SPInf[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

SPInf.dll
Size

74KB
MD5

4bdbbe5e4208022dd794f7eeeb0f7366
SHA1

5dc28361e08c3138e09d657b9958e1c42963b065
SHA256

4f69ba2edabfa63a300b9f1880349efae185b899dd5c561e7b3ba6aaa4b22d6a
SHA512

d91b67f2bb634723db1f8ef255353ac1fe24c47acfa16aceecd26497480a824a594871f69f31a7ef22b4e46c0f3fb27cdddb483e3602509826b2899885845026
SSDEEP

1536:8I453w/IYPN7e0a0hUzgPEcR3sm58Y8GnovS6hueS4V4zchukE+:D4hwgQi0ar9craYUzuohPD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SPInf.dll

Files

SPInf.dll
.dll windows:6 windows x86 arch:x86

ba64b0cbe54ec0c4a62c599d95f6ce7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SPINF.pdb

Imports

msvcrt

wcstoul
_XcptFilter
malloc
free
_initterm
_wcsicmp
_except_handler4_common
wcschr
_wcsnicmp
memmove
wcsrchr
_resetstkoflw
memset
memcpy
_amsg_exit
_vsnwprintf
_vsnprintf

ntdll

RtlNtStatusToDosError
RtlUnicodeToMultiByteN
RtlUnicodeToMultiByteSize
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlVerifyVersionInfo
VerSetConditionMask
RtlInitUnicodeStringEx
RtlIsTextUnicode

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
SetUnhandledExceptionFilter
GetLastError
SetErrorMode

api-ms-win-core-file-l1-1-0

CompareFileTime
SetFilePointer
WriteFile
GetFileSize
DeleteFileW
FindClose
GetFullPathNameW
GetFileAttributesW
CreateDirectoryW
SetEndOfFile
CreateFileW
FindFirstFileW
SetFileAttributesW
FlushFileBuffers

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap

api-ms-win-core-interlocked-l1-1-0

InterlockedExchange
InterlockedCompareExchange

api-ms-win-core-libraryloader-l1-1-0

GetProcAddress
GetModuleHandleW
LoadLibraryExW
DisableThreadLibraryCalls

api-ms-win-core-localization-l1-1-0

LCMapStringW
GetThreadLocale

api-ms-win-core-localregistry-l1-1-0

RegCloseKey

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-misc-l1-1-0

lstrcmpiW
lstrlenA
lstrlenW
LocalFree
FormatMessageW
Sleep

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

GetStringTypeExW
CompareStringW
MultiByteToWideChar

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObjectEx
CreateEventW
CreateMutexW
SetEvent
WaitForMultipleObjectsEx

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
SystemTimeToFileTime
GetSystemWindowsDirectoryW
GetLocalTime
GetVersionExW

Exports

Exports

SpInfDetermineInfStyle
SpInfDoesInfContainString
SpInfEnumInfSections
SpInfFileFullPathFromLineContext
SpInfFindFirstLine
SpInfFindNextMatchLine
SpInfFindValueInSectionList
SpInfFreeInfFile
SpInfGetBestInstallSection
SpInfGetBestModelsSection
SpInfGetDirIdHandler
SpInfGetDriverVer
SpInfGetField
SpInfGetIndirectString
SpInfGetInfInformation
SpInfGetInfLineNumber
SpInfGetInfSections
SpInfGetInfStyle
SpInfGetLanguageId
SpInfGetLineByIndex
SpInfGetLineCount
SpInfGetLineCountFromSection
SpInfGetLineFieldCount
SpInfGetLineTextWithKey
SpInfGetLogToken
SpInfGetNextInf
SpInfGetOriginalInfName
SpInfGetPathFromDirId
SpInfGetPrevInf
SpInfGetStringField
SpInfGetStringsSection
SpInfGetTargetPath
SpInfGetVersionDatum
SpInfGetVersionNode
SpInfIsIndirectString
SpInfLineFromContext
SpInfLineIsSearchable
SpInfLoadInfFile
SpInfLocateLine
SpInfLocateSection
SpInfLockInf
SpInfQueryInfFileInformation
SpInfQueryInfVersionInformation
SpInfSectionNameFromLineContext
SpInfSetDirIdHandler
SpInfSetDirectoryId
SpInfSourcePathFromHandle
SpInfUnlockInf
SpInfVersionNodeFromInfInformation

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba64b0cbe54ec0c4a62c599d95f6ce7c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-localization-l1-1-0

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

Exports

Exports

Sections

.text Size: 66KB - Virtual size: 66KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 66KB - Virtual size: 66KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB