DeviceCenter[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

DeviceCenter.dll
Size

380KB
MD5

524d37217773ec7fa7b0b6a5312d4a9c
SHA1

b273336192619a5957ad089c50b89ed11a6ed9bd
SHA256

b4974ff60afb8c191bedd288cdba1d44d2a4bad924aedb82e97d042151ece229
SHA512

e028a0ae4dfc0cb5de53aa5455868da1f756bf2935c26d2fa9f9dfd5b24d6d57a6a607f045ea3aa05ff573f6ee462e24ee1ae85a60a4da154892e34ed0a82076
SSDEEP

6144:rQshtry8XJzHQF+nmcuu6TA5qG64yPP6dg33x1KrN:rZPry85zHQF+nluuwmqz46Plv2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DeviceCenter.dll

Files

DeviceCenter.dll
.dll windows:10 windows x86 arch:x86

d2e81052da89e566b01bafca677e6f3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DeviceCenter.pdb

Imports

msvcrt

_vsnwprintf
_except_handler4_common
__CxxFrameHandler3
realloc
_errno
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
memcmp
memset
wcsncmp
wcstok_s
_wcsicmp
wcsstr
wcsncpy_s
malloc
free
memcpy_s
_XcptFilter
memcpy

propsys

PropVariantCompareEx
PSPropertyBag_WriteBSTR
PSPropertyBag_WritePropertyKey
PSPropertyBag_WriteStream
ord408
PSPropertyBag_ReadBOOL
PropVariantChangeType
PropVariantToVariant
InitPropVariantFromResource
PropVariantToString
PSPropertyBag_WriteDWORD
PSPropertyBag_WriteStr
PSCreateMemoryPropertyStore
PSGetPropertyDescription
VariantCompare
PSPropertyBag_ReadPropertyKey
PSPropertyBag_ReadInt
PSPropertyBag_ReadBSTR
ord417
PropVariantToStringAlloc
InitPropVariantFromStringAsVector
PSGetPropertyFromPropertyStorage
PSPropertyBag_ReadStream

shell32

SHGetIDListFromObject
ord25
ord155
ord19
ShellExecuteW
ord100
ord763
ord18
SHBindToParent
SHBindToFolderIDListParent
ord256
SHCreateDefaultContextMenu
AssocCreateForClasses
SHCreateDataObject
SHCreateDefaultExtractIcon
SHGetIconOverlayIndexW
ord702
ShellExecuteExW
SHGetDesktopFolder
ord893
ord77
ord727
ord153
DuplicateIcon
SHCreateItemFromIDList
SHChangeNotify
SHCreateShellItemArrayFromIDLists
SHCreateShellItemArrayFromDataObject
ord16

shlwapi

ord197
ord344
StrPBrkW
ord215
UrlEscapeW
UrlUnescapeW
ord615
ord199
ord184
ord12
ord212
ord213
ord158
StrToIntW
PathParseIconLocationW
StrRetToBufW
ord219
StrChrW
ord619
SHStrDupW
ord16
ord176
ord384

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameW
FindResourceExW
GetModuleHandleExW
SizeofResource
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls
GetModuleFileNameA
LoadStringW
LoadResource
FreeLibrary
LockResource

api-ms-win-core-synch-l1-2-0

WakeConditionVariable
SleepConditionVariableSRW
WaitForSingleObject
InitializeConditionVariable
ReleaseMutex
CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
InitOnceComplete
Sleep
InitOnceBeginInitialize
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ResetEvent
InitializeSRWLock
ReleaseSemaphore
DeleteCriticalSection
SetEvent
CreateEventW
ReleaseSRWLockShared
AcquireSRWLockShared
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection

api-ms-win-core-heap-l1-2-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-1

SetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-com-l1-1-1

CoWaitForMultipleHandles
CoGetApartmentType
PropVariantCopy
StringFromGUID2
CoInitializeEx
CoTaskMemFree
CoGetMalloc
CoUninitialize
PropVariantClear
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
CreateThread
GetCurrentProcess

api-ms-win-core-localization-l1-2-1

GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-1

OutputDebugStringA
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VarUI4FromStr
VariantClear
VariantInit
SysAllocString
SysFreeString
SafeArrayGetElement

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableFlags
RegisterTraceGuidsW
TraceMessage
GetTraceEnableLevel
UnregisterTraceGuids

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventWrite
EventEnabled
EventUnregister
EventWriteTransfer

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryW
FindResourceW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-devices-query-l1-1-1

DevCreateObjectQuery
DevCloseObjectQuery
DevGetObjectProperties
DevFreeObjectProperties

comctl32

ImageList_Destroy
HIMAGELIST_QueryInterface
ImageList_ReplaceIcon
ImageList_Create
ord381
DestroyPropertySheetPage
CreatePropertySheetPageW
ord332
ord328
ord334
ord329
ord386

gdi32

CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject

kernel32

lstrcmpiW
lstrlenW

ntdll

WinSqmIncrementDWORD
WinSqmAddToStreamEx
WinSqmAddToStream
WinSqmSetDWORD
WinSqmIsOptedIn

user32

DestroyIcon
DestroyMenu
RemoveMenu
GetSubMenu
LoadMenuW
GetForegroundWindow
GetParent
SetMenuItemInfoW
SetWindowLongW
SetDlgItemTextW
EnableWindow
GetDlgItem
PostMessageW
SendMessageW
GetWindowRect
ScreenToClient
BeginDeferWindowPos
MapWindowPoints
DeferWindowPos
EndDeferWindowPos
UnregisterClassA
GetSystemMetrics
GetDC
ReleaseDC
GetMenuInfo
SetMenuInfo

dui70

UnInitProcessPriv
UnInitThread
InitThread
InitProcessPriv

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2e81052da89e566b01bafca677e6f3b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

propsys

shell32

shlwapi

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-profile-l1-1-0

api-ms-win-devices-query-l1-1-1

comctl32

gdi32

kernel32

ntdll

user32

dui70

Exports

Exports

Sections

.text Size: 149KB - Virtual size: 149KB

.data Size: 512B - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 210KB - Virtual size: 210KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 149KB - Virtual size: 149KB

.data
Size: 512B - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 210KB - Virtual size: 210KB

.reloc
Size: 10KB - Virtual size: 10KB