DeviceCenter[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

DeviceCenter.dll
Size

503KB
MD5

0d85a9a9c23163ce62df4e19a5d0829d
SHA1

374c7292ee6093a3d23dfb4867b5467049ae2bd3
SHA256

514247b1f47488dcc3ff435808bf2d802c7bc634a538a2db4f1b6ba10004702b
SHA512

92d13ee16df60b315ade04688aead6e10004ed35bb6b86ed85132baabb8fdf2d20babf7b71fcc6b6a238d3bdad5ef2bcb8fc95503ad08fdbc5d3765e13184227
SSDEEP

6144:8+SDAjan67Epvxq/7OVcxrVznEz12zYyH6C4NQFnIx1K:PSWa67crGrVbMkUdZN6Iv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DeviceCenter.dll

Files

DeviceCenter.dll
.dll windows:6 windows x64 arch:x64

ef45bf42336f9ab736d69d52e6f90720

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DeviceCenter.pdb

Imports

msvcrt

__C_specific_handler
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
_onexit
_errno
realloc
wcsncpy_s
__CxxFrameHandler3
memcpy
wcscmp
memset
wcsncmp
wcstok_s
_wcsicmp
wcsstr
_vsnwprintf
memcpy_s
free
malloc
__dllonexit

advapi32

RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
EventUnregister
EventRegister
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
EventEnabled
EventWrite
TraceMessage

gdi32

DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateDIBSection

kernel32

Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
LoadLibraryW
FormatMessageW
GetLocaleInfoW
SleepConditionVariableSRW
WakeConditionVariable
InitializeConditionVariable
CompareStringOrdinal
ResetEvent
WaitForSingleObject
GetCurrentThreadId
LocalAlloc
CreateThread
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
FindResourceW
LockResource
lstrlenW
GetTickCount64
ExpandEnvironmentStringsW
LoadLibraryExW
GetProcAddress
GetLastError
HeapAlloc
GetProcessHeap
HeapFree
DisableThreadLibraryCalls
InitializeSRWLock
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
CreateEventW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
SetEvent
WaitForMultipleObjects
LocalFree
FreeLibrary
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar

ntdll

WinSqmIncrementDWORD
WinSqmSetDWORD
WinSqmAddToStream
WinSqmAddToStreamEx
WinSqmIsOptedIn

ole32

CoWaitForMultipleHandles
CoGetApartmentType
PropVariantCopy
PropVariantClear
StringFromGUID2
CoTaskMemRealloc
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoGetMalloc
CoTaskMemAlloc

oleaut32

VariantClear
SysAllocString
VariantInit
VarUI4FromStr
SysFreeString
SafeArrayGetElement

shell32

ord727
ord153
SHBindToFolderIDListParentEx
SHBindToParent
DuplicateIcon
SHCreateItemFromIDList
SHCreateShellItemArrayFromDataObject
ord16
SHCreateShellItemArrayFromIDLists
SHChangeNotify
SHGetDesktopFolder
ShellExecuteExW
SHGetIconOverlayIndexW
SHCreateDefaultExtractIcon
SHCreateDataObject
AssocCreateForClasses
SHGetIDListFromObject
SHCreateDefaultContextMenu
ord256
SHBindToFolderIDListParent
ord19
ord25
ord155
ShellExecuteW
ord100
ord18
ord77
ord819
ord893
ord702
ord763

shlwapi

ord476
ord16
ord219
SHStrDupW
ord344
PathParseIconLocationW
StrToIntW
ord176
ord158
ord199
ord615
UrlUnescapeW
UrlEscapeW
StrChrW
ord215
ord12
ord184
ord213
StrRetToBufW
StrPBrkW
ord384
ord197
ord619

user32

GetMenuInfo
SetMenuInfo
GetDC
ReleaseDC
GetSystemMetrics
DeferWindowPos
EndDeferWindowPos
MapWindowPoints
UnregisterClassA
CharNextW
SetMenuItemInfoW
GetForegroundWindow
LoadStringW
LoadMenuW
GetSubMenu
RemoveMenu
DestroyMenu
DestroyIcon
GetParent
SetWindowLongPtrW
SetDlgItemTextW
EnableWindow
GetDlgItem
PostMessageW
SendMessageW
GetWindowRect
ScreenToClient
BeginDeferWindowPos

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW
ord334
ord381
ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon
HIMAGELIST_QueryInterface
ord386
ord329
ord332
ord328

propsys

PSCreateMemoryPropertyStore
PSPropertyBag_WriteStr
PSPropertyBag_WriteDWORD
PropVariantCompareEx
PropVariantToString
PSGetPropertyDescription
InitPropVariantFromResource
PropVariantToVariant
PropVariantChangeType
ord408
ord417
PropVariantToStringAlloc
InitPropVariantFromStringAsVector
PSGetPropertyFromPropertyStorage
VariantCompare
PSPropertyBag_ReadBOOL

dui70

UnInitProcessPriv
UnInitThread
InitThread
InitProcessPriv

cfgmgr32

DevCreateObjectQuery
DevFreeObjectProperties
DevCloseObjectQuery
DevGetObjectProperties

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef45bf42336f9ab736d69d52e6f90720

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

gdi32

kernel32

ntdll

ole32

oleaut32

shell32

shlwapi

user32

comctl32

propsys

dui70

cfgmgr32

Exports

Exports

Sections

.text Size: 150KB - Virtual size: 150KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 7KB - Virtual size: 6KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 333KB - Virtual size: 332KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 150KB - Virtual size: 150KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 7KB - Virtual size: 6KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 333KB - Virtual size: 332KB

.reloc
Size: 2KB - Virtual size: 1KB