devinv[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

devinv.dll
Size

522KB
MD5

1dddb9562c294035143589e804fe759e
SHA1

80471216a4dd6f9602132e51c809a7a42180f351
SHA256

ec5bc2fd1ca76cefd00e34a63377928c1b1fdf9f7d087e5ddce8d20a6dc154e5
SHA512

bec8f47a9fcaab1792bdf39a430039dfcef1de595a24d78f14192eb81d13a5c34b7a391f5d1c2c96bd74c92d2268b892af817c44afafc85acc817ceb66eef077
SSDEEP

6144:LwJBOjPkq1XhrCkfnjke5pYTNSkuKyfCOu5bwHi9/LNfgxnVmnCGvWXvxdHXbVq7:M6JrBnNf4xClFVB+4IU904rc93POjtC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
devinv.dll

Files

devinv.dll
.dll .vbs windows:10 windows x86 arch:x86 polyglot

eace14ee1db0e2a021bff32f5415d991

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DevInv.pdb

Imports

msvcrt

tolower
iswprint
realloc
_mktime64
iswalnum
?what@exception@@UBEPBDXZ
_beginthreadex
swscanf_s
memmove
_getmbcp
_wsplitpath_s
_except_handler4_common
??_V@YAXPAX@Z
strstr
wcstok_s
strtol
??1type_info@@UAE@XZ
_errno
_set_errno
?terminate@@YAXXZ
_onexit
fprintf
__dllonexit
_unlock
_lock
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnprintf_s
ldiv
_callnewh
_CxxThrowException
wcscat_s
wcscpy_s
wcschr
_wcsnicmp
memcpy
memcmp
sprintf_s
_vsnprintf
iswalpha
strnlen
wcsrchr
strchr
_ui64tow_s
__iob_func
towlower
towupper
_vsnwprintf_s
wcstoul
_wctime64
_purecall
??3@YAXPAX@Z
strcpy_s
??0exception@@QAE@ABQBD@Z
strncpy_s
??0exception@@QAE@ABV0@@Z
strncmp
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_wcsicmp
memcpy_s
wcsstr
_wcslwr
_vsnwprintf
__CxxFrameHandler3
wcsncmp
memset

kernel32

InitializeCriticalSectionEx
DeleteFileW
CreateMutexW
ReleaseMutex
GetTempPathW
GetTempFileNameW
GetModuleFileNameA
HeapFree
MoveFileExW
GetModuleHandleExW
GetCurrentThreadId
FormatMessageW
HeapAlloc
GetProcAddress
CreateActCtxW
QueryActCtxW
ReleaseActCtx
SetLastError
WriteFile
OutputDebugStringA
GetModuleFileNameW
CreateFileW
GetLastError
CloseHandle
FreeLibrary
WaitForSingleObject
VerSetConditionMask
LoadLibraryExW
CreateDirectoryW
EnterCriticalSection
ExpandEnvironmentStringsW
LeaveCriticalSection
InitializeCriticalSection
QueryThreadCycleTime
CreateEventW
GetTickCount64
GetCurrentThread
DeleteCriticalSection
VerifyVersionInfoW
ReadFile
WaitForSingleObjectEx
GetFileAttributesW
MultiByteToWideChar
GetSystemFirmwareTable
GetFileSize
GetVolumeInformationW
DeviceIoControl
WaitForMultipleObjects
FreeLibraryAndExitThread
GetVersionExW
GetSystemDirectoryW
GetSystemDefaultLangID
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetSystemInfo
ResetEvent
GetWindowsDirectoryW
GetComputerNameW
GlobalMemoryStatusEx
QueryFullProcessImageNameW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
K32GetModuleFileNameExW
SetDllDirectoryW
OpenSemaphoreW
lstrcmpiW
CreateMutexExW
IsWow64Process
SetEvent
AcquireSRWLockExclusive
ReleaseSemaphore
LoadLibraryExA
OpenWaitableTimerW
FindFirstFileW
FindNextFileW
FindClose
CreateSemaphoreW
CancelWaitableTimer
SleepEx
OpenEventW
SetWaitableTimer
CreateWaitableTimerW
OutputDebugStringW
DelayLoadFailureHook
WakeAllConditionVariable
GetTickCount
GetSystemTimeAsFileTime
K32EnumDeviceDrivers
K32GetDeviceDriverFileNameW
GetNativeSystemInfo
SleepConditionVariableSRW
GetProcessHeap
LocalAlloc
LocalFree
CreateSemaphoreExW
GetSystemWindowsDirectoryW
IsDebuggerPresent
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ReleaseSRWLockExclusive
GetFileTime
lstrcmpA
GetModuleHandleW
DebugBreak
GetCurrentProcessId
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter

fltlib

FilterFindFirst
FilterFindNext
FilterFindClose

setupapi

SetupDiGetClassDevsW
SetupGetInfDriverStoreLocationW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

advapi32

RegDeleteKeyValueW
RegSetKeySecurity
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
SetSecurityDescriptorDacl
SetEntriesInAclW
InitializeSecurityDescriptor
EventRegister
EventWriteTransfer
RegGetValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
IsTextUnicode
CryptAcquireContextW
CryptReleaseContext
RegOpenKeyW
RegDeleteValueW
RegDeleteTreeW
RegSaveKeyExW
RegSetKeyValueW
RegDeleteKeyExW
RegLoadAppKeyW
RegFlushKey
RegDeleteKeyW
RegLoadKeyW
RegUnLoadKeyW
SetSecurityDescriptorOwner
CryptCreateHash
EventUnregister
CryptHashData
CryptGetHashParam
CryptDestroyHash
OpenSCManagerW
CloseServiceHandle
EnumServicesStatusExW
RegEnumKeyExW
OpenServiceW
QueryServiceConfigW

ole32

StringFromGUID2
PropVariantClear
CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
IIDFromString
CoInitializeEx
CoUninitialize

oleaut32

SafeArrayGetElement
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString
SysStringByteLen
VariantClear

shlwapi

PathCommonPrefixW
PathFindFileNameW

winspool.drv

EnumPrinterDriversW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

devobj

DevObjOpenDeviceInfo
DevObjCreateDeviceInfoList
DevObjGetClassProperty
DevObjGetClassDevs
DevObjDestroyDeviceInfoList
DevObjEnumDeviceInterfaces
DevObjGetDeviceInterfaceDetail
DevObjGetDeviceProperty
DevObjEnumDeviceInfo

iphlpapi

GetAdaptersInfo
GetNetworkParams

ntdll

NtQuerySystemTime
WinSqmIsOptedInEx
RtlImageDirectoryEntryToData
RtlVerifyVersionInfo
LdrResSearchResource
RtlTimeToTimeFields
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlInitString
RtlSecondsSince1970ToTime
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlFreeUnicodeString
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlGetVersion
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEqualString
ZwClose
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlLeaveCriticalSection
RtlNtStatusToDosError
NtQuerySystemInformation
RtlAllocateAndInitializeSid
RtlFreeSid
NtQueryLicenseValue
RtlAdjustPrivilege
NtQueryKey
RtlRandomEx
RtlStringFromGUID
RtlDosPathNameToRelativeNtPathName_U
NtLoadKeyEx
RtlReleaseRelativeName
EtwTraceMessage
RtlFreeHeap
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlReAllocateHeap
RtlAllocateHeap
RtlDeleteCriticalSection

crypt32

CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CryptMsgGetParam
CryptQueryObject
CryptDecodeObject
CertGetNameStringW
CertGetCertificateContextProperty
CertDuplicateCertificateContext

wintrust

CryptCATClose
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATEnumerateCatAttr
CryptCATOpen
CryptCATAdminEnumCatalogFromHash
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
WTHelperGetProvSignerFromChain

rpcrt4

UuidCreate

dbghelp

ImageNtHeader
ImageDirectoryEntryToData

Exports

Exports

CreateDeviceInventory
CreateDeviceInventoryTC
CreateDeviceInventoryTC2
GetDevInventory
ReportDeviceAdd
ReportDeviceRemove
RunDeviceInventoryW
SetDevInvDebugCorrelationVector

Sections

.text
Size: 469KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eace14ee1db0e2a021bff32f5415d991

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

fltlib

setupapi

advapi32

ole32

oleaut32

shlwapi

winspool.drv

version

devobj

iphlpapi

ntdll

crypt32

wintrust

rpcrt4

dbghelp

Exports

Exports

Sections

.text Size: 469KB - Virtual size: 469KB

.data Size: 4KB - Virtual size: 12KB

.idata Size: 10KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 64B

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 31KB - Virtual size: 30KB

.text
Size: 469KB - Virtual size: 469KB

.data
Size: 4KB - Virtual size: 12KB

.idata
Size: 10KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 64B

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 31KB - Virtual size: 30KB