dmvdsitf[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

dmvdsitf.dll
Size

147KB
MD5

0d14fe1aa94e85dd4b819390da704c16
SHA1

17fb5272a9355984e1075bcb0686cb3c6a912ef8
SHA256

3e3adc24bffea83541880ce34943a2d32df720e147c6f3d372c8aafc6fec9cbb
SHA512

ac67a07e0365f5e9383fb8540fcf2ea41e996cda5d0db7793e70bd573e78932e17d0dd6cdec28f79f6cdf72a23c9bb8335ecc7cdfc111f454f34a4eb871ed22c
SSDEEP

3072:NlPMuAuCS8WHDHlos8MPuNeCg6zjZDl+9z0oUL5:7MSC0nuN2EjxI1O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dmvdsitf.dll

Files

dmvdsitf.dll
.dll windows:10 windows x86 arch:x86

5dc8a7eb4cb76949c0a07038ee01b088

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dmvdsitf.pdb

Imports

mfc42u

ord1165
ord4155
ord860
ord2997
ord290
ord614
ord2615
ord1203
ord1220
ord2099
ord861
ord6466
ord2719
ord2722
ord2721
ord3658
ord6390
ord5446
ord6379
ord5436
ord538
ord3998
ord4616
ord3574
ord2836
ord2637
ord1761
ord6211
ord2078
ord641
ord326
ord823
ord858
ord540
ord537
ord4418
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord2810
ord922
ord3131
ord4459
ord3254
ord3142
ord2977
ord825
ord6928
ord535
ord800
ord3348

msvcrt

memcpy
??1type_info@@UAE@XZ
memcmp
__CxxFrameHandler3
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
memset
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
wcschr
malloc
wcscpy_s
free
iswalpha
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_vsnprintf
_wcsicmp
_vsnwprintf
_wtol
wcsncmp
swscanf
_wtoi
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
memmove_s
memcpy_s

atl

ord30

kernel32

TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeviceIoControl
CreateFileW
lstrlenW
GetDriveTypeW
lstrcmpiW
FreeLibrary
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentThread
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetThreadId
WaitForSingleObject
CloseHandle
Sleep
GetLastError
GetCurrentThreadId
SetEvent
LoadLibraryW
CreateEventW
CreateThread
WaitForMultipleObjects
IsDebuggerPresent
GetCurrentProcessId
GetWindowsDirectoryW

user32

BringWindowToTop
PostThreadMessageW
UpdateWindow
GetMessageW
DispatchMessageW
TranslateMessage
RegisterWindowMessageW
LoadImageW
PostMessageW
PeekMessageW
LoadStringW
MessageBeep

ole32

CoMarshalInterThreadInterfaceInStream
CoTaskMemFree
CoGetInterfaceAndReleaseStream
CoInitialize
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoTaskMemAlloc

gdi32

DeleteObject

advapi32

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDeviceInterfaceW
SetupDiGetClassDevsExW

