NPSMDesktopProvider[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

NPSMDesktopProvider.dll
Size

804KB
MD5

025fe0597e0edc26ffaac5fe0b5531d8
SHA1

d0edb2ce414485fcf5f01163fff9e42a902b6f64
SHA256

0910b2092d13dc90a98facc0d93e5e41da0b000059c0cd5549ae61fff86f7654
SHA512

2b416d3e4d63e4ae816c2d72f4bf8d4e6726bd1b22ba63c4009cbaef20a5b73a314a48659b5a3e52519bee6c336d10d206e3c0e83d4e100b47cd973d904fce32
SSDEEP

3072:p+DXCy2j8DMmFQrQYKd+M7Hukdq/tlIGUKH7YNjTLyJl:0XCj8JKQt7HRoWG7CT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NPSMDesktopProvider.dll

Files

NPSMDesktopProvider.dll
.dll windows:10 windows x86 arch:x86

5c43c979a6523a01f4e2a5cc49fb529a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

NPSMDesktopProvider.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
__CxxFrameHandler3
_initterm
memcpy_s
_vsnwprintf
_onexit
memmove
_wsplitpath_s
_wcsicmp
realloc
wcschr
_callnewh
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler4_common
memcmp
_CxxThrowException
_purecall
memmove_s
malloc
_amsg_exit
_XcptFilter
free
memcpy
memset

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef
SHCreateThreadRef
SHCreateThread
SHSetThreadRef

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameA
LoadStringW
GetModuleHandleW
LoadLibraryExW
GetModuleHandleExW
GetProcAddress

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

SetEvent
WaitForSingleObject
Sleep
DeleteCriticalSection
CreateEventExW
CreateSemaphoreExW
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSemaphore
ReleaseMutex
InitOnceBeginInitialize
ReleaseSRWLockExclusive
LeaveCriticalSection
InitOnceComplete
ReleaseSRWLockShared
InitOnceInitialize
InitOnceExecuteOnce
AcquireSRWLockShared
WaitForSingleObjectEx
CreateMutexExW
InitializeCriticalSectionEx
EnterCriticalSection
InitializeSRWLock

api-ms-win-core-winrt-error-l1-1-1

SetRestrictedErrorInfo
RoOriginateError
IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
RoTransformError

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsSetValue
OpenProcess
CreateThread
TlsFree
OpenProcessToken

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-1

RaiseException
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-com-l1-1-1

RoGetAgileReference
CoCreateInstance
CoWaitForMultipleHandles
CoInitializeEx
CoUninitialize
CoGetApartmentType
CoRevertToSelf
CoImpersonateClient
CoTaskMemAlloc
CoCancelCall
CoDisableCallCancellation
CoEnableCallCancellation
CoTaskMemRealloc
CoGetMalloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
TrySubmitThreadpoolCallback
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolWaitCallbacks
CloseThreadpoolTimer
CallbackMayRunLong
FreeLibraryWhenCallbackReturns
IsThreadpoolTimerSet
CloseThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolTimerCallbacks

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

api-ms-win-core-heap-l1-2-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-localization-l1-2-1

GetLocaleInfoW
FormatMessageW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
EventActivityIdControl

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-security-base-l1-2-0

DuplicateTokenEx

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDuplicateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

ntdll

RtlFreeHeap
NtQueryInformationToken
RtlInitUnicodeString
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-core-localization-obsolete-l1-3-0

GetUserDefaultUILanguage

api-ms-win-security-capability-l1-1-0

CapabilityCheck

mmdevapi

ord11
ord10

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_LoadImageW
ImageList_Destroy

kernel32

CreateEventW
InitializeCriticalSection

gdi32

StretchBlt
GetDeviceCaps
SelectObject
CreateCompatibleDC
GetObjectW
DeleteDC
CreateDIBSection
DeleteObject
CreateCompatibleBitmap

user32

IsWindow
ord2521
PeekMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
GetWindowThreadProcessId
PostThreadMessageW
LoadImageW
GetDC
GetSystemMetrics
ReleaseDC

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_QueryService

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-service-winsvc-l1-2-0

QueryServiceStatus

rpcrt4

NdrClientCall4
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree
RpcStringBindingComposeW

api-ms-win-service-private-l1-1-1

SubscribeServiceChangeNotifications
UnsubscribeServiceChangeNotifications

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 653KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c43c979a6523a01f4e2a5cc49fb529a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-localization-l1-2-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

ntdll

api-ms-win-core-localization-obsolete-l1-3-0

api-ms-win-security-capability-l1-1-0

mmdevapi

comctl32

kernel32

gdi32

user32

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-2-0

rpcrt4

api-ms-win-service-private-l1-1-1

Exports

Exports

Sections

.text Size: 133KB - Virtual size: 132KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 653KB - Virtual size: 652KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 133KB - Virtual size: 132KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 653KB - Virtual size: 652KB

.reloc
Size: 8KB - Virtual size: 8KB