dmrc[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dmrc.dll
Size

109KB
MD5

7a118dac82aacb01a52c5c7a17796038
SHA1

eadfa21b1206a652bbe9047adaf3e0acfe008795
SHA256

aca0abed893913b8ceb79db1dc82f9331e8607ab0f9ad94ac032ef4fb85326b3
SHA512

4461eef56e7ce3beea18f161fb18da1c69af0729abdfdde1d6032ceb5bc2f34ce77f9e99a6ab7b98b419715685637d283d214bd78399b24c5d4d03cf6ba91f41
SSDEEP

1536:Hd+Ul8+uAppy+teCSrgR3UR7dMzFLRg9nkYq8+lPF7bhs8QdtbbOIn7QoTg5unhW:HcUl8+u6HVzUpYFLRg9IhshV5n0o2uc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dmrc.dll

Files

dmrc.dll
.dll windows:6 windows x86 arch:x86

f113ba63af8e0b0c0f30cc1fdc540b46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dmrc.pdb

Imports

msvcrt

wcschr
time
_ultow
wcsrchr
_resetstkoflw
iswalpha
memset
towlower
swscanf
_wcsicmp
_vsnwprintf
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
free
malloc
_XcptFilter
_initterm
_amsg_exit
_except_handler4_common

ntdll

WinSqmEndSession
RtlIsValidIndexHandle
RtlIsValidHandle
RtlInitializeHandleTable
RtlDestroyHandleTable
RtlAllocateHandle
RtlFreeHandle
RtlNtStatusToDosError
WinSqmSetDWORD
WinSqmSetString
WinSqmStartSession

user32

CharPrevW

kernel32

lstrlenW
GetCurrentThreadId
GetCurrentProcessId
MoveFileExW
GetTempFileNameW
DeleteFileW
SetFileAttributesW
RemoveDirectoryW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
CloseHandle
CreateFileW
GetTempPathW
InterlockedIncrement
InterlockedDecrement
GetThreadPreferredUILanguages
EnterCriticalSection
LeaveCriticalSection
CallbackMayRunLong
DeleteCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SubmitThreadpoolWork
CreateThreadpoolWork
ExpandEnvironmentStringsW
lstrcmpiW
CreateThreadpoolCleanupGroup
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpool
GetFullPathNameW
GetFileAttributesExW
ReadFile
WriteFile
SetFilePointerEx
GetFileSizeEx
DuplicateHandle
GetCurrentProcess
GlobalFree
SetEvent
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateEventW
CreateFileA
SetFilePointer
MoveFileW
GetGeoInfoW
GetUserGeoID
FindCloseChangeNotification
UnregisterWaitEx
FindNextChangeNotification
SleepEx
RegisterWaitForSingleObject
FindFirstChangeNotificationW
ReleaseMutex
ClosePrivateNamespace
CreateMutexW
CreatePrivateNamespaceW
GetCurrentThread
DeleteBoundaryDescriptor
AddSIDToBoundaryDescriptor
CreateBoundaryDescriptorW
OpenMutexW
OpenPrivateNamespaceW
GlobalAlloc
InterlockedExchange
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
CreateDirectoryW
WideCharToMultiByte
MultiByteToWideChar
SystemTimeToFileTime
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
WaitForSingleObjectEx
RaiseException
GetSystemWindowsDirectoryW
GetLastError
CompareFileTime
GetSystemTimeAsFileTime
LocalFree
GetFileAttributesW
GetVersionExW
GetShortPathNameW
IsValidLocaleName

advapi32

GetTraceEnableFlags
RegSetValueExW
TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
ConvertSidToStringSidW
OpenThreadToken
OpenProcessToken
GetTokenInformation
IsValidSid
CopySid
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
GetUserNameW
EventWrite
EventUnregister
EventRegister
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegGetValueW

winhttp

WinHttpOpen
WinHttpSetOption
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpConnect
WinHttpSetStatusCallback
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpAddRequestHeaders

shlwapi

UrlCanonicalizeW
ord12

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree

rpcrt4

UuidToStringW
UuidFromStringW
RpcStringFreeW

cabinet

ord20
ord22
ord23

xmllite

CreateXmlWriter
CreateXmlWriterOutputWithEncodingName
CreateXmlReader

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

crypt32

CertVerifyCertificateChainPolicy

wer

WerReportSubmit
WerReportAddFile
WerReportSetParameter
WerReportCreate
WerReportCloseHandle

devrtl

NdxTableRemoveObject
NdxTableAddObject
NdxTableClose
NdxTableGetObjectName
NdxTableGetPropertyValue
NdxTableObjectFromName
NdxTableRemoveObjectFromList
NdxTableAddObjectToList
NdxTableNextObject
NdxTableGetObjectType
NdxTableOpen
NdxTableSetTypeDefinition
NdxTableFirstObject
NdxTableFirstObjectInList
NdxTableSetPropertyValue

Exports

Exports

DMrcExit
DMrcGetProperties
DMrcInit
DMrcQueryClose
DMrcQueryHardwareId
DMrcQueryModelId

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f113ba63af8e0b0c0f30cc1fdc540b46

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

user32

kernel32

advapi32

winhttp

shlwapi

ole32

rpcrt4

cabinet

xmllite

wintrust

crypt32

wer

devrtl

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 96KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 96KB - Virtual size: 96KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 8KB