comctl32

ImageList_Create
ImageList_AddMasked

dmdskmgr

??1CDataCache@@UAE@XZ
?GetObjectId@CDMNodeObj@@QAEXAA_J@Z
?DeleteLists@CDataCache@@QAEXXZ
?EmptyOcxViewData@CDMComponentData@@QAEXPAVCDMScopeNode@@@Z
?ReloadData@CDMComponentData@@QAEXPAVCDMScopeNode@@@Z
?IsPreLonghornVdsVersion@CDataCache@@QAEHXZ
?AddRow@CDMComponentData@@QAEXPAVCDMScopeNode@@J@Z
??0CDataCache@@QAE@XZ
?DeleteRow@CDMComponentData@@QAEXPAVCDMScopeNode@@J@Z
?RecalculateSpace@CDMNodeObj@@QAEXXZ
?ChangeRow@CDMComponentData@@QAEXPAVCDMScopeNode@@J@Z
?FindRegionPtrFromRegionId@CDataCache@@QAEH_JPAPAVCDMNodeObj@@@Z
?AdjustRegionCountInLegendList@CDataCache@@QAEXW4_REGIONTYPE@@HPAVCTaskData@@@Z
?AdjustVolumeCountInLegendList@CDataCache@@QAEXW4_VOLUMELAYOUT@@HPAVCTaskData@@@Z
?GetVolumeInfo@CDMNodeObj@@QAEHAAUvolumeinfo@@@Z
?SetDriveLetterInUse@CDataCache@@QAEXGH@Z
?GetSizeMB@CDMNodeObj@@QAEXAA_J@Z
?RefreshDiskView@CDMComponentData@@QAEXPAVCDMScopeNode@@@Z
?GetComponentData@CDataCache@@QAEPAVCDMComponentData@@XZ
?FindDiskPtrFromDiskId@CDataCache@@QAEH_JPAPAVCDMNodeObj@@@Z
?GetPartitionStyle@CDMNodeObj@@QAE?AW4_PARTITIONSTYLE@@XZ
?GetParentDiskPtr@CDMNodeObj@@QAEPAV1@XZ
?GetRegionInfo@CDMNodeObj@@QAEHAAUregioninfoex@@@Z
?GetParentVolumePtr@CDMNodeObj@@QAEPAV1@XZ
?EnumDiskRegions@CDMNodeObj@@QAEXPAPAJAAJ@Z
?AddFileSystemInfoToCache@CDataCache@@QAEXKPAUfilesysteminfo@@@Z
?IsDiskEmpty@CDMNodeObj@@QAEHXZ
?CreateRegionNodeObj@CDataCache@@QAEPAVCDMNodeObj@@PAV2@PAUregioninfoex@@@Z
?GetDeviceType@CDMNodeObj@@QAEKXZ
?DoRevertToNT4@CContextMenu@@QAEXJH@Z
?FindDriveLetter@CDataCache@@QAEH_JAAG@Z
?GetMMCWindow@CDMComponentData@@QAEPAUHWND__@@XZ
?LoadData@CDMComponentData@@QAEXPAVCDMScopeNode@@J@Z
?CreateNodeObjAndAddToMap@CDataCache@@QAEPAVCDMNodeObj@@HW4_NODEOBJ_TYPES@@PAV1@PAX_J@Z
?SetUIState@CTaskData@@QAEXK@Z
?GetDriveLetter@CDMNodeObj@@QAEXAAG@Z
?IsConvertSuccess@CDMNodeObj@@QAEJH@Z
?IsVolumeSimple@CDMNodeObj@@QAEHXZ
?GetStartOffset@CDMNodeObj@@QAE_JXZ
?IsVolumeArrived@CDMNodeObj@@QAEJ_JW4_LAYOUT_TYPES@@@Z
?EnumFirstVolumeMember@CDMNodeObj@@QAEXAAJ0@Z
?GetUnallocSpace@CDMNodeObj@@QAE_JH@Z
?DeleteEncapsulateData@CDataCache@@QAEXPAUENCAPSULATE_DATA@@@Z
?GetDiskSpec@CDMNodeObj@@QAEHAAUdiskspec@@@Z
?OnlyContiguousExtendAllowed@CDMNodeObj@@QAEHXZ
?GetUsableContiguousSpaceInMB@CDMNodeObj@@QAE_JXZ
?GetDiskInfo@CDMNodeObj@@QAEHAAUdiskinfoex@@@Z
?IsCurrSystemVolume@CDMNodeObj@@QAEHXZ
?IsCurrBootVolume@CDMNodeObj@@QAEHXZ
?GetFlags@CDMNodeObj@@QAEJXZ
?GetRegionByOffset@CDMNodeObj@@QAEPAV1@_J@Z

dmutil

SafeLoadVdsService
DisplayErrorRgszw
ShowMessage

rpcrt4

UuidCreate

Exports

Exports

?AddLDMObjMapEntry@CDataCache@@QAEXPAU_LDM_OBJ_MAP_ENTRY@@@Z
?GetDiskCount@CDataCache@@QAEKXZ
?GetLdmObjectId@CDMNodeObj@@QAE_JXZ
?GetNumMembers@CDMNodeObj@@QAEKXZ
?GetOcxFrameCWndPtr@CTaskData@@QAEPAVCWnd@@XZ
?GetRegionColorStructPtr@CTaskData@@QAEXPAPAU_REGION_COLORS@@AAH@Z
?GetServerName@CDataCache@@QAE?AVCString@@XZ
?GetVolumeCount@CDataCache@@QAEKXZ
CreateDataCacheZ
CreateServerRequestsZ
LoadPropertyPageData

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dc8a7eb4cb76949c0a07038ee01b088

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

atl

kernel32

user32

ole32

gdi32

advapi32

setupapi

comctl32

dmdskmgr

dmutil

rpcrt4

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 128KB

.data Size: 1024B - Virtual size: 1KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 128KB - Virtual size: 128KB

.data
Size: 1024B - Virtual size: 1KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB