DeviceReactivation[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

DeviceReactivation.dll
Size

67KB
MD5

fde49e8532395549ddd56a20cd2ea9a5
SHA1

b2b0c7d71e9383d79a4d6fbb38a5a67e5eeca5e3
SHA256

18daf549c52d028c16234eac9dbe38ebf86926dce55f993fd67e52d86aed6af3
SHA512

2fa6575c861b26cf078dee3d1caf51b2929f1a696faa6d9a4e0bf6b8a5214cff519d7acb66b6b8d5d38a64b68e86cec250caf32f24b71446804c29e5617df32f
SSDEEP

1536:va+QExbu3sUi1G6OaMMJtO3BPpshjK5Pmz72:S+fxbqsUi1GfaMatORPpspK5O/2

Score

1^/10

Malware Config

Signatures

Files

DeviceReactivation.dll
.dll windows:10 windows x86 arch:x86

039dec7c08e4c28225bdf657416e1fa6

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:09:b2:bd:6f:2d:dc:a7:a7:3f:28:a4:42:74:6b:bc:33:23:39:0e:78:be:38:2c:57:f8:0c:b8:81:73:f9:fe
Signer

Actual PE Digest

6a:09:b2:bd:6f:2d:dc:a7:a7:3f:28:a4:42:74:6b:bc:33:23:39:0e:78:be:38:2c:57:f8:0c:b8:81:73:f9:fe

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DeviceReactivation.pdb

Imports

msvcrt

free
malloc
_vsnwprintf
_amsg_exit
_lock
_XcptFilter
_unlock
_vsnprintf_s
__dllonexit
__CxxFrameHandler3
_onexit
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??3@YAXPAX@Z
memcpy_s
_initterm
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_purecall
_except_handler4_common
memcmp
??0exception@@QAE@XZ
memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
CreateMutexExW
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

rpcrt4

IUnknown_Release_Proxy
NdrDllGetClassObject
CStdStubBuffer_Connect
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
NdrCStdStubBuffer_Release
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_Invoke
NdrStubForwardingFunction
NdrStubCall2
IUnknown_AddRef_Proxy
CStdStubBuffer_AddRef
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
NdrCStdStubBuffer2_Release

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient3
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction4
CStdStubBuffer2_CountRefs
CStdStubBuffer2_Disconnect
ObjectStublessClient6
ObjectStublessClient8
NdrProxyForwardingFunction3
CStdStubBuffer2_Connect
NdrProxyForwardingFunction5
ObjectStublessClient7

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

GetTokenInformation
DuplicateTokenEx

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

039dec7c08e4c28225bdf657416e1fa6

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

6a:09:b2:bd:6f:2d:dc:a7:a7:3f:28:a4:42:74:6b:bc:33:23:39:0e:78:be:38:2c:57:f8:0c:b8:81:73:f9:feSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 45KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 136B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

6a:09:b2:bd:6f:2d:dc:a7:a7:3f:28:a4:42:74:6b:bc:33:23:39:0e:78:be:38:2c:57:f8:0c:b8:81:73:f9:fe
Signer

.text
Size: 45KB - Virtual size: 45KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 136B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB