MrmDeploy[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

MrmDeploy.dll
Size

305KB
MD5

7794c224b6a49a5550d95c35bb28fe56
SHA1

3b3b1053f6dc7178f05249b3888c3dbc72ee9a10
SHA256

8703697d326f2648fe45fdcbe68ec8f00f87a61ee883c0f751ed6f0248311f01
SHA512

a6ef8059286044f8ba95a3995a4718b5b359efd2294de68c266b79352d3fccb69edc907c5913d961ba1198fa65645c871ba787c702b1c176cd8d8f671f3545e9
SSDEEP

6144:+dqTiQ1e+TDC+jVJRHNruFNTrgsO05UTp2Lpk3Oqtmvzpnd5NFn9bbneENgUoXMZ:Y/dN805Ux+vXGgR7ccVUZNo

Score

1^/10

Malware Config

Signatures

Files

MrmDeploy.dll
.dll windows:10 windows x86 arch:x86

be59d36681847b07a468a8da80033546

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c9:f4:6e:09:3b:74:0e:53:81:a7:a9:24:57:20:a0:ab:65:4b:75:f3:33:9c:ff:51:a7:db:7d:20:64:4f:47:a8
Signer

Actual PE Digest

c9:f4:6e:09:3b:74:0e:53:81:a7:a9:24:57:20:a0:ab:65:4b:75:f3:33:9c:ff:51:a7:db:7d:20:64:4f:47:a8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MrmDeploy.pdb

Imports

msvcrt

wcsncpy_s
_wcsnicmp
iswspace
wcsrchr
malloc
free
_ui64tow_s
wcsstr
isalpha
iswalnum
qsort_s
_XcptFilter
_wcsicmp
towlower
towupper
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
wcscpy_s
iswdigit
_lock
wprintf
wcschr
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_vsnprintf_s
memcpy_s
??3@YAXPAX@Z
_unlock
__dllonexit
_onexit
_except_handler4_common
_vsnwprintf
_purecall
memcmp
memmove
memcpy
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
_amsg_exit
toupper
_CxxThrowException
_wtoi
__CxxFrameHandler3
_ftol2
memset

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-appmodel-runtime-l1-1-0

PackageFamilyNameFromId
PackageIdFromFullName

api-ms-win-appmodel-runtime-l1-1-1

GetStagedPackagePathByFullName
GetPackagePathByFullName

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-file-l1-1-0

GetFinalPathNameByHandleW
GetFileAttributesExW
FindClose
CreateFileW
DeleteFileW
GetFileAttributesW
WriteFile
FlushFileBuffers
FindFirstFileW
ReadFile
GetFileSizeEx

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoGetActivationFactory

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadPreferredUILanguages

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetTickCount
GetSystemTimeAsFileTime

appxdeploymentclient

ord38

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-heap-l2-1-0

LocalAlloc

Exports

Exports

DllMain
GetCanonicalMergedPriFileName
GetCanonicalMergedPriFileNameForPackages
GetInitInfoByPackageFullName
GetOrCreatePriFileForApplicablePackages
GetOrCreatePriFileForAvailablePackages
GetOrCreatePriFileForRelatedPackages
GetPriFileForPackageOnly
MergeRelatedPriFiles

Sections

.text
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be59d36681847b07a468a8da80033546

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

c9:f4:6e:09:3b:74:0e:53:81:a7:a9:24:57:20:a0:ab:65:4b:75:f3:33:9c:ff:51:a7:db:7d:20:64:4f:47:a8Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-provider-l1-1-0

api-ms-win-appmodel-runtime-l1-1-0

api-ms-win-appmodel-runtime-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

appxdeploymentclient

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-heap-l2-1-0

Exports

Exports

Sections

.text Size: 266KB - Virtual size: 266KB

.data Size: 1024B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 17KB - Virtual size: 17KB

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

c9:f4:6e:09:3b:74:0e:53:81:a7:a9:24:57:20:a0:ab:65:4b:75:f3:33:9c:ff:51:a7:db:7d:20:64:4f:47:a8
Signer

.text
Size: 266KB - Virtual size: 266KB

.data
Size: 1024B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 17KB - Virtual size: 17KB