cfgmgr32[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

cfgmgr32.dll
Size

308KB
MD5

6be6ea30b573eaecf5e9e9d07f50955b
SHA1

4bc86969915d893677c6b7f4a3fdbda2f7ba54cf
SHA256

f86facb55fe107dd41867cdf108778007e23740614af7c77b4367e6702d99e1f
SHA512

f5964fedb44de6f6e643eedfa3d996fe652ab2abdfe9eaf0698186aacd60749950f9ae6fd7ea4e3a940441f6e52ec739090a15053f4c2835abfc001da9a51cd6
SSDEEP

6144:xahwapb1OycI//hsoI89MBuO2Inh7+TXqUB:OxFW89Mh2IEWUB

Score

1^/10

Malware Config

Signatures

Files

cfgmgr32.dll
.dll windows:6 windows x64 arch:x64

aaf99f34577abafdcb8b093ba83d48ad

Code Sign

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4e
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/07/2014, 20:32

Not After

01/10/2015, 20:32

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fa:93:14:01:43:5e:96:0d:c8:bc:46:21:5a:13:d5:1a:78:c0:a2:d6:56:e1:b4:8f:7e:a9:e9:dd:d3:20:2f:88
Signer

Actual PE Digest

fa:93:14:01:43:5e:96:0d:c8:bc:46:21:5a:13:d5:1a:78:c0:a2:d6:56:e1:b4:8f:7e:a9:e9:dd:d3:20:2f:88

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cfgmgr32.pdb

Imports

api-ms-win-core-crt-l1-1-0

wcsrchr
memmove
wcstoul
_vsnwprintf_s
_wcsicmp
_wtoi
memcpy
_wcsnicmp
wcschr
memset

api-ms-win-core-crt-l2-1-0

_purecall
_initterm
_initterm_e

ntdll

RtlCmEncodeMemIoResource
RtlIoEncodeMemIoResource
RtlGetSaclSecurityDescriptor
RtlCmDecodeMemIoResource
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlHashUnicodeString
RtlIoDecodeMemIoResource
RtlGUIDFromString
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteN
RtlUnicodeToMultiByteSize
RtlEqualUnicodeString
__C_specific_handler
RtlCaptureContext
RtlLookupFunctionEntry
RtlUpcaseUnicodeString
EtwTraceMessage
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlVirtualUnwind
NtCreateFile
RtlInitUnicodeString
RtlNtStatusToDosErrorNoTeb
ord1
RtlIsTextUnicode
RtlNtStatusToDosError
RtlUnicodeStringToInteger
RtlInitUnicodeStringEx
RtlGetDaclSecurityDescriptor

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleExW
LoadStringW
FreeLibrary

api-ms-win-core-heap-l1-2-0

HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-1

SetLastError
SetErrorMode
RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
SetThreadToken
OpenThreadToken
GetCurrentProcess
GetCurrentProcessId
OpenProcessToken
GetCurrentThreadId
GetCurrentThread

api-ms-win-security-base-l1-2-0

DuplicateTokenEx
GetTokenInformation
GetSecurityDescriptorLength
GetKernelObjectSecurity
AdjustTokenPrivileges

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processenvironment-l1-2-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-localization-l1-2-1

FormatMessageW
GetThreadLocale
GetThreadPreferredUILanguages
LCMapStringW

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetComputerNameExW
GetSystemTimeAsFileTime
GetVersionExW
GetSystemWindowsDirectoryW
GetSystemDirectoryW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegGetValueW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar
GetStringTypeExW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
OpenEventW
CreateEventW
InitOnceExecuteOnce
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitOnceInitialize
InitializeConditionVariable
WakeConditionVariable
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
WaitForSingleObjectEx
Sleep
CreateMutexW
SetEvent
InitializeSRWLock
WaitForMultipleObjectsEx
WaitForSingleObject
ReleaseMutex

api-ms-win-core-file-l1-2-1

FindClose
SetEndOfFile
GetFileSize
WriteFile
SetFilePointer
FindFirstFileW
DeleteFileW
CreateFileW
CompareFileTime

api-ms-win-core-memory-l1-1-2

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-io-l1-1-1

GetOverlappedResult
CancelIoEx
DeviceIoControl

api-ms-win-core-threadpool-l1-2-0

CallbackMayRunLong
CreateThreadpoolWork
WaitForThreadpoolIoCallbacks
CloseThreadpoolIo
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
SubmitThreadpoolWork
FreeLibraryWhenCallbackReturns
DisassociateCurrentThreadFromCallback

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

CMP_GetBlockedDriverInfo
CMP_GetServerSideDeviceInstallFlags
CMP_Init_Detection
CMP_RegisterServiceNotification
CMP_Register_Notification
CMP_Report_LogOn
CMP_WaitNoPendingInstallEvents
CMP_WaitServicesAvailable
CM_Add_Driver_PackageW
CM_Add_Driver_Package_ExW
CM_Add_Empty_Log_Conf
CM_Add_Empty_Log_Conf_Ex
CM_Add_IDA
CM_Add_IDW
CM_Add_ID_ExA
CM_Add_ID_ExW
CM_Add_Range
CM_Add_Res_Des
CM_Add_Res_Des_Ex
CM_Apply_PowerScheme
CM_Connect_MachineA
CM_Connect_MachineW
CM_Create_DevNodeA
CM_Create_DevNodeW
CM_Create_DevNode_ExA
CM_Create_DevNode_ExW
CM_Create_Range_List
CM_Delete_Class_Key
CM_Delete_Class_Key_Ex
CM_Delete_DevNode_Key
CM_Delete_DevNode_Key_Ex
CM_Delete_Device_Interface_KeyA
CM_Delete_Device_Interface_KeyW
CM_Delete_Device_Interface_Key_ExA
CM_Delete_Device_Interface_Key_ExW
CM_Delete_Driver_PackageW
CM_Delete_Driver_Package_ExW
CM_Delete_PowerScheme
CM_Delete_Range
CM_Detect_Resource_Conflict
CM_Detect_Resource_Conflict_Ex
CM_Disable_DevNode
CM_Disable_DevNode_Ex
CM_Disconnect_Machine
CM_Dup_Range_List
CM_Duplicate_PowerScheme
CM_Enable_DevNode
CM_Enable_DevNode_Ex
CM_Enumerate_Classes
CM_Enumerate_Classes_Ex
CM_Enumerate_EnumeratorsA
CM_Enumerate_EnumeratorsW
CM_Enumerate_Enumerators_ExA
CM_Enumerate_Enumerators_ExW
CM_Find_Range
CM_First_Range
CM_Free_Log_Conf
CM_Free_Log_Conf_Ex
CM_Free_Log_Conf_Handle
CM_Free_Range_List
CM_Free_Res_Des
CM_Free_Res_Des_Ex
CM_Free_Res_Des_Handle
CM_Free_Resource_Conflict_Handle
CM_Get_Child
CM_Get_Child_Ex
CM_Get_Class_Key_NameA
CM_Get_Class_Key_NameW
CM_Get_Class_Key_Name_ExA
CM_Get_Class_Key_Name_ExW
CM_Get_Class_NameA
CM_Get_Class_NameW
CM_Get_Class_Name_ExA
CM_Get_Class_Name_ExW
CM_Get_Class_PropertyW
CM_Get_Class_Property_ExW
CM_Get_Class_Property_Keys
CM_Get_Class_Property_Keys_Ex
CM_Get_Class_Registry_PropertyA
CM_Get_Class_Registry_PropertyW
CM_Get_Depth
CM_Get_Depth_Ex
CM_Get_DevNode_Custom_PropertyA
CM_Get_DevNode_Custom_PropertyW
CM_Get_DevNode_Custom_Property_ExA
CM_Get_DevNode_Custom_Property_ExW
CM_Get_DevNode_PropertyW
CM_Get_DevNode_Property_ExW
CM_Get_DevNode_Property_Keys
CM_Get_DevNode_Property_Keys_Ex
CM_Get_DevNode_Registry_PropertyA
CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Registry_Property_ExA
CM_Get_DevNode_Registry_Property_ExW
CM_Get_DevNode_Status
CM_Get_DevNode_Status_Ex
CM_Get_Device_IDA
CM_Get_Device_IDW
CM_Get_Device_ID_ExA
CM_Get_Device_ID_ExW
CM_Get_Device_ID_ListA
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_ExA
CM_Get_Device_ID_List_ExW
CM_Get_Device_ID_List_SizeA
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_List_Size_ExA
CM_Get_Device_ID_List_Size_ExW
