cmifw[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cmifw.dll
Size

67KB
MD5

24360655dced036dce54e9720d91133f
SHA1

da1939beba636a8fa77bfbcba2401c70ace64bde
SHA256

915782ec483d61961141c0bb3aa65de1697b0d7851ea648e92906168ac77a648
SHA512

2eeac74a38904195a6d98c47bb43b7c28038e84cbc55e3e6e5ad02ea0aac71db10a77e936b0187778afdfabc9f424989be608949f41e98ddffe3432f105169ac
SSDEEP

768:fnnN2lQp1w5Go/1HH85G51L8znNVSmBuLaozZ+KiYYi6bnH88Pxfrx91uHodtD2P:/Nv1wf28KnN8lLXzZ+qaH8691Ndt0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cmifw.dll

Files

cmifw.dll
.dll windows:6 windows x86 arch:x86

033b49d5277e9ccb9cc9e85c9738c438

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cmifw.pdb

Imports

msvcrt

_errno
realloc
malloc
__dllonexit
memcpy_s
wcsncpy_s
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_lock
_onexit
_purecall
_unlock
_except_handler4_common
_amsg_exit
_initterm
??3@YAXPAX@Z
memmove
_wcsicmp
??1type_info@@UAE@XZ
_XcptFilter
free
__CxxFrameHandler3
_vsnprintf
wcsstr
_wtol
wcstok
wcstol
_vsnwprintf
iswspace
memcpy
??2@YAPAXI@Z
memset
_CxxThrowException

ntdll

EtwTraceMessage
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW

kernel32

RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpW
ExpandEnvironmentStringsW
CompareStringW
LocalAlloc
LocalFree
SetLastError
GetVersionExA
InterlockedExchange
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OutputDebugStringA

user32

UnregisterClassA
CharNextW

advapi32

StartServiceW
ControlService
QueryServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
TraceMessage
RegDeleteValueW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance

oleaut32

LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysFreeString

firewallapi

FWSetFirewallRule
FWDeleteFirewallRule
FWEnumFirewallRules
FWFreeFirewallRules
FWClosePolicyStore
FwClosePolicyStore
FwAlloc
FwFree
FwFreeRules
FwEnumRules
FwDeleteRule
FwAddRule
FwSetRule
FwOpenPolicyStore
FWOpenPolicyStore
FWGetGlobalConfig
FWAddFirewallRule

shlwapi

ord487

Exports

Exports

DllCanUnloadNow
DllGetClassObject
EnableGroupW
unattendW

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

033b49d5277e9ccb9cc9e85c9738c438

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

advapi32

ole32

oleaut32

firewallapi

shlwapi

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 1024B - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB