CIWmi[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

CIWmi.dll
Size

31KB
MD5

40d4c464c8a9dc8115692ed8349b0689
SHA1

e8a5198d46c645911d8e13681dce2acb972d5a06
SHA256

a089cd83613fa42a2029d45b52a6ced1298d68c046c251be5f22d70aba316df7
SHA512

c8fea9adf80780c05739ddcd4f36f5707b257af91667d24bdde2b41fff4ebb1058a23695b699869c69d219bf4e8097ee627a68da42ef6e4d4b16f62e927db430
SSDEEP

768:vYlvGUlUVyjO40bMnJwvc8GRG0qKtDj/VY:glvGU+QO5bQJwvc8GBt3/VY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CIWmi.dll

Files

CIWmi.dll
.dll regsvr32 windows:10 windows x86 arch:x86

01eafb68f1b4ea0063e752ed5ea29f54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CIWmi.pdb

Imports

msvcrt

_amsg_exit
_lock
_unlock
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
__dllonexit
??0exception@@QAE@ABV0@@Z
_onexit
??1type_info@@UAE@XZ
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
_purecall
??3@YAXPAX@Z
_initterm
_wcsicmp
wcscat_s
_except_handler4_common
__CxxFrameHandler3
malloc
memcmp
free
swprintf_s
??1exception@@UAE@XZ
memset

api-ms-win-core-file-l1-1-0

DeleteFileW
GetFileSize
CreateFileW
WriteFile
ReadFile

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetCurrentThread
GetCurrentProcessId
OpenThreadToken

api-ms-win-core-com-l1-1-0

CoRevertToSelf
CoImpersonateClient

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

AccessCheck

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetSystemWindowsDirectoryW

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
DisableThreadLibraryCalls
FreeLibrary

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l2-1-0

CopyFileExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

ntdll

RtlNtStatusToDosError
NtSetSystemInformation
NtQuerySystemInformation
RtlNtStatusToDosErrorNoTeb

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01eafb68f1b4ea0063e752ed5ea29f54

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-file-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

ntdll

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB