fwpolicyiomgr[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

fwpolicyiomgr.dll
Size

229KB
MD5

3ace45c917a0044ac4455e9d9dadc17d
SHA1

56a7337022025a16b2a1eb946db6fd4d64bc7fbd
SHA256

f7d1f16f1c191335fd1a3d09c3585aecc0f5f57eaa35899ca4ec2196ef768305
SHA512

d6401fd13019ca81e396ad73a74ffb8050fcf607fbc657250e5c721c3ab817da37da19c09e19a9de07cd9cd418a09205e10e863c5b7c53a9c71bf731a86c5148
SSDEEP

3072:vR7cFNPrSPkZjCFJhrto0uB8HBzdTrvmGm3c7VdwlDWNJEcOUl:BcF1S8hIJ1to0umHBzdTTecU9WNJK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fwpolicyiomgr.dll

Files

fwpolicyiomgr.dll
.dll windows:10 windows x86 arch:x86

5cfcd1f9c4acf067563749932c2761f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FWPolicyIOMgr.pdb

Imports

msvcrt

??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
malloc
free
_amsg_exit
memcpy
wcsncmp
_wcsnicmp
_unlock
wcsnlen
wcstoul
iswdigit
_purecall
__dllonexit
_onexit
_ultow
_CxxThrowException
_lock
_wcsicmp
wcstok
memmove_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_vsnprintf_s
memcmp
memcpy_s
_except_handler4_common
_vsnwprintf
??3@YAXPAX@Z
??1exception@@UAE@XZ
__CxxFrameHandler3
_XcptFilter
memset

ntdll

RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlCopySid
RtlNtStatusToDosError
EtwTraceMessage
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlLengthSid

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
LoadLibraryExW
GetProcAddress

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
CreateMutexExW
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
ReleaseSemaphore
ReleaseMutex
LeaveCriticalSection
OpenSemaphoreW
DeleteCriticalSection
WaitForSingleObjectEx
EnterCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CalculateOpenPortOrAuthAppAddrStringSize
CalculateOpenPortOrAuthAppAddrStringSize2
CopyIcmpSettings
CopyIcmpV4Rules
CopyIcmpV6Rules
CreateDefaultAuthAppRule
CreateDefaultIcmpRule
CreateDefaultOpenPortRule
CreateDefaultPerInterfaceIcmpRule
CreateDefaultPerInterfaceOpenPortRule
CreateDefaultRemoteAdminRule
CreateDefaultRule
FWDestroyExtensionDllCriticalSection
FWGPLock
FWGPOCleanup
FWGPOSave
FWGPUnlockEx
FWInitExtensionDllCriticalSection
FWOpenGPOAndGetRegKey
FWPrimitivesSetGPHelperFnPtrs
FWResolveGPONames
FWSetGPHelperFnPtrs
FreeAbsoluteInterfaces
FwAddDynamicKeywordAddressInRegistry
FwAddRule
FwAddRuleEx
FwAddSet
FwAdvPolicyDecodeFirewallRule
FwAdvPolicyEncodeRule
FwAdvPolicyEncodeRuleEx
FwAdvPolicyVerifyFirewallRule
FwAppContainerChangeFree
FwAreAllContainedInAddresses
FwAuthSetFree
FwBinariesFree
FwCSRuleEmpty
FwCSRuleEmptyByBinaryVersion
FwCSRuleFree
FwCSRuleVerify
FwChkBuildSidAndAttributesFree
FwCleanupPhase1Sa
FwClosePolicyStore
FwCompareCSRule
FwCompareFWRule
FwConvertIPv6SubNetToRange
FwCopyAuthSetListToLowerVersion
FwCopyAuthSetToLowerVersion
FwCopyAuthsetToHigherVersion
FwCopyCSRule
FwCopyCryptoSet
FwCopyICMPTypeCode
FwCopyInterfaceIndexes
FwCopyInterfaceLuids
FwCopyLUID
FwCopyMMRule
FwCopyPlatform
FwCopyPortRange
FwCopyPortsContents
FwCopyRule
FwCountAuthAppRules
FwCountGlobalOpenPortRules
FwCreateLocalTempStore
FwCryptoSetFree
FwDecodeDynamicKeywordAddress
FwDeleteAllRules
FwDeleteAllSets
FwDeleteDynamicKeywordAddressInRegistry
FwDeleteRule
FwDeleteSet
FwDestroyLocalTempStore
FwDoNothingOnObject
FwDownlevelAuthSetFree
FwDownlevelFirewallRuleEmpty
FwDynamicKeywordAddressIsStringValid
FwDynamicKeywordRuleLinkCopy
FwEmptyWFRule
FwEncodeDynamicKeywordAddress
FwEnumAllDynamicKeywordAddressesInRegistry
FwEnumRules
FwEnumSets
FwEraseGPOStoreBaseKey
FwFindMatchingOpenPortRule
FwFreeDynamicKeywordAddressDataBySchemaVersion
FwFreeDynamicKeywordAddressesInternal
FwFreeDynamicKeywordRuleLink
FwFreeObjects
FwFreeRules
FwFreeSets
FwFreeWFRule
FwGetConfig
FwGetDynamicKeywordOriginFromStoreType
FwGetGlobalConfig
FwGetGlobalConfigFromLocalTempStore
FwGetRule
FwGetStoreTypeFromDynamicKeywordOriginType
FwICFProfileToWfProfile
FwICFProtocolToWfProtocol
FwIPV4RangeContainsMulticast
FwIPV6RangeContainsMulticast
FwInvertAddresses
FwIsV6AddrLoopback
FwMMRuleFree
FwMMRuleVerify
FwMigrateLegacyAuthenticatedBypassSddl
FwMigrateLegacySettings
FwNegateAddresses
FwOpenAppCDbPolicyStore
FwOpenOfflinePolicyStore
FwOpenPolicyStore
FwParseAddressToken
FwParseAllPortVersions
FwParseICMPTypeCodes
FwParseInterfaceType
FwPolioConvertIPv6SubNetToRange
FwPolioCopyAuthSet
FwPolioCopyWFAddressesContents
FwPolioEmptyWFAddresses
FwPolioMergeAddresses
FwReduceObjectsToVersion
FwRemoveDuplicateAddresses
FwRuleResolveFlags
FwSddlStringVerify
FwSetConfig
FwSetDynamicKeywordRuleLinkAddOrUpdateFn
FwSetGlobalConfig
FwSetGlobalConfigInLocalTempStore
FwSetResolveFlags
FwSetRule
FwSetRuleEx
FwSetSet
FwSidAndAttributesCopy
FwSidAndAttributesFree
FwSidCopy
FwSidsToString
FwStringToSids
FwSubtractAddresses
FwUniteWFAddressesContents
FwUpdateDynamicKeywordAddressInRegistry
FwVerifyWFRuleSemantics
FwWfProtocolToICFProtocol
GetOpenPortOrAuthAppAddrScope
GetOpenPortorAuthAppAddrAsString
GetOpenPortorAuthAppAsBSTR
GetRemoteAdminSettings
IsEqualAddresses
IsPortsEmpty
IsRuleLegacyICMPSettings
IsRulePerInterfaceIcmp
IsRulePerInterfaceOpenPort
IsUnicastExplicitAddressesEmpty
Isv4Orv6AddressesEmpty
LoadGPExtensionDll
MakeAbsoluteInterfaces
OpenPortOrAuthAppAddrToString
OpenPortOrAuthAppAddrToStringInt2
OpenPortOrAuthAppAddrToStringInt3
StringArrayToOpenPortOrAuthAppAddress
StringToOpenPortOrAuthAppAddress
StringToOpenPortOrAuthAppAddress2
ValidatePortOrAppAddressString

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cfcd1f9c4acf067563749932c2761f3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 184KB

.data Size: 24KB - Virtual size: 25KB

.idata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 384B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 184KB - Virtual size: 184KB

.data
Size: 24KB - Virtual size: 25KB

.idata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 384B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB