PortableDeviceWiaCompat[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PortableDeviceWiaCompat.dll
Size

135KB
MD5

d121bb3a50cdcde8ce7b62d3eb62a852
SHA1

b560078ad8380dfd47ff0e1db07b4814282f8c83
SHA256

823ddf228a01cc43c8e79add643026af2c1a3c0dee27f57d495d2c5a2c10dfa1
SHA512

38ddaf3d5cf1441799f89c7bab679ad5951485dc7e065afdd9bb6a63ad55cdca3a3fb5679c89f6f15332f075cddb69ad72bcdb21d580cb30d5152cb0c2b4a6f7
SSDEEP

1536:rTjPNT3kHzjTLLd6Pze4B1+OJ8W6C3KAF8OAKjaA+r4vQH8blt5z:L13kHPZ6UpW6CRu2T+KbH5z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PortableDeviceWiaCompat.dll

Files

PortableDeviceWiaCompat.dll
.dll regsvr32 windows:6 windows x86 arch:x86

55076650ff7fdf87318f353d43836294

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PortableDeviceWiaCompat.pdb

Imports

msvcrt

_CxxThrowException
memcpy_s
wcscpy_s
malloc
??_V@YAXPAX@Z
wcsncpy_s
wcscat_s
??2@YAPAXI@Z
__CxxFrameHandler3
_purecall
??_U@YAPAXI@Z
memset
memmove_s
_wcsicmp
calloc
memmove
_ftol2_sse
memcpy
iswspace
wcsrchr
wcsspn
wcscspn
_vscwprintf
vswprintf_s
??3@YAXPAX@Z
_ftol2
_snwscanf
_XcptFilter
_initterm
_amsg_exit
??1type_info@@UAE@XZ
_except_handler4_common
realloc
_errno
_unlock
__dllonexit
_lock
_onexit
free

advapi32

RegSetValueExW
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
RegQueryValueExW
TraceMessage
RegEnumKeyExW
RegQueryInfoKeyW
GetTraceEnableFlags
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
UnregisterTraceGuids

gdi32

DeleteDC
GetDIBits
DeleteObject
CreateCompatibleDC

kernel32

InterlockedExchange
GetProcessHeap
HeapSize
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
FindResourceExW
Sleep
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetModuleFileNameW
lstrcmpiW
GetModuleHandleW
GetProcAddress
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OutputDebugStringA
LockResource
HeapReAlloc
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
InterlockedIncrement
InterlockedDecrement
LoadLibraryW

user32

UnregisterClassA
GetDC
ReleaseDC
CharNextW

oleaut32

SystemTimeToVariantTime
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString
VariantTimeToSystemTime

ole32

CLSIDFromString
CreateStreamOnHGlobal
PropVariantClear
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

gdiplus

GdipCloneImage
GdipDrawImageRect
GdipGetImageGraphicsContext
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromGdiDib
GdipGetImageHeight
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipLoadImageFromStream
GdipDisposeImage
GdipGetImageWidth
GdipSaveImageToStream

wiaservc

wiasGetDrvItem
wiasWriteBufToFile
wiasWritePropGuid
wiasWritePropLong
wiasWriteMultiple
wiasQueueEvent
wiasGetItemType
wiasReadMultiple
wiasFreePropContext
wiasReadPropLong
wiasValidateItemProperties
wiasReadPropGuid
wiasUpdateValidFormat
wiasCreatePropContext
wiasCreateDrvItem
wiasSetItemPropAttribs
wiasSetItemPropNames

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55076650ff7fdf87318f353d43836294

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

gdi32

kernel32

user32

oleaut32

ole32

gdiplus

wiaservc

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 95KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 29KB - Virtual size: 28KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 96KB - Virtual size: 95KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 7KB - Virtual size: 6KB