fdPnp[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fdPnp.dll
Size

41KB
MD5

f34cfada6c48daa41b996d24c7d8d3ca
SHA1

60ebdf794e0c4765b7b1c80ba1d7d4cccc4ba6c3
SHA256

d294decc607a6ed7264bec41fda3bf12d3f2b3fafaf55f0c5f2235a9066c97ec
SHA512

112cf62ae2c25e4d3fa3b55ba0a6c1233fee058b091da2e02b94fe0963e76c50b1f06f0f8ffcf868193caab76b029cd9426fbad68d2fa321a3a51750581a792d
SSDEEP

768:zePkrW45iVUUihT6SsgMB17JGiJYV8bwtpUDtQfT4:iKW484hmdfB5JGCg8bw8Qf0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdPnp.dll

Files

fdPnp.dll
.dll windows:6 windows x86 arch:x86

8c101af330c2d491fd6f6d4a6ec3039c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

fdPnp.pdb

Imports

msvcrt

_amsg_exit
??_V@YAXPAX@Z
free
_purecall
??2@YAPAXI@Z
memmove
realloc
memcpy
memset
_wcsicmp
_except_handler4_common
??3@YAXPAX@Z
_initterm
malloc
_XcptFilter
wcsncmp
??_U@YAPAXI@Z

atl

ord30
ord32
ord15
ord23
ord21
ord16

advapi32

RegEnumKeyW
RegCloseKey
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
CheckTokenMembership
AllocateAndInitializeSid
FreeSid

ole32

CoTaskMemFree
PropVariantClear
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoInitializeEx
IIDFromString
StringFromGUID2
CoCreateGuid

oleaut32

SafeArrayUnaccessData
SysStringByteLen
SafeArrayGetElement
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetVartype
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayCreateVector
SysFreeString

user32

UnregisterDeviceNotification
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
RegisterDeviceNotificationW
CreateWindowExW
UnregisterClassW
RegisterClassExW
SetWindowLongW
GetWindowLongW
DestroyWindow
DefWindowProcW

devobj

DevObjGetClassDevs
DevObjOpenClassRegKey
DevObjGetDeviceInterfaceDetail
DevObjCreateDeviceInfoList
DevObjOpenDeviceInfo
DevObjOpenDeviceInterface
DevObjGetDeviceInterfaceProperty
DevObjGetDeviceProperty
DevObjDestroyDeviceInfoList
DevObjSetDeviceInterfaceProperty
DevObjGetDeviceInterfacePropertyKeys
DevObjSetDeviceProperty
DevObjGetDevicePropertyKeys
DevObjEnumDeviceInfo
DevObjEnumDeviceInterfaces
DevObjGetDeviceInstanceId
DevObjDeleteDeviceInfo

kernel32

lstrlenA
WaitForSingleObject
CloseHandle
lstrlenW
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetEvent
GetLastError
InitializeSRWLock
DisableThreadLibraryCalls
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
CreateThread
CreateEventW
DelayLoadFailureHook
GetProcAddress
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedIncrement

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c101af330c2d491fd6f6d4a6ec3039c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

advapi32

ole32

oleaut32

user32

devobj

kernel32

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB