DscCoreConfProv[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

DscCoreConfProv.dll
Size

137KB
MD5

6cba7d540a9f125326daa597b65f230e
SHA1

4d1655fe074de8300c6404d9b8127dcf70dc7d3d
SHA256

85a72d563e892ce21cfe4f0fd92deee5a3d0b834c3a9d660aace38471684bea8
SHA512

980a8227ebada7327aa9a9b25375f932e806ce87d56066e4a75434c90620af53635b9b12cb7ff707291d56eb669831d37d031993a879f7feeb08afe0dd0ef60c
SSDEEP

3072:vAvhsUH0Heh9wrVOgrAKc0uO4R3R7CIxo:opqJOgrc5NRBx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DscCoreConfProv.dll

Files

DscCoreConfProv.dll
.dll regsvr32 windows:10 windows x86 arch:x86

e9e5b76d616b4ea17da011bb4ac197b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DscCoreConfProv.pdb

Imports

msvcrt

fputws
_wmakepath_s
_wfopen_s
wcscat_s
_wsplitpath_s
wcscpy_s
swprintf_s
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
fread
feof
_get_errno
fclose
ferror
_wfsopen
wcsncmp
wcspbrk
??0exception@@QAE@ABQBD@Z
_wcsicmp
towlower
_vsnwprintf
memmove_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
memcpy_s
malloc
free
_wcserror_s
memset

kernel32

RemoveDirectoryW
GetSystemDirectoryW
GetLastError
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
LoadLibraryExW
HeapFree
HeapAlloc
GetProcessHeap
FindFirstFileExW
FindNextFileW
ExpandEnvironmentStringsW
FindClose
GetComputerNameW
ReadFile
CreateFileW
CloseHandle
GetFileSize
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
OutputDebugStringA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
SetFileAttributesW
FileTimeToSystemTime
DeleteFileW
WriteFile
FindFirstFileW
FormatMessageW
OpenSemaphoreW
ReleaseSemaphore
CreateDirectoryW
CopyFileW
SetLastError
GetModuleHandleW
LocalFree
WaitForSingleObject

advapi32

RegOpenKeyExW
RegCloseKey
EventUnregister
EventRegister
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
EventWrite
RegQueryValueExW

shlwapi

PathStripToRootW
PathCanonicalizeW
PathRemoveBackslashW
PathCombineW
PathFindNextComponentW
PathRemoveFileSpecW
PathIsUNCServerW
PathIsRootW

mpr

WNetAddConnection2W
WNetCancelConnection2W

mi

MI_Application_InitializeV1
mi_clientFT_V1

mimofcodec

MI_Application_NewDeserializer_Mof
MI_Application_NewSerializer_Mof

user32

LoadStringW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main
NITS_PRESENCE_STUB
NITS_STUB
NativeProviderTraps

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9e5b76d616b4ea17da011bb4ac197b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

shlwapi

mpr

mi

mimofcodec

user32

Exports

Exports

Sections

.text Size: 123KB - Virtual size: 122KB

.data Size: 1024B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 123KB - Virtual size: 122KB

.data
Size: 1024B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB