DscCoreConfProv[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

DscCoreConfProv.dll
Size

136KB
MD5

925851e0ed4c938a72caa89cf77c09a3
SHA1

4eaf8354f3ee2766a6d911b235e50c9c4efdc633
SHA256

e82051d31156f3d2995c4d0cf6e2b0afd96d01d5cadd0b3fcff8a49d0c0fca8d
SHA512

4b13beaa1247e89a1f5846269163d7d3b3aad6af9b667a8fa5d4c8006661fb0b80b6c9d4a0358fa5ad0159bcd5ff037019337e5ea0d1a6eb1308b4cbbccf408e
SSDEEP

3072:Ef+gaJhsUH0u9Xfak2Ya9JUdoRXT1W0TM25I/2oJW:mY/akSaa79T/I/4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DscCoreConfProv.dll

Files

DscCoreConfProv.dll
.dll regsvr32 windows:10 windows x86 arch:x86

b432ed51eef6f5dfaa1bdb78b427d082

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DscCoreConfProv.pdb

Imports

msvcrt

wcscpy_s
_wmakepath_s
wcscat_s
_wcserror_s
swprintf_s
_wsplitpath_s
_wfopen_s
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
??0exception@@QAE@ABQBD@Z
fread
feof
_get_errno
fclose
ferror
_wfsopen
wcsncmp
wcspbrk
_wcsicmp
towlower
_vsnwprintf
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_purecall
__CxxFrameHandler3
malloc
free
fputws
memset

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadStringW
LoadLibraryExW
GetModuleHandleW
FreeLibrary
GetProcAddress

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-file-l1-1-0

FindFirstFileExW
FindClose
FindFirstFileW
DeleteFileW
CreateDirectoryW
WriteFile
GetFileSize
SetFileAttributesW
CreateFileW
ReadFile
FindNextFileW
RemoveDirectoryW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

mpr

WNetCancelConnection2W
WNetAddConnection2W

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsUNCServerW
PathFindNextComponentW
PathCombineW
PathIsRootW
PathCanonicalizeW
PathStripToRootW
PathRemoveFileSpecW
PathRemoveBackslashW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

cryptsp

CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash

mi

MI_Application_InitializeV1
mi_clientFT_V1

mimofcodec

MI_Application_NewSerializer_Mof
MI_Application_NewDeserializer_Mof

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObject

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-file-l2-1-2

CopyFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main
NITS_PRESENCE_STUB
NITS_STUB
NativeProviderTraps

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b432ed51eef6f5dfaa1bdb78b427d082

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

mpr

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

cryptsp

mi

mimofcodec

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-file-l2-1-2

Exports

Exports

Sections

.text Size: 119KB - Virtual size: 119KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 119KB - Virtual size: 119KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB