dwmredir[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

dwmredir.dll
Size

95KB
MD5

754afc50022c95da7c86b7020db78136
SHA1

11e6874e2ecc154501e6b857370044b32b1fad15
SHA256

81c58f303da2e0ec066261890c1d638ee02d2b579bbcb1bb398edf6a0eba671e
SHA512

e2e9632b740297af6bef9392981e703465899e96ac0ff09e0122f7aa07e5fbddcfce15436b4093f0a08d85b456b487eca784d3a2e3878aefb74472973252da10
SSDEEP

1536:H1dUt2kxOSUF939nwkP4HMqozIANMGFbBlPG9vSHAiZWJ/FLOw:Vy/OSEF5fZ1FFsSzZIiw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dwmredir.dll

Files

dwmredir.dll
.dll windows:6 windows x86 arch:x86

401f5d4f0a1a6d7b7c2af98dc7f09bed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dwmredir.pdb

Imports

msvcrt

_amsg_exit
free
malloc
_XcptFilter
_purecall
memcpy
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
memset
memmove
_initterm
_ftol2

ntdll

DbgPrintEx
DbgPrompt
NtQuerySystemInformation
RtlCaptureStackBackTrace
RtlDeleteElementGenericTable
RtlIsGenericTableEmpty
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
RtlInitializeGenericTable
NtQueryInformationProcess
EtwEventWrite
EtwEventUnregister
EtwEventRegister

api-ms-win-core-localregistry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

user32

GetWindowCompositionInfo
IsWindowInDestroy
ord1553
GhostWindowFromHungWindow
GetWindowRgnEx
GetWindowRect
IntersectRect
GetDC
ReleaseDC
GetClientRect
MapWindowPoints
InvalidateRect
IsWindow
EqualRect
PostMessageW
GetSystemMetrics
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetGuiResources
GetWindowCompositionAttribute

gdi32

CombineRgn
ord1007
OffsetRgn
GetRgnBox
GetRandomRgn
CreateRectRgnIndirect
DeleteObject
ord1001
CreateCompatibleBitmap
SelectObject
BitBlt
GetRegionData
DeleteDC
CreateDIBSection
ExtCreateRegion
CreateCompatibleDC
CreateRectRgn

dwmcore

MilCompositionEngine_GetComposedEventId
MilComposition_PeekNextMessage
MilComposition_WaitForNextMessage
MilCompositionEngine_GetFeedbackReader
MilConnection_CreateChannel
MilChannel_SetReceiveBroadcastMessages
MilConnection_DestroyChannel
MilTransport_AddRef
MilResource_DuplicateHandle
MilChannel_EndCommand
MilChannel_AppendCommandData
MilChannel_BeginCommand
MilChannel_CommitChannel
MilCompositionEngine_DeinitializePartitionManager
MilTransport_DisconnectTransport
MilTransport_ShutDownConnectionManager
MilTransport_Release
MilTransport_Create
MilTransport_InitializeConnectionManager
MilTransport_CreateSurfaceManager
MilCompositionEngine_InitializePartitionManager
MilChannel_GetMarshalType
MilVersionCheck
MilResource_ReleaseOnChannel
MilResource_CreateOrAddRefOnChannel
MilResource_SendCommand
MilComposition_SyncFlush
MilChannel_SendSyncCommand
MilCoreClientIsDwm

kernel32

ExitProcess
GetCurrentThreadId
GetModuleHandleW
IsDebuggerPresent
TerminateProcess
TerminateThread
GetCurrentThread
LoadLibraryExA
FreeLibrary
GetProcAddress
HeapFree
GetCurrentProcess
WaitForMultipleObjects
GetTickCount
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
Sleep
InterlockedCompareExchange
InterlockedDecrement
GetLastError
SetLastError
DisableThreadLibraryCalls
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
HeapAlloc
InterlockedExchange
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetProcessHeap
DebugBreak
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedIncrement
RegGetValueW
DelayLoadFailureHook

Exports

Exports

DwmInitializeTransport
DwmRedirectionManagerDispatchMessage
DwmRedirectionManagerEnableMMCSS
DwmRedirectionManagerFailMessage
DwmRedirectionManagerInitialize
DwmRedirectionManagerLockMemoryAllocations
DwmRedirectionManagerPlayingVideo
DwmRedirectionManagerSetClientChannel
DwmRedirectionManagerSetClientRenderTarget
DwmRedirectionManagerShouldRemainOnHibernate
DwmRedirectionManagerShutdown
DwmRedirectionManagerWaitForMultipleObjects
DwmShutdownTransport
DwmVersionCheck

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

401f5d4f0a1a6d7b7c2af98dc7f09bed

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-localregistry-l1-1-0

user32

gdi32

dwmcore

kernel32

Exports

Exports

Sections

.text Size: 79KB - Virtual size: 78KB

.data Size: 2KB - Virtual size: 7KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 79KB - Virtual size: 78KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 3KB - Virtual size: 3KB