CM_Get_Device_ID_Size
CM_Get_Device_ID_Size_Ex
CM_Get_Device_Interface_AliasA
CM_Get_Device_Interface_AliasW
CM_Get_Device_Interface_Alias_ExA
CM_Get_Device_Interface_Alias_ExW
CM_Get_Device_Interface_ListA
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_ExA
CM_Get_Device_Interface_List_ExW
CM_Get_Device_Interface_List_SizeA
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_List_Size_ExA
CM_Get_Device_Interface_List_Size_ExW
CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_Property_ExW
CM_Get_Device_Interface_Property_KeysW
CM_Get_Device_Interface_Property_Keys_ExW
CM_Get_First_Log_Conf
CM_Get_First_Log_Conf_Ex
CM_Get_Global_State
CM_Get_Global_State_Ex
CM_Get_HW_Prof_FlagsA
CM_Get_HW_Prof_FlagsW
CM_Get_HW_Prof_Flags_ExA
CM_Get_HW_Prof_Flags_ExW
CM_Get_Hardware_Profile_InfoA
CM_Get_Hardware_Profile_InfoW
CM_Get_Hardware_Profile_Info_ExA
CM_Get_Hardware_Profile_Info_ExW
CM_Get_Log_Conf_Priority
CM_Get_Log_Conf_Priority_Ex
CM_Get_Next_Log_Conf
CM_Get_Next_Log_Conf_Ex
CM_Get_Next_Res_Des
CM_Get_Next_Res_Des_Ex
CM_Get_Parent
CM_Get_Parent_Ex
CM_Get_Res_Des_Data
CM_Get_Res_Des_Data_Ex
CM_Get_Res_Des_Data_Size
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Resource_Conflict_Count
CM_Get_Resource_Conflict_DetailsA
CM_Get_Resource_Conflict_DetailsW
CM_Get_Sibling
CM_Get_Sibling_Ex
CM_Get_Version
CM_Get_Version_Ex
CM_Import_PowerScheme
CM_Install_DevNodeW
CM_Install_DevNode_ExW
CM_Intersect_Range_List
CM_Invert_Range_List
CM_Is_Dock_Station_Present
CM_Is_Dock_Station_Present_Ex
CM_Is_Version_Available
CM_Is_Version_Available_Ex
CM_Locate_DevNodeA
CM_Locate_DevNodeW
CM_Locate_DevNode_ExA
CM_Locate_DevNode_ExW
CM_MapCrToSpErr
CM_MapCrToWin32Err
CM_Merge_Range_List
CM_Modify_Res_Des
CM_Modify_Res_Des_Ex
CM_Move_DevNode
CM_Move_DevNode_Ex
CM_Next_Range
CM_Open_Class_KeyA
CM_Open_Class_KeyW
CM_Open_Class_Key_ExA
CM_Open_Class_Key_ExW
CM_Open_DevNode_Key
CM_Open_DevNode_Key_Ex
CM_Open_Device_Interface_KeyA
CM_Open_Device_Interface_KeyW
CM_Open_Device_Interface_Key_ExA
CM_Open_Device_Interface_Key_ExW
CM_Query_And_Remove_SubTreeA
CM_Query_And_Remove_SubTreeW
CM_Query_And_Remove_SubTree_ExA
CM_Query_And_Remove_SubTree_ExW
CM_Query_Arbitrator_Free_Data
CM_Query_Arbitrator_Free_Data_Ex
CM_Query_Arbitrator_Free_Size
CM_Query_Arbitrator_Free_Size_Ex
CM_Query_Remove_SubTree
CM_Query_Remove_SubTree_Ex
CM_Query_Resource_Conflict_List
CM_Reenumerate_DevNode
CM_Reenumerate_DevNode_Ex
CM_Register_Device_Driver
CM_Register_Device_Driver_Ex
CM_Register_Device_InterfaceA
CM_Register_Device_InterfaceW
CM_Register_Device_Interface_ExA
CM_Register_Device_Interface_ExW
CM_Register_Notification
CM_Remove_SubTree
