PortableDeviceClassExtension[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

PortableDeviceClassExtension.dll
Size

112KB
MD5

64b902c6e3c7b53c345d9ebfc37d4e3f
SHA1

793563135850e187d543017f0b68ebdd354e7d02
SHA256

fc47a283a646d27e3bc88a49b299838c02f7434a7d3836c744d31b91eda4a5bf
SHA512

5159d75a8604efe3117e04987d9c1b2b147466fa6d50daf14d40afdc747db6b80c6abc4fce1c7c52a90c897801d4e17065a4b290bc373aa083c83c8a11ba1520
SSDEEP

1536:q+E9aLCv4r3c/hv/Do2hy2pPYFeCy5it6zOAp8T3lx3cYJ8VX5XQCwlkZ6WWOE4r:dE9amAdZ2pAF/ApU3lpVmJQCwC67u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PortableDeviceClassExtension.dll

Files

PortableDeviceClassExtension.dll
.dll regsvr32 windows:10 windows x86 arch:x86

aada536212ad565396623aa4eac639e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PortableDeviceClassExtension.pdb

Imports

msvcrt

_except_handler4_common
_onexit
wcsncpy_s
_unlock
_lock
realloc
_errno
??1type_info@@UAE@XZ
_initterm
_amsg_exit
_XcptFilter
memset
_callnewh
vswprintf_s
_vscwprintf
memmove_s
_wcsicmp
_vsnwprintf
_purecall
wcscat_s
wcscpy_s
memcpy_s
free
malloc
__dllonexit
_CxxThrowException
__CxxFrameHandler3
memcmp

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
UnregisterTraceGuids
RegisterTraceGuidsW
TraceMessage

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
DisableThreadLibraryCalls
LockResource
GetProcAddress
GetModuleHandleW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-1

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey

api-ms-win-core-synch-l1-2-0

Sleep
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateEventW
SetEvent
OpenEventW
WaitForSingleObject

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
CreateThread
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-heap-l1-2-0

HeapFree
HeapReAlloc
HeapSize
HeapDestroy
HeapAlloc
GetProcessHeap

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

advapi32

GetSecurityInfo

kernel32

lstrcmpiW

user32

UnregisterClassA

rpcrt4

NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
NdrDllGetClassObject
NdrDllRegisterProxy
CStdStubBuffer_Connect
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
NdrDllUnregisterProxy
NdrCStdStubBuffer_Release
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
CStdStubBuffer_DebugServerRelease
IUnknown_Release_Proxy

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Microsoft_WDF_UMDF_Version

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aada536212ad565396623aa4eac639e2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-heap-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-debug-l1-1-1

advapi32

kernel32

user32

rpcrt4

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 54KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 92B

.rsrc Size: 47KB - Virtual size: 47KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 54KB - Virtual size: 54KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 92B

.rsrc
Size: 47KB - Virtual size: 47KB

.reloc
Size: 4KB - Virtual size: 3KB