fdPnp[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

fdPnp.dll
Size

51KB
MD5

1ad1501217ebba0a39974d09969a5526
SHA1

b3aea4145ee3edc456caaf17a98beb7566757a5e
SHA256

67f906723317d076df9fb88d805d879bef344c54e86dab3fd81bd1aa75dd5282
SHA512

cb85f7f832c2808fe72f8124ff12fe532b6ae47fa28bfaf9883fd949362a3941957632e03794ef7e1ffaa2d6b7555f7f32b66cab17a5ea5f9e2a5a3f7adf8786
SSDEEP

1536:IkbalZqIBC1JpHqrczI8BEl2lCRLxBtsaf9k:IkbalbAJ8cz7BElKCRLPtX1k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdPnp.dll

Files

fdPnp.dll
.dll windows:6 windows x64 arch:x64

9e885b164fbb3e1290c4424eafb0d6e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fdPnp.pdb

Imports

msvcrt

??_V@YAXPEAX@Z
memset
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
??_U@YAPEAX_K@Z
_wcsicmp
wcsncmp
realloc
memmove
_purecall
free
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
wcscmp

atl

ord30
ord32
ord15
ord21
ord16
ord23

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

oleaut32

SysFreeString
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayGetElement
SafeArrayUnaccessData
SysStringByteLen
SafeArrayCreateVector
SafeArrayGetDim

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
TraceMessage
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

CreateEventW
SetEvent
Sleep
ReleaseSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockExclusive
InitializeCriticalSection
AcquireSRWLockShared
DeleteCriticalSection
InitializeSRWLock

api-ms-win-core-com-l1-1-1

StringFromGUID2
CoUninitialize
CoInitializeEx
IIDFromString
PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateGuid

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegCloseKey

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
GetCurrentThreadId
CreateThread
TerminateProcess
GetCurrentProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-2-0

AllocateAndInitializeSid
FreeSid
CheckTokenMembership

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

advapi32

RegEnumKeyW

user32

RegisterDeviceNotificationW
PeekMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
UnregisterClassW
RegisterClassExW
UnregisterDeviceNotification
DefWindowProcW
DestroyWindow
CreateWindowExW
SetWindowLongPtrW
GetWindowLongPtrW

devobj

DevObjEnumDeviceInfo
DevObjDeleteDeviceInfo
DevObjEnumDeviceInterfaces
DevObjOpenDeviceInfo
DevObjDestroyDeviceInfoList
DevObjOpenClassRegKey
DevObjGetClassDevs
DevObjGetDeviceInterfaceProperty
DevObjGetDeviceProperty
DevObjGetDeviceInterfaceDetail
DevObjCreateDeviceInfoList
DevObjGetDevicePropertyKeys
DevObjSetDeviceProperty
DevObjGetDeviceInterfacePropertyKeys
DevObjSetDeviceInterfaceProperty
DevObjOpenDeviceInterface
DevObjGetDeviceInstanceId

kernel32

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e885b164fbb3e1290c4424eafb0d6e5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

ntdll

oleaut32

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

advapi32

user32

devobj

kernel32

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 39KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 72B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 244B

.text
Size: 39KB - Virtual size: 39KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 72B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 244B