DevicePairingFolder[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

DevicePairingFolder.dll
Size

76KB
MD5

2180bb24687e5ccc58aa1f2b87e599a5
SHA1

ee4c5f1a8c4ae7ec2958e35321f8ec3741a1ddbd
SHA256

3892726eb0e3499f7cc0acb4fbad4e6835711a50b9d29ff79664717131fb987f
SHA512

785233765c11abfad7d98535bea46667f1da0fcbb2bcbdaca813083e61bd2a0331413ecb009a19290220ec21f2f22fc4a376a2d8135f3fbbfe87a54347f3a160
SSDEEP

1536:1eIyyZqif+nQBJjXbnNJtyYabJ77n4E9/qh2in14mfD2fpRwRIx:swqW+QBvybbV/qhvn14O2BCR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DevicePairingFolder.dll

Files

DevicePairingFolder.dll
.dll windows:10 windows x86 arch:x86

d53e630314002c96e12274ce29391391

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DevicePairingFolder.pdb

Imports

msvcrt

??1exception@@UAE@XZ
_initterm
_purecall
free
malloc
wcsncpy_s
memcpy_s
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_amsg_exit
_XcptFilter
??0exception@@QAE@XZ
_unlock
_wtol
wcschr
__CxxFrameHandler3
wcsstr
_callnewh
_vsnwprintf
?what@exception@@UBEPBDXZ
_lock
memcpy
??1type_info@@UAE@XZ
realloc
_errno
_except_handler4_common
_onexit
__dllonexit
memset

shell32

SHBindToFolderIDListParent
ord256
SHCreateDefaultContextMenu
SHCreateDataObject
SHCreateDefaultExtractIcon
ord16
ord25
ord18
ord763
SHCreateShellItemArrayFromIDLists
ord155
ord19
ShellExecuteExW
ord153
SHChangeNotify
SHBindToParent

shlwapi

ord199
ord219
StrToIntW
SHStrDupW
ord615
ord16
ord619
ord344
StrPBrkW
StrChrW
StrRetToBufW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FindResourceExW
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA
SizeofResource
FreeLibrary
GetModuleHandleA
LoadLibraryExW
LoadResource
GetModuleFileNameW
LoadStringW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
InitializeSRWLock
ReleaseSRWLockExclusive
CreateEventW
CreateMutexExW
ResetEvent
AcquireSRWLockExclusive
CreateSemaphoreExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
WaitForSingleObject
SetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SafeArrayGetElement
VariantInit
VariantClear
SysAllocString
VarUI4FromStr
SysFreeString

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
TraceMessage
GetTraceEnableLevel

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
PropVariantClear
CoCreateInstance
CoTaskMemAlloc
CoGetMalloc
PropVariantCopy
CoTaskMemRealloc
CoWaitForMultipleHandles
CoTaskMemFree
StringFromGUID2

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegEnumKeyExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

rpcrt4

RpcStringFreeW
UuidToStringW
UuidFromStringW

api-ms-win-devices-query-l1-1-0

DevCreateObjectQuery
DevCloseObjectQuery

kernel32

lstrcmpiW
lstrlenW

propsys

PSGetPropertyFromPropertyStorage
PSCreateMemoryPropertyStore
PropVariantToStringAlloc
PropVariantCompareEx
PSGetPropertyDescription
PropVariantToVariant
PropVariantChangeType
PSPropertyBag_WriteDWORD
VariantCompare

user32

UnregisterClassA

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d53e630314002c96e12274ce29391391

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

shell32

shlwapi

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

rpcrt4

api-ms-win-devices-query-l1-1-0

kernel32

propsys

user32

api-ms-win-core-heap-l2-1-0

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 61KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 62KB - Virtual size: 61KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 4KB