dmvdsitf[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

dmvdsitf.dll
Size

142KB
MD5

600455fb4dbc7feca06f1434707e8754
SHA1

9dc0a2eed5da1ca36ac5f2b5ddd4808970e59331
SHA256

ce6811e4beabad649b3ee6c7d0c0bf0ee4b841167609c32f9d73d160e1e1dabb
SHA512

0c6d5f35b4c551d8ac24dea0048b2c018fb65611352e81f51d2f20c5a22eaaf9a1717cc34420f53869e123b844ea3c47eb343b539f7c841ee33cf4041859d72f
SSDEEP

3072:cq6v73CrclLedp3LvQsVPN8MJVLEArzNoNN61:he7SCLedljGyJoC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dmvdsitf.dll

Files

dmvdsitf.dll
.dll windows:6 windows x86 arch:x86

fe896b9344103bdd213c2b12095244f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dmvdsitf.pdb

Imports

mfc42u

ord3142
ord2977
ord540
ord537
ord3658
ord1165
ord3998
ord2719
ord6466
ord2722
ord2721
ord800
ord4155
ord861
ord5436
ord6379
ord2997
ord860
ord5446
ord6390
ord614
ord1220
ord1203
ord2615
ord290
ord922
ord2810
ord538
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3348
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3574
ord2836
ord326
ord6211
ord1761
ord2637
ord641
ord858
ord2078
ord823
ord825
ord2099
ord6928
ord535

msvcrt

__CxxFrameHandler3
memset
wcschr
memcpy_s
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
memmove_s
_amsg_exit
_initterm
_XcptFilter
_callnewh
??1type_info@@UAE@XZ
malloc
free
wcscpy_s
iswalpha
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
swscanf
wcsncmp
_wtol
_wtoi
_vsnwprintf
_vsnprintf
_wcsicmp
??0exception@@QAE@XZ
memcpy
_CxxThrowException
??0exception@@QAE@ABV0@@Z
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ

atl

ord30

kernel32

HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
GetDriveTypeW
CreateFileW
DeviceIoControl
lstrlenW
GetWindowsDirectoryW
LoadLibraryW
FreeLibrary
HeapAlloc
GetProcessHeap
GetCurrentThread
IsDebuggerPresent
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringA
GetLastError
lstrcmpiW
CreateEventW
CreateThread
LeaveCriticalSection
CloseHandle
EnterCriticalSection
GetModuleHandleW
Sleep
InterlockedExchange
WaitForSingleObject
GetThreadId
SetEvent
WaitForMultipleObjects

user32

PostMessageW
UpdateWindow
PostThreadMessageW
MessageBeep
RegisterWindowMessageW
LoadStringW
DispatchMessageW
TranslateMessage
PeekMessageW
BringWindowToTop
GetMessageW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoUninitialize
CoCreateInstance
CoInitialize
CoSetProxyBlanket

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel

setupapi

SetupDiCreateDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsExW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInstanceIdW

comctl32

ImageList_LoadImageW

dmdskmgr

?RoundUpToMB@@YG_J_J@Z
?ReloadData@CDMComponentData@@QAEXPAVCDMScopeNode@@@Z
?EmptyOcxViewData@CDMComponentData@@QAEXPAVCDMScopeNode@@@Z
?DeleteLists@CDataCache@@QAEXXZ
?RefreshDiskView@CDMComponentData@@QAEXPAVCDMScopeNode@@@Z
?GetComponentData@CDataCache@@QAEPAVCDMComponentData@@XZ
?GetMMCWindow@CDMComponentData@@QAEPAUHWND__@@XZ
?GetParentVolumePtr@CDMNodeObj@@QAEPAV1@XZ
?IsPreLonghornVdsVersion@CDataCache@@QAEHXZ
?SetDriveLetterInUse@CDataCache@@QAEXGH@Z
?ChangeRow@CDMComponentData@@QAEXPAVCDMScopeNode@@J@Z
?GetSizeMB@CDMNodeObj@@QAEXAA_J@Z
?EnumDiskRegions@CDMNodeObj@@QAEXPAPAJAAJ@Z
?GetRegionInfo@CDMNodeObj@@QAEHAAUregioninfoex@@@Z
?GetParentDiskPtr@CDMNodeObj@@QAEPAV1@XZ
?GetVolumeInfo@CDMNodeObj@@QAEHAAUvolumeinfo@@@Z
?AddFileSystemInfoToCache@CDataCache@@QAEXKPAUfilesysteminfo@@@Z
?FindDriveLetter@CDataCache@@QAEH_JAAG@Z
?GetObjectId@CDMNodeObj@@QAEXAA_J@Z
?AddRow@CDMComponentData@@QAEXPAVCDMScopeNode@@J@Z
?AdjustRegionCountInLegendList@CDataCache@@QAEXW4_REGIONTYPE@@HPAVCTaskData@@@Z
?AdjustVolumeCountInLegendList@CDataCache@@QAEXW4_VOLUMELAYOUT@@HPAVCTaskData@@@Z
?DeleteRow@CDMComponentData@@QAEXPAVCDMScopeNode@@J@Z
?DoRevertToNT4@CContextMenu@@QAEXJH@Z
?GetDeviceType@CDMNodeObj@@QAEKXZ
?CreateRegionNodeObj@CDataCache@@QAEPAVCDMNodeObj@@PAV2@PAUregioninfoex@@@Z
?GetPartitionStyle@CDMNodeObj@@QAE?AW4_PARTITIONSTYLE@@XZ
?IsDiskEmpty@CDMNodeObj@@QAEHXZ
?FindDiskPtrFromDiskId@CDataCache@@QAEH_JPAPAVCDMNodeObj@@@Z
??1CDataCache@@UAE@XZ
?RecalculateSpace@CDMNodeObj@@QAEXXZ
?FindRegionPtrFromRegionId@CDataCache@@QAEH_JPAPAVCDMNodeObj@@@Z
??0CDataCache@@QAE@XZ
?LoadData@CDMComponentData@@QAEXPAVCDMScopeNode@@J@Z
?CreateNodeObjAndAddToMap@CDataCache@@QAEPAVCDMNodeObj@@HW4_NODEOBJ_TYPES@@PAV1@PAX_J@Z
?GetStringFromRc@@YG?AVCString@@K@Z
?IsConvertSuccess@CDMNodeObj@@QAEJH@Z
?SetUIState@CTaskData@@QAEXK@Z
?GetDriveLetter@CDMNodeObj@@QAEXAAG@Z
?ConvertMBToBytes@@YG_J_J@Z
?IsCurrSystemVolume@CDMNodeObj@@QAEHXZ
?IsCurrBootVolume@CDMNodeObj@@QAEHXZ
?GetFlags@CDMNodeObj@@QAEJXZ
?GetRegionByOffset@CDMNodeObj@@QAEPAV1@_J@Z
?IsVolumeArrived@CDMNodeObj@@QAEJ_JW4_LAYOUT_TYPES@@@Z
?DeleteEncapsulateData@CDataCache@@QAEXPAUENCAPSULATE_DATA@@@Z
?GetDiskInfo@CDMNodeObj@@QAEHAAUdiskinfoex@@@Z
?EnumFirstVolumeMember@CDMNodeObj@@QAEXAAJ0@Z
?IsVolumeSimple@CDMNodeObj@@QAEHXZ
?GetUnallocSpace@CDMNodeObj@@QAE_JH@Z
?GetDiskSpec@CDMNodeObj@@QAEHAAUdiskspec@@@Z
?GetStartOffset@CDMNodeObj@@QAE_JXZ
?GetUsableContiguousSpaceInMB@CDMNodeObj@@QAE_JXZ
?OnlyContiguousExtendAllowed@CDMNodeObj@@QAEHXZ

dmutil

SafeLoadVdsService
DisplayErrorRgszw
ShowMessage

rpcrt4

UuidCreate

Exports

Exports

?AddLDMObjMapEntry@CDataCache@@QAEXPAU_LDM_OBJ_MAP_ENTRY@@@Z
?GetDiskCount@CDataCache@@QAEKXZ
?GetLdmObjectId@CDMNodeObj@@QAE_JXZ
?GetNumMembers@CDMNodeObj@@QAEKXZ
?GetOcxFrameCWndPtr@CTaskData@@QAEPAVCWnd@@XZ
?GetRegionColorStructPtr@CTaskData@@QAEXPAPAU_REGION_COLORS@@AAH@Z
?GetServerName@CDataCache@@QAE?AVCString@@XZ
?GetVolumeCount@CDataCache@@QAEKXZ
CreateDataCacheZ
CreateServerRequestsZ
LoadPropertyPageData

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe896b9344103bdd213c2b12095244f3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

atl

kernel32

user32

ole32

advapi32

setupapi

comctl32

dmdskmgr

dmutil

rpcrt4

Exports

Exports

Sections

.text Size: 133KB - Virtual size: 132KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 133KB - Virtual size: 132KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB