PortableDeviceClassExtension[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PortableDeviceClassExtension.dll
Size

107KB
MD5

81490fdae27f0082e5cc2dc78dca96fa
SHA1

961bd94dec3a772ce67baeeecffd04b3e05aecfc
SHA256

0d05dd1591a851136a7ad4bdeb389070be19900521d5e0fa4ce37302783615be
SHA512

614c7dfd621edec4dd36aa99ed8d9c3aaabdd358b50c4ee64b28fb2a291f150782cb505af7b79d478760b8726be9dea895d384cf692b7c07e98776b731be256e
SSDEEP

1536:XmNjJ/dW/zDRLaLA9U2mTYeraCy1tyBPTt3cYJ8VX5XQCwlkZ6WWOE4ky:4/WP1aX/aC9BPTlVmJQCwC67m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PortableDeviceClassExtension.dll

Files

PortableDeviceClassExtension.dll
.dll regsvr32 windows:6 windows x86 arch:x86

9b91c9a1d3c617307810a1f9edddc668

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PortableDeviceClassExtension.pdb

Imports

msvcrt

_except_handler4_common
??1type_info@@UAE@XZ
realloc
_initterm
_XcptFilter
_errno
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
_vsnwprintf
vswprintf_s
_vscwprintf
_wcsicmp
memmove_s
memset
??_U@YAPAXI@Z
??2@YAPAXI@Z
__CxxFrameHandler3
wcscat_s
wcsncpy_s
wcscpy_s
_CxxThrowException
memcpy_s
free
malloc
??_V@YAXPAX@Z
??3@YAXPAX@Z

advapi32

ConvertSecurityDescriptorToStringSecurityDescriptorW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
GetSecurityInfo

kernel32

InterlockedCompareExchange
DelayLoadFailureHook
CreateEventW
OutputDebugStringA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
LoadLibraryExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
Sleep
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
TerminateProcess
LoadLibraryExW
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
GetModuleFileNameW
DisableThreadLibraryCalls
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
CreateThread
CloseHandle
LockResource
FindResourceExW
WaitForSingleObject
SetEvent
LocalFree
OpenEventW
WaitForMultipleObjects

user32

UnregisterClassA
CharNextW

rpcrt4

CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Microsoft_WDF_UMDF_Version

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b91c9a1d3c617307810a1f9edddc668

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

rpcrt4

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 54KB

.orpc Size: 512B - Virtual size: 51B

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 47KB - Virtual size: 46KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 54KB - Virtual size: 54KB

.orpc
Size: 512B - Virtual size: 51B

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 47KB - Virtual size: 46KB

.reloc
Size: 4KB - Virtual size: 3KB