cfgmgr32[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

cfgmgr32.dll
Size

234KB
MD5

4c4612ddffa61e711667c526287c9742
SHA1

42e6482cd663cf805ab4b8e670f510b1f33d8219
SHA256

8440d611230b121f525033b26d6774ec781ba4339b34ff82bb21f3f54b2c6eb0
SHA512

5e0910bf59e862b89d2ec2f8813e04c25d8f7f2daedaf1fad9b8876550edf51ab28a7569463e153e259bb091419b80d8b4a25040617610d6754841374c0e3d73
SSDEEP

6144:t0m4ksgb6gsrSUP8DcJmzSSxkqn5kSh6gCL1k3:Cm4k0QIq5kavS1y

Score

1^/10

Malware Config

Signatures

Files

cfgmgr32.dll
.dll windows:10 windows x86 arch:x86

bcae3553d731beb07a0959d30f946975

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:99:1c:69:6f:27:a4:8a:97:00:b8:0c:aa:9e:15:53:3f:e6:64:76:cb:3f:bf:06:75:0b:e2:08:cc:17:16:17
Signer

Actual PE Digest

cc:99:1c:69:6f:27:a4:8a:97:00:b8:0c:aa:9e:15:53:3f:e6:64:76:cb:3f:bf:06:75:0b:e2:08:cc:17:16:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cfgmgr32.pdb

Imports

api-ms-win-core-crt-l1-1-0

_vsnwprintf_s
_wcsnicmp
_wtoi
wcstoul
_wcsicmp
memmove
memcpy
memcmp
toupper
wcsrchr
wcschr
_except_handler4_common
memset

api-ms-win-core-crt-l2-1-0

_purecall
_initterm_e
_initterm

ntdll

RtlFreeUnicodeString
RtlGetVersion
NtSetValueKey
NtQueryValueKey
NtCreateKey
NtOpenKey
RtlUpcaseUnicodeString
RtlDllShutdownInProgress
RtlIoDecodeMemIoResource
NtClose
RtlCmDecodeMemIoResource
_vsnprintf
RtlIoEncodeMemIoResource
RtlCmEncodeMemIoResource
RtlIsTextUnicode
RtlGetDaclSecurityDescriptor
RtlFormatCurrentUserKeyPath
RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlHashUnicodeString
RtlGUIDFromString
RtlMultiByteToUnicodeN
_vsnwprintf
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteN
RtlUnicodeToMultiByteSize
RtlEqualUnicodeString
RtlInitUnicodeStringEx
RtlUnicodeStringToInteger
EtwTraceMessage
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
NtCreateFile
RtlInitUnicodeString

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetModuleFileNameA
LoadStringW
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls
LoadLibraryExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
ReleaseSRWLockShared
SetEvent
CreateEventW
OpenEventW
ReleaseMutex
WaitForMultipleObjectsEx
AcquireSRWLockShared
EnterCriticalSection
SleepEx
WaitForSingleObject
DeleteCriticalSection
CreateMutexW
WaitForSingleObjectEx
InitializeSRWLock
LeaveCriticalSection
AcquireSRWLockExclusive
InitializeCriticalSection

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
SetLastError
GetLastError
SetErrorMode

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-wow64-l1-1-0

IsWow64Process
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThreadToken
SetThreadToken
OpenProcessToken
GetCurrentThread

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
WakeConditionVariable
SleepConditionVariableSRW
InitializeConditionVariable
Sleep
InitOnceInitialize

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl
CancelIoEx

api-ms-win-core-threadpool-l1-2-0

CallbackMayRunLong
SubmitThreadpoolWork
CloseThreadpoolIo
CreateThreadpoolIo
CloseThreadpoolWork
CancelThreadpoolIo
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolWait
SetThreadpoolWait
FreeLibraryWhenCallbackReturns
DisassociateCurrentThreadFromCallback
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
StartThreadpoolIo
WaitForThreadpoolIoCallbacks

