PortableDeviceApi[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PortableDeviceApi.dll
Size

535KB
MD5

e98278865e8daba21cfe5fe4be34210a
SHA1

850edbdc1059c1d4edcb882d54a87e6869ccae23
SHA256

3bb431a9f6476ea98c17df46ba5dfa265e74328d84875e402236ed12e50b6330
SHA512

75f3a30231415e2b40e30209a287f264b9e493a0c42868a24fda47d7eaa9f42470cbb4fb9d8a238ceda2745ccdb4dd95587445c8ef1f33de4b197c59c17ed342
SSDEEP

12288:f5poVJ0Vig4CNxsO3Sj6gix5n1cBA5TVWKgb:3oVJZg4CNxseSj6nx5n1cC5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PortableDeviceApi.dll

Files

PortableDeviceApi.dll
.dll regsvr32 windows:6 windows x86 arch:x86

90450591b87f8fecfbb18cbf66e1bd42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PortableDeviceApi.pdb

Imports

msvcrt

_onexit
_lock
??3@YAXPAX@Z
_unlock
_errno
realloc
_except_handler4_common
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_amsg_exit
_initterm
_XcptFilter
memcpy
calloc
_wcsicmp
memmove_s
_ftol2
memset
??_U@YAPAXI@Z
__CxxFrameHandler3
??2@YAPAXI@Z
vswprintf_s
_vscwprintf
wcscat_s
wcsncpy_s
wcscpy_s
_CxxThrowException
memcpy_s
free
malloc
??_V@YAXPAX@Z
__dllonexit
iswalpha
wcschr
_vsnwprintf

user32

UnregisterClassA
MsgWaitForMultipleObjectsEx
IsWindowUnicode
GetMessageW
GetMessageA
DispatchMessageA
RegisterClassExW
CreateWindowExW
RegisterDeviceNotificationW
SetWindowLongW
ShowWindow
UpdateWindow
PeekMessageW
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
DefWindowProcW
GetWindowLongW
DestroyWindow
PostQuitMessage
UnregisterDeviceNotification
PostMessageW
CharNextW
UnregisterClassW

rpcrt4

NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrStubForwardingFunction
NdrStubCall2
NdrDllRegisterProxy
NdrDllUnregisterProxy

kernel32

lstrlenW
SetErrorMode
ReleaseMutex
CreateMutexExW
SetLastError
DeleteTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
CreateTimerQueueTimer
LocalFree
LocalAlloc
OutputDebugStringA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
Sleep
InterlockedExchange
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LoadLibraryExA
InterlockedCompareExchange
DelayLoadFailureHook
TrySubmitThreadpoolCallback
GetTickCount
FindResourceExW
LockResource
WaitForSingleObject
WaitForMultipleObjects
GetOverlappedResult
DeviceIoControl
CreateFileW
GetModuleHandleExW
CreateThread
CreateEventW
FreeLibraryAndExitThread
GetCurrentProcess
DuplicateHandle
ResumeThread
CloseHandle
SetEvent
DecodePointer
CancelIo
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetSystemDirectoryW
EncodePointer
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameW
lstrcmpiW
GetModuleHandleW
GetProcAddress
LoadLibraryW
InterlockedDecrement
InterlockedIncrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 435KB - Virtual size: 434KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90450591b87f8fecfbb18cbf66e1bd42

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

rpcrt4

kernel32

Exports

Exports

Sections

.text Size: 435KB - Virtual size: 434KB

.orpc Size: 512B - Virtual size: 476B

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 61KB - Virtual size: 61KB

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 435KB - Virtual size: 434KB

.orpc
Size: 512B - Virtual size: 476B

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 61KB - Virtual size: 61KB

.reloc
Size: 30KB - Virtual size: 30KB