Microsoft[.]Management[.]Infrastructure[.]Native[.]Unmanaged[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Microsoft.Management.Infrastructure.Native.Unmanaged.dll
Size

14KB
MD5

b447dd108ff214b6479f5d8be30650e5
SHA1

f6cf3f842d838f0cf1eee15fbc77d72ca38be3c9
SHA256

3e9c133bd8b76602a943a9fdaf2aef708344e78c8713327bb78f086f6b51ae51
SHA512

b1f068217f6f35b927ca6cc87a3d320726bc1371b20332eba378869a6c0e86b557234918393cc6457f5c04ef64f282eeade111223645de8b64de070d8afd6000
SSDEEP

384:u5mnoQ3ZPqw+d3nG8yBQ8RCt95I0WHveW:u+2d3CQP5It

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Microsoft.Management.Infrastructure.Native.Unmanaged.dll

Files

Microsoft.Management.Infrastructure.Native.Unmanaged.dll
.dll windows:10 windows x86 arch:x86

76db6a07de705b9942c01c1011ba54f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Management.Infrastructure.Native.Unmanaged.pdb

Imports

msvcrt

_except_handler4_common
_initterm
malloc
_amsg_exit
_XcptFilter
free
memset

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CreateThreadpool
CloseThreadpool
CloseThreadpoolWork
SubmitThreadpoolWork
LeaveCriticalSectionWhenCallbackReturns

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenThreadToken
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentThread
SetThreadToken

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

mi

mi_clientFT_V1

Exports

Exports

GetAddr_OperationCallbacks_ClassObjectNeededCallback
GetAddr_OperationCallbacks_FreeIncludedFileBufferCallback
GetAddr_OperationCallbacks_GetIncludedFileBufferCallback
GetAddr_OperationCallbacks_NativeClassCallback
GetAddr_OperationCallbacks_NativeIndicationCallback
GetAddr_OperationCallbacks_NativeInstanceCallback
GetAddr_OperationCallbacks_NativePromptUserCallback
GetAddr_OperationCallbacks_NativeStreamedParameterResultCallback
GetAddr_OperationCallbacks_NativeWriteErrorCallback
GetAddr_OperationCallbacks_NativeWriteMessageCallback
GetAddr_OperationCallbacks_NativeWriteProgressCallback
GetAddr_SessionHandle_OnReleaseHandleCompleted
MI_ApplicationWrapper_Initialize
MI_ApplicationWrapper_ScheduleCleanupCallback
MI_ApplicationWrapper_SetAppDomainIsUnloading
MI_Helpers_GetCurrentSecurityToken
MI_Helpers_IsClrShuttingDown
MI_Helpers_SetClrIsNotShuttingDown
MI_Helpers_SetClrIsShuttingDown
MI_OperationWrapper_DecrementCount_AndDontWorryAboutLifetimeOfMiDotNetDll
MI_OperationWrapper_DecrementCount_AndManageLifetimeOfMiDotNetDll
MI_OperationWrapper_GetClass
MI_OperationWrapper_GetIndication
MI_OperationWrapper_GetInstance
MI_OperationWrapper_Initialize
MI_OperationWrapper_ScheduleDrainingWorkIfNeeded
MI_OperationWrapper_SetupDrainingIfNeeded
UnmanagedMI_GetMiClientFT_V1
UnmanagedMI_GetMiEvaluatorFT_V1
UnmanagedMI_GetMiMonitoringFT_V1
UnmanagedMI_GetMiReactiveExtensionsFT_V1

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76db6a07de705b9942c01c1011ba54f0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

mi

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 848B

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 444B

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 848B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 444B