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegGetValueW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW
GetLocalTime
GetSystemWindowsDirectoryW

api-ms-win-core-string-l1-1-0

CompareStringW
GetStringTypeExW
CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
GetKernelObjectSecurity
AdjustTokenPrivileges
GetSecurityDescriptorLength
GetTokenInformation

api-ms-win-core-localization-l1-2-0

GetThreadPreferredUILanguages
GetThreadLocale
FormatMessageW
LCMapStringW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer
EventProviderEnabled

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-crt-runtime-l1-1-0

_resetstkoflw

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-file-l1-1-0

CompareFileTime
FindClose
DeleteFileW
WriteFile
GetFullPathNameW
GetFileSize
SetFilePointer
GetFileAttributesW
CreateDirectoryW
FlushFileBuffers
CreateFileW
FindFirstFileW
SetEndOfFile

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CMP_GetBlockedDriverInfo
CMP_GetServerSideDeviceInstallFlags
CMP_Get_Device_ID_List
CMP_Get_Device_ID_List_Size
CMP_Init_Detection
CMP_RegisterServiceNotification
CMP_Register_Notification
CMP_Report_LogOn
CMP_WaitNoPendingInstallEvents
CMP_WaitServicesAvailable
CM_Add_Driver_PackageW
CM_Add_Driver_Package_ExW
CM_Add_Empty_Log_Conf
CM_Add_Empty_Log_Conf_Ex
CM_Add_IDA
CM_Add_IDW
CM_Add_ID_ExA
CM_Add_ID_ExW
CM_Add_Range
CM_Add_Res_Des
CM_Add_Res_Des_Ex
CM_Apply_PowerScheme
CM_Connect_MachineA
CM_Connect_MachineW
CM_Create_DevNodeA
CM_Create_DevNodeW
CM_Create_DevNode_ExA
CM_Create_DevNode_ExW
CM_Create_Range_List
CM_Delete_Class_Key
CM_Delete_Class_Key_Ex
CM_Delete_DevNode_Key
CM_Delete_DevNode_Key_Ex
CM_Delete_Device_Interface_KeyA
CM_Delete_Device_Interface_KeyW
CM_Delete_Device_Interface_Key_ExA
CM_Delete_Device_Interface_Key_ExW
CM_Delete_Driver_PackageW
CM_Delete_Driver_Package_ExW
CM_Delete_PowerScheme
CM_Delete_Range
CM_Detect_Resource_Conflict
CM_Detect_Resource_Conflict_Ex
CM_Disable_DevNode
CM_Disable_DevNode_Ex
CM_Disconnect_Machine
CM_Dup_Range_List
CM_Duplicate_PowerScheme
CM_Enable_DevNode
CM_Enable_DevNode_Ex
CM_Enumerate_Classes
CM_Enumerate_Classes_Ex
CM_Enumerate_EnumeratorsA
CM_Enumerate_EnumeratorsW
CM_Enumerate_Enumerators_ExA
CM_Enumerate_Enumerators_ExW
CM_Find_Range
CM_First_Range
CM_Free_Log_Conf
CM_Free_Log_Conf_Ex
CM_Free_Log_Conf_Handle
CM_Free_Range_List
CM_Free_Res_Des
CM_Free_Res_Des_Ex
CM_Free_Res_Des_Handle
CM_Free_Resource_Conflict_Handle
CM_Get_Child
CM_Get_Child_Ex
CM_Get_Class_Key_NameA
CM_Get_Class_Key_NameW
CM_Get_Class_Key_Name_ExA
CM_Get_Class_Key_Name_ExW
CM_Get_Class_NameA
CM_Get_Class_NameW
CM_Get_Class_Name_ExA
CM_Get_Class_Name_ExW
CM_Get_Class_PropertyW
CM_Get_Class_Property_ExW
CM_Get_Class_Property_Keys
CM_Get_Class_Property_Keys_Ex
CM_Get_Class_Registry_PropertyA
CM_Get_Class_Registry_PropertyW
CM_Get_Depth
CM_Get_Depth_Ex
CM_Get_DevNode_Custom_PropertyA
CM_Get_DevNode_Custom_PropertyW
CM_Get_DevNode_Custom_Property_ExA
CM_Get_DevNode_Custom_Property_ExW
CM_Get_DevNode_PropertyW
CM_Get_DevNode_Property_ExW
CM_Get_DevNode_Property_Keys
CM_Get_DevNode_Property_Keys_Ex
CM_Get_DevNode_Registry_PropertyA
CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Registry_Property_ExA
CM_Get_DevNode_Registry_Property_ExW
CM_Get_DevNode_Status
CM_Get_DevNode_Status_Ex
CM_Get_Device_IDA
CM_Get_Device_IDW
CM_Get_Device_ID_ExA
CM_Get_Device_ID_ExW
CM_Get_Device_ID_ListA
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_ExA
CM_Get_Device_ID_List_ExW
CM_Get_Device_ID_List_SizeA
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_List_Size_ExA
CM_Get_Device_ID_List_Size_ExW
CM_Get_Device_ID_Size
CM_Get_Device_ID_Size_Ex
CM_Get_Device_Interface_AliasA
CM_Get_Device_Interface_AliasW
CM_Get_Device_Interface_Alias_ExA
CM_Get_Device_Interface_Alias_ExW
CM_Get_Device_Interface_ListA
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_ExA
CM_Get_Device_Interface_List_ExW
CM_Get_Device_Interface_List_SizeA
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_List_Size_ExA
CM_Get_Device_Interface_List_Size_ExW
CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_Property_ExW
CM_Get_Device_Interface_Property_KeysW
CM_Get_Device_Interface_Property_Keys_ExW
CM_Get_First_Log_Conf
CM_Get_First_Log_Conf_Ex
CM_Get_Global_State
CM_Get_Global_State_Ex
CM_Get_HW_Prof_FlagsA
CM_Get_HW_Prof_FlagsW
CM_Get_HW_Prof_Flags_ExA
CM_Get_HW_Prof_Flags_ExW
CM_Get_Hardware_Profile_InfoA
CM_Get_Hardware_Profile_InfoW
CM_Get_Hardware_Profile_Info_ExA
CM_Get_Hardware_Profile_Info_ExW
CM_Get_Log_Conf_Priority
CM_Get_Log_Conf_Priority_Ex
CM_Get_Next_Log_Conf
CM_Get_Next_Log_Conf_Ex
CM_Get_Next_Res_Des
CM_Get_Next_Res_Des_Ex
CM_Get_Parent
CM_Get_Parent_Ex
CM_Get_Res_Des_Data
CM_Get_Res_Des_Data_Ex
CM_Get_Res_Des_Data_Size
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Resource_Conflict_Count
CM_Get_Resource_Conflict_DetailsA
CM_Get_Resource_Conflict_DetailsW
CM_Get_Sibling
CM_Get_Sibling_Ex
CM_Get_Version
CM_Get_Version_Ex
CM_Import_PowerScheme
CM_Install_DevNodeW
CM_Install_DevNode_ExW
CM_Install_DriverW
CM_Intersect_Range_List
CM_Invert_Range_List
CM_Is_Dock_Station_Present
CM_Is_Dock_Station_Present_Ex
CM_Is_Version_Available
CM_Is_Version_Available_Ex
CM_Locate_DevNodeA
CM_Locate_DevNodeW
CM_Locate_DevNode_ExA
CM_Locate_DevNode_ExW
CM_MapCrToSpErr
CM_MapCrToWin32Err
CM_Merge_Range_List
CM_Modify_Res_Des
CM_Modify_Res_Des_Ex
CM_Move_DevNode
CM_Move_DevNode_Ex
CM_Next_Range
CM_Open_Class_KeyA
CM_Open_Class_KeyW
CM_Open_Class_Key_ExA
CM_Open_Class_Key_ExW
CM_Open_DevNode_Key
CM_Open_DevNode_Key_Ex
CM_Open_Device_Interface_KeyA
CM_Open_Device_Interface_KeyW
CM_Open_Device_Interface_Key_ExA
CM_Open_Device_Interface_Key_ExW
CM_Query_And_Remove_SubTreeA
CM_Query_And_Remove_SubTreeW
CM_Query_And_Remove_SubTree_ExA
CM_Query_And_Remove_SubTree_ExW
CM_Query_Arbitrator_Free_Data
CM_Query_Arbitrator_Free_Data_Ex
CM_Query_Arbitrator_Free_Size
CM_Query_Arbitrator_Free_Size_Ex
CM_Query_Remove_SubTree
CM_Query_Remove_SubTree_Ex
CM_Query_Resource_Conflict_List
CM_Reenumerate_DevNode
CM_Reenumerate_DevNode_Ex
CM_Register_Device_Driver
CM_Register_Device_Driver_Ex
CM_Register_Device_InterfaceA
CM_Register_Device_InterfaceW
CM_Register_Device_Interface_ExA
CM_Register_Device_Interface_ExW
CM_Register_Notification
CM_Remove_SubTree
CM_Remove_SubTree_Ex
CM_Request_Device_EjectA
CM_Request_Device_EjectW
CM_Request_Device_Eject_ExA
CM_Request_Device_Eject_ExW
CM_Request_Eject_PC
CM_Request_Eject_PC_Ex
CM_RestoreAll_DefaultPowerSchemes
CM_Restore_DefaultPowerScheme
CM_Run_Detection
CM_Run_Detection_Ex
CM_Set_ActiveScheme
CM_Set_Class_PropertyW
CM_Set_Class_Property_ExW
CM_Set_Class_Registry_PropertyA
CM_Set_Class_Registry_PropertyW
CM_Set_DevNode_Problem
CM_Set_DevNode_Problem_Ex
CM_Set_DevNode_PropertyW
CM_Set_DevNode_Property_ExW
CM_Set_DevNode_Registry_PropertyA
CM_Set_DevNode_Registry_PropertyW
CM_Set_DevNode_Registry_Property_ExA
CM_Set_DevNode_Registry_Property_ExW
CM_Set_Device_Interface_PropertyW
CM_Set_Device_Interface_Property_ExW
CM_Set_HW_Prof
CM_Set_HW_Prof_Ex
CM_Set_HW_Prof_FlagsA
CM_Set_HW_Prof_FlagsW
CM_Set_HW_Prof_Flags_ExA
CM_Set_HW_Prof_Flags_ExW
CM_Setup_DevNode
CM_Setup_DevNode_Ex
CM_Test_Range_Available
CM_Uninstall_DevNode
CM_Uninstall_DevNode_Ex
CM_Uninstall_DriverW
CM_Unregister_Device_InterfaceA
CM_Unregister_Device_InterfaceW
CM_Unregister_Device_Interface_ExA
CM_Unregister_Device_Interface_ExW
CM_Unregister_Notification
CM_Write_UserPowerKey
DevCloseObjectQuery
DevCreateObjectQuery
DevCreateObjectQueryEx
DevCreateObjectQueryFromId
DevCreateObjectQueryFromIdEx
DevCreateObjectQueryFromIds
DevCreateObjectQueryFromIdsEx
DevFindProperty
DevFreeObjectProperties
DevFreeObjects
DevGetObjectProperties
DevGetObjectPropertiesEx
DevGetObjects
DevGetObjectsEx
DevSetObjectProperties
SwDeviceClose
SwDeviceCreate
SwDeviceGetLifetime
SwDeviceInterfacePropertySet
SwDeviceInterfaceRegister
SwDeviceInterfaceSetState
SwDevicePropertySet
SwDeviceSetLifetime
SwMemFree

Sections

.text
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcae3553d731beb07a0959d30f946975

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

cc:99:1c:69:6f:27:a4:8a:97:00:b8:0c:aa:9e:15:53:3f:e6:64:76:cb:3f:bf:06:75:0b:e2:08:cc:17:16:17Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-crt-l1-1-0

api-ms-win-core-crt-l2-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 203KB - Virtual size: 203KB

.data Size: 512B - Virtual size: 3KB

.idata Size: 7KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 92B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

cc:99:1c:69:6f:27:a4:8a:97:00:b8:0c:aa:9e:15:53:3f:e6:64:76:cb:3f:bf:06:75:0b:e2:08:cc:17:16:17
Signer

.text
Size: 203KB - Virtual size: 203KB

.data
Size: 512B - Virtual size: 3KB

.idata
Size: 7KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 92B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB