dmcmnutils[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

dmcmnutils.dll
Size

160KB
MD5

c544d77ef857250f75a9d1448c7702ce
SHA1

18aab0854632b69a1c563ebc46101ef3defa5e6e
SHA256

9f5cbdf4ad4bab1c99f620ff3495c7fdf1ac2904562c8098cfdade28be857874
SHA512

aa040ac6afdb79c3842538ab5e86c2002f371e80c2c9fef72edf78e5f4fa21dfdb83c8bb551c2775eef8efe7334d2a91ea55bfccb5d10e0a49942378466e69c1
SSDEEP

3072:dob0UJRdnCjfj1t40PwSeoyQs/z2yt+NuPDISZ1vsfCUlkSCjOkcYIoLb:dobwDjriao+NuP0dfJGSkcYIc

Score

1^/10

Malware Config

Signatures

Files

dmcmnutils.dll
.dll windows:10 windows x86 arch:x86

414f957e325af8e6da3e7947750508f7

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:27:40:8d:1c:38:94:c2:9d:a4:a0:9e:46:1d:7e:95:e6:15:1e:84:56:61:ae:7f:ef:f2:04:65:1e:19:7e:d7
Signer

Actual PE Digest

35:27:40:8d:1c:38:94:c2:9d:a4:a0:9e:46:1d:7e:95:e6:15:1e:84:56:61:ae:7f:ef:f2:04:65:1e:19:7e:d7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dmcmnutils.pdb

Imports

msvcrt

memcpy
_CxxThrowException
__dllonexit
_onexit
memmove
memcmp
memchr
_XcptFilter
_unlock
??3@YAXPAX@Z
??_V@YAXPAX@Z
memcpy_s
__CxxFrameHandler3
_vsnwprintf
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_vsnprintf_s
sprintf_s
wcsnlen
_wsplitpath_s
wcscat_s
_purecall
_wcsnicmp
iswspace
wcschr
wcsstr
_wcsicmp
iswdigit
wcstoul
toupper
_wtoi64
swprintf_s
memmove_s
_callnewh
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler4_common
_initterm
malloc
free
_amsg_exit
_lock
memset

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
DisableThreadLibraryCalls
LoadLibraryExW
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
FreeLibrary
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

WaitOnAddress
Sleep
WakeAllConditionVariable
SleepConditionVariableSRW
WakeByAddressAll

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
OpenThreadToken
CreateThread
TerminateProcess
GetCurrentThread
ProcessIdToSessionId
GetCurrentProcessId
OpenProcessToken

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoTaskMemFree
CoUninitialize
PropVariantClear
StringFromGUID2
CoWaitForMultipleHandles
StringFromCLSID
CoTaskMemAlloc
CoCreateInstance
CoRevertToSelf

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
OpenSemaphoreW
WaitForSingleObject
SetEvent
AcquireSRWLockExclusive
ReleaseSRWLockShared
CreateEventW
AcquireSRWLockShared
ReleaseSemaphore
InitializeCriticalSectionEx
LeaveCriticalSection
CreateSemaphoreExW
ReleaseMutex
EnterCriticalSection
ReleaseSRWLockExclusive
WaitForSingleObjectEx
CreateEventExW
CreateMutexExW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-localization-l1-2-0

FormatMessageW
IsDBCSLeadByte

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

crypt32

CryptEncodeObjectEx
CryptSignMessage

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegGetValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegOpenCurrentUser
RegEnumKeyExW
RegQueryValueExW
RegEnumValueW

ntdll

RtlQueryWnfStateData
RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlAllocateHeap
NtSetInformationToken
RtlNtStatusToDosError
RtlFreeHeap
NtQuerySecurityAttributesToken
RtlCompareMemory
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlGetVersion
RtlIsStateSeparationEnabled
RtlInitUnicodeString

rpcrt4

UuidCreate

api-ms-win-core-file-l1-1-0

GetFileAttributesExW
DeleteFileW
GetFileAttributesW
CreateDirectoryW
FindFirstFileW
CompareFileTime
GetFinalPathNameByHandleW
FindClose
FindNextFileW
CreateFileW
GetFileInformationByHandle

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindNextComponentW
PathFindFileNameW

api-ms-win-core-path-l1-1-0

PathCchRemoveExtension
PathCchCombine
PathCchRenameExtension
PathAllocCombine

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyHash
CryptHashData
CryptDuplicateHash
CryptGetHashParam
CryptCreateHash

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

oleaut32

SysAllocString
VariantInit
SysFreeString
VariantClear

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateString
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-security-base-l1-1-0

FreeSid
GetTokenInformation
RevertToSelf
EqualSid
AllocateAndInitializeSid
CopySid
CheckTokenMembership
GetLengthSid
ImpersonateLoggedOnUser

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

msvcp110_win

?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
?_Xlength_error@std@@YAXPBD@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BigStrcat
BinaryToHexString
ComputeHmac
CopyString
CreateBstrArray
DMGetClientHardwareUID
DMGetDeviceClientID
DMSetDeviceClientID
DecodeBase64W
DmCancelGetUserPermissionAsync
DmCheckIfAadAccountLoggedOn
DmCopyDirectoryRecursive
DmCreateFileSafe
DmCreateTask
DmDeleteTask
DmDisableTask
DmEnableTask
DmEnumUsers
DmGetAadDeviceMdmEnrollmentResourceUrlWithDiscovery
DmGetAadDeviceToken
DmGetAadDeviceTokenWithDiscovery
DmGetAadUserToken
DmGetActiveUserSid
DmGetCurrentUserSid
DmGetCurrentUserToken
DmGetFileSize
DmGetIMEI
DmGetSmbiosSerialNumber
DmGetUserEditFieldInput
DmGetUserPermission
DmGetUserPermissionAsync
DmGetUserSidFromToken
DmGetUserTokenFromSid
DmImpersonate
DmInformUser
DmInitializeContainer
DmInvalidateAadDeviceToken
DmInvalidateAadUserToken
DmIsDeviceConnected
DmIsDeviceRoaming
DmIsRunningInSystemContext
DmIsSystemOrAdmin
DmIsSystemOrUserIsAdmin
DmIsTaskScheduled
DmIsTaskScheduledAndEnabled
DmMdmSign
DmPlayNotificationSound
DmRaiseToastNotification
DmRaiseToastNotificationAndWait
DmRegisterRoamingNotification
DmReleaseContainer
DmRemoveToastNotification
DmRemoveToastNotificationByExecutablePath
DmRequestAadUserToken
DmRevertToSelf
DmRunTask
DmStartContainerActivity
DmStopContainerActivity
DmUnregisterRoamingNotification
DmWnfGetNotification
DmWnfPublish
DmWnfQuery
EncodeBase64
EncodeBase64W
EscapeStringW
GetHeader
GetICCID
GetIMEI
GetIMSI
GetIMSIByIccID
GetPGListRegKeyName
GetPhoneNumber
GetPhoneUID
Hash_Create
Hash_Delete
Hash_Destroy
Hash_DestroyCallback
Hash_EnumCallback
Hash_Get
Hash_Insert
Hash_SetBucketThreshold
HexStringToBinary
InvStrCmpIW
InvStrCmpNIW
InvStrCmpNW
InvStrCmpW
IsPhoneOS
MBToUnicode
OmDmRegistryAllocAndGetString
OmaDmRegistryDeleteValue
OmaDmRegistryGetAllSubKeys
OmaDmRegistryGetAllValues
OmaDmRegistryGetBinary
OmaDmRegistryGetDWORD
OmaDmRegistryGetString
OmaDmRegistryRetrieveCurrentUsersHKCU
OmaDmRegistrySetBinary
OmaDmRegistrySetDWORD
OmaDmRegistrySetString
QueryPolicy
SafeMultiByteToWideChar
SafeStringToDword
SafeWideCharToMultiByte
SetConnectionPriority
SetPolicy
UnicodeToMB

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

414f957e325af8e6da3e7947750508f7

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

35:27:40:8d:1c:38:94:c2:9d:a4:a0:9e:46:1d:7e:95:e6:15:1e:84:56:61:ae:7f:ef:f2:04:65:1e:19:7e:d7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

crypt32

api-ms-win-core-registry-l1-1-0

ntdll

rpcrt4

api-ms-win-core-file-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-security-cryptoapi-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-registry-l1-1-1

oleaut32

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-security-lsalookup-l1-1-2

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-apiquery-l1-1-0

msvcp110_win

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 127KB

.data Size: 1KB - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 196B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 7KB - Virtual size: 7KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

35:27:40:8d:1c:38:94:c2:9d:a4:a0:9e:46:1d:7e:95:e6:15:1e:84:56:61:ae:7f:ef:f2:04:65:1e:19:7e:d7
Signer

.text
Size: 128KB - Virtual size: 127KB

.data
Size: 1KB - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 196B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 7KB - Virtual size: 7KB