DeviceCenter[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

DeviceCenter.dll
Size

381KB
MD5

7739a69e2663505992ce8b6634d1fe35
SHA1

5c6ed4010b71f1984670beb4cde1a4c2df852cbb
SHA256

95aadd97a25663973e34155a8a8e9b1affde2e8464e80da9b96939be4c7c8156
SHA512

1b0b9f50e7f22830eae60dab1cef270ab5620bf69d3d18e965bfb8d1430c321288415e82a41072d889ee99cd4c8169605c9a82e012be95ca833648efa09ff79d
SSDEEP

6144:VnVIYd1kkjWaqDqpzmuySW16kUfi5qG64yPP6dg33x1K:VVI+jWaqAzmuyN1F6Aqz46Plv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DeviceCenter.dll

Files

DeviceCenter.dll
.dll windows:10 windows x86 arch:x86

b658578201e0522a3b182ed9b8c60ca7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DeviceCenter.pdb

Imports

msvcrt

_vsnwprintf
_except_handler4_common
__CxxFrameHandler3
realloc
_errno
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
memcmp
memset
wcsncmp
wcstok_s
_wcsicmp
wcsstr
wcsncpy_s
malloc
free
memcpy_s
_XcptFilter
memcpy

propsys

PropVariantCompareEx
PSPropertyBag_WriteBSTR
PSPropertyBag_WritePropertyKey
PSPropertyBag_WriteStream
ord408
PSPropertyBag_ReadBOOL
PropVariantChangeType
PropVariantToVariant
InitPropVariantFromResource
PropVariantToString
PSPropertyBag_WriteDWORD
PSPropertyBag_WriteStr
PSCreateMemoryPropertyStore
PSGetPropertyDescription
VariantCompare
PSPropertyBag_ReadPropertyKey
PSPropertyBag_ReadInt
PSPropertyBag_ReadBSTR
ord417
PropVariantToStringAlloc
InitPropVariantFromStringAsVector
PSGetPropertyFromPropertyStorage
PSPropertyBag_ReadStream

shell32

SHGetIDListFromObject
ord25
ord155
ord19
ShellExecuteW
ord100
ord763
ord18
SHBindToParent
SHBindToFolderIDListParent
ord256
SHCreateDefaultContextMenu
AssocCreateForClasses
SHCreateDataObject
SHCreateDefaultExtractIcon
SHGetIconOverlayIndexW
ord702
ShellExecuteExW
SHGetDesktopFolder
ord893
ord77
ord727
ord153
DuplicateIcon
SHCreateItemFromIDList
SHChangeNotify
SHCreateShellItemArrayFromIDLists
SHCreateShellItemArrayFromDataObject
ord16

shlwapi

ord197
ord344
StrPBrkW
ord215
UrlEscapeW
UrlUnescapeW
ord615
ord199
ord184
ord12
ord212
ord213
ord158
StrToIntW
PathParseIconLocationW
StrRetToBufW
ord219
StrChrW
ord619
SHStrDupW
ord16
ord176
ord384

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameW
FindResourceExW
GetModuleHandleExW
SizeofResource
GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress
GetModuleFileNameA
LoadStringW
LoadResource
FreeLibrary
LockResource

api-ms-win-core-synch-l1-2-0

WaitForSingleObjectEx
OpenSemaphoreW
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableSRW
WaitForSingleObject
ReleaseMutex
Sleep
CreateMutexExW
InitOnceComplete
CreateSemaphoreExW
InitOnceBeginInitialize
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ResetEvent
InitializeSRWLock
ReleaseSemaphore
DeleteCriticalSection
SetEvent
CreateEventW
ReleaseSRWLockShared
AcquireSRWLockShared
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection

api-ms-win-core-heap-l1-2-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-1

SetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-com-l1-1-1

CoGetApartmentType
PropVariantCopy
StringFromGUID2
CoInitializeEx
CoWaitForMultipleHandles
CoGetMalloc
CoUninitialize
PropVariantClear
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

api-ms-win-core-processthreads-l1-1-2

CreateThread
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-1

FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-1

OutputDebugStringA
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SafeArrayGetElement
VarUI4FromStr
VariantClear
VariantInit
SysAllocString
SysFreeString

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableFlags
RegisterTraceGuidsW
TraceMessage
GetTraceEnableLevel
UnregisterTraceGuids

api-ms-win-core-sysinfo-l1-2-1

GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventWrite
EventEnabled
EventUnregister
EventWriteTransfer

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryW
FindResourceW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-devices-query-l1-1-1

DevCreateObjectQuery
DevCloseObjectQuery
DevGetObjectProperties
DevFreeObjectProperties

comctl32

HIMAGELIST_QueryInterface
ImageList_ReplaceIcon
ImageList_Create
ord381
DestroyPropertySheetPage
CreatePropertySheetPageW
ord332
ord328
ord334
ord329
ord386
ImageList_Destroy

gdi32

CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject

kernel32

lstrcmpiW
lstrlenW

ntdll

WinSqmIncrementDWORD
WinSqmAddToStreamEx
WinSqmAddToStream
WinSqmSetDWORD
WinSqmIsOptedIn

user32

DestroyIcon
DestroyMenu
RemoveMenu
GetSubMenu
LoadMenuW
GetForegroundWindow
GetParent
SetMenuItemInfoW
SetWindowLongW
SetDlgItemTextW
EnableWindow
GetDlgItem
PostMessageW
SendMessageW
GetWindowRect
ScreenToClient
BeginDeferWindowPos
MapWindowPoints
DeferWindowPos
EndDeferWindowPos
UnregisterClassA
GetSystemMetrics
GetDC
ReleaseDC
GetMenuInfo
SetMenuInfo

dui70

UnInitProcessPriv
UnInitThread
InitThread
InitProcessPriv

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b658578201e0522a3b182ed9b8c60ca7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

propsys

shell32

shlwapi

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-devices-query-l1-1-1

comctl32

gdi32

kernel32

ntdll

user32

dui70

Exports

Exports

Sections

.text Size: 150KB - Virtual size: 149KB

.data Size: 512B - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 210KB - Virtual size: 210KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 150KB - Virtual size: 149KB

.data
Size: 512B - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 210KB - Virtual size: 210KB

.reloc
Size: 10KB - Virtual size: 10KB