PlayToDevice[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PlayToDevice.dll
Size

275KB
MD5

f362221f825431afad14c9bc6990c80a
SHA1

7e102c00ff80757c30e5d22e56eae6615508657c
SHA256

c6f7c87fbdacd118df535b5145b5887a3cea8b794948c80ec7db14328b2d023a
SHA512

c47ebe69c8b550a1ff905b6c4055aa9161e3a94fe8fb1295eddd9b02128482b49378305b57d9e1f0acc2dba9050aed910ce10883782143f5884285cc6627cc73
SSDEEP

6144:LJUx4QdoDZjaVTaLmHSeriDcLzDwON65CNL8pxniFy:m4QmVjaVRSjDiAA65+8pxnik

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PlayToDevice.dll

Files

PlayToDevice.dll
.dll windows:10 windows x86 arch:x86

6e6cee1808522e50761b12f30e370f28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PlayToDevice.pdb

Imports

msvcrt

isalnum
towupper
_wcsnicmp
memmove_s
_purecall
memcpy_s
_ultow_s
_vsnwprintf
_callnewh
iswalpha
wcsstr
memcpy
realloc
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
_initterm
_amsg_exit
_XcptFilter
iswdigit
malloc
??_V@YAXPAX@Z
free
wcschr
memcmp
_ftol2
memset

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
DeleteCriticalSection
EnterCriticalSection
WaitForSingleObject
InitializeCriticalSectionEx
InitializeSRWLock
InitializeCriticalSection
LeaveCriticalSection
ResetEvent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
SetEvent
CreateEventW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
GetProcessId
GetCurrentThread

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleExW

rpcrt4

CStdStubBuffer_CountRefs
I_RpcOpenClientProcess
IUnknown_AddRef_Proxy
NdrStubCall2
NdrStubForwardingFunction
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
CStdStubBuffer_Connect
NdrCStdStubBuffer2_Release
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
NdrOleFree
CStdStubBuffer_AddRef
CStdStubBuffer_Disconnect
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerRelease
NdrOleAllocate

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient26
ObjectStublessClient27
ObjectStublessClient16
ObjectStublessClient8
ObjectStublessClient6
NdrProxyForwardingFunction5
NdrProxyForwardingFunction4
ObjectStublessClient29
ObjectStublessClient21
ObjectStublessClient17
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction3
ObjectStublessClient13
ObjectStublessClient7
CStdStubBuffer2_Disconnect
ObjectStublessClient10
CStdStubBuffer2_Connect
ObjectStublessClient18
ObjectStublessClient24
ObjectStublessClient25
ObjectStublessClient28
ObjectStublessClient19
ObjectStublessClient20
ObjectStublessClient15
ObjectStublessClient12
ObjectStublessClient31
ObjectStublessClient14
ObjectStublessClient11
CStdStubBuffer2_CountRefs
ObjectStublessClient30
ObjectStublessClient9
ObjectStublessClient22
ObjectStublessClient3
ObjectStublessClient23

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
FreeLibraryWhenCallbackReturns
TrySubmitThreadpoolCallback
SetThreadpoolTimer

api-ms-win-core-kernel32-legacy-l1-1-1

PowerSetRequest
PowerClearRequest
PowerCreateRequest

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e6cee1808522e50761b12f30e370f28

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 243KB - Virtual size: 243KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 440B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 243KB - Virtual size: 243KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 440B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 21KB - Virtual size: 20KB