue
TerminateProcess
CreateThread
TlsAlloc
TlsGetValue

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringRawBuffer

api-ms-win-rtcore-ntuser-private-l1-1-4

ord2587

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-crt-math-l1-1-0

_copysign

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

api-ms-win-rtcore-ntuser-window-l1-1-0

KillTimer
DestroyWindow
IsChild
ClientToScreen
GetAncestor
IsWindowEnabled
CallWindowProcW
SendMessageCallbackW
PostQuitMessage
IsGUIThread
CreateWindowExW
PostMessageW
GetQueueStatus
GetMessageTime
PeekMessageW
TranslateMessage
IsWindow
SetWindowLongW
GetWindowThreadProcessId
GetClientRect
RegisterClassW
SetTimer
DispatchMessageW
DefWindowProcW
PostThreadMessageW

api-ms-win-rtcore-ntuser-private-l1-1-1

ord2504
ord2516
ord2503
ord2505

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjects

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-rtcore-ntuser-private-l1-1-9

ord2551
GetPointerDeviceOrientation

api-ms-win-ntuser-rectangle-l1-1-0

CopyRect
IsRectEmpty

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
InitializeDManipHook

Sections

.text
Size: 448KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db627c3756d557f1c79ee4be12fd0a33

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

5b:47:17:4a:ff:4b:3e:88:d3:80:be:54:57:2d:2a:42:f5:93:ca:1c:36:e1:a1:e7:cf:f0:de:a0:38:53:c2:c7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-rtcore-ntuser-private-l1-1-4

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-rtcore-ntuser-private-l1-1-1

api-ms-win-rtcore-ntuser-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-3

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-rtcore-ntuser-private-l1-1-9

api-ms-win-ntuser-rectangle-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 448KB - Virtual size: 448KB

.data Size: 512B - Virtual size: 7KB

.idata Size: 7KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 188B

.rsrc Size: 29KB - Virtual size: 28KB

.reloc Size: 24KB - Virtual size: 24KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

5b:47:17:4a:ff:4b:3e:88:d3:80:be:54:57:2d:2a:42:f5:93:ca:1c:36:e1:a1:e7:cf:f0:de:a0:38:53:c2:c7
Signer

.text
Size: 448KB - Virtual size: 448KB

.data
Size: 512B - Virtual size: 7KB

.idata
Size: 7KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 188B

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 24KB - Virtual size: 24KB