CM_Remove_SubTree_Ex
CM_Request_Device_EjectA
CM_Request_Device_EjectW
CM_Request_Device_Eject_ExA
CM_Request_Device_Eject_ExW
CM_Request_Eject_PC
CM_Request_Eject_PC_Ex
CM_RestoreAll_DefaultPowerSchemes
CM_Restore_DefaultPowerScheme
CM_Run_Detection
CM_Run_Detection_Ex
CM_Set_ActiveScheme
CM_Set_Class_PropertyW
CM_Set_Class_Property_ExW
CM_Set_Class_Registry_PropertyA
CM_Set_Class_Registry_PropertyW
CM_Set_DevNode_Problem
CM_Set_DevNode_Problem_Ex
CM_Set_DevNode_PropertyW
CM_Set_DevNode_Property_ExW
CM_Set_DevNode_Registry_PropertyA
CM_Set_DevNode_Registry_PropertyW
CM_Set_DevNode_Registry_Property_ExA
CM_Set_DevNode_Registry_Property_ExW
CM_Set_Device_Interface_PropertyW
CM_Set_Device_Interface_Property_ExW
CM_Set_HW_Prof
CM_Set_HW_Prof_Ex
CM_Set_HW_Prof_FlagsA
CM_Set_HW_Prof_FlagsW
CM_Set_HW_Prof_Flags_ExA
CM_Set_HW_Prof_Flags_ExW
CM_Setup_DevNode
CM_Setup_DevNode_Ex
CM_Test_Range_Available
CM_Uninstall_DevNode
CM_Uninstall_DevNode_Ex
CM_Unregister_Device_InterfaceA
CM_Unregister_Device_InterfaceW
CM_Unregister_Device_Interface_ExA
CM_Unregister_Device_Interface_ExW
CM_Unregister_Notification
CM_Write_UserPowerKey
DevCloseObjectQuery
DevCreateObjectQuery
DevCreateObjectQueryEx
DevCreateObjectQueryFromId
DevCreateObjectQueryFromIdEx
DevCreateObjectQueryFromIds
DevCreateObjectQueryFromIdsEx
DevFindProperty
DevFreeObjectProperties
DevFreeObjects
DevGetObjectProperties
DevGetObjectPropertiesEx
DevGetObjects
DevGetObjectsEx
DevSetObjectProperties
SwDeviceClose
SwDeviceCreate
SwDeviceGetLifetime
SwDeviceInterfacePropertySet
SwDeviceInterfaceRegister
SwDeviceInterfaceSetState
SwDevicePropertySet
SwDeviceSetLifetime
SwMemFree

Sections

.text
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aaf99f34577abafdcb8b093ba83d48ad

Code Sign

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4eCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

fa:93:14:01:43:5e:96:0d:c8:bc:46:21:5a:13:d5:1a:78:c0:a2:d6:56:e1:b4:8f:7e:a9:e9:dd:d3:20:2f:88Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-crt-l1-1-0

api-ms-win-core-crt-l2-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-security-base-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-memory-l1-1-2

api-ms-win-core-io-l1-1-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 265KB - Virtual size: 265KB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 16KB - Virtual size: 16KB

.idata Size: 8KB - Virtual size: 7KB

.didat Size: 1024B - Virtual size: 800B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 856B

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4e
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

fa:93:14:01:43:5e:96:0d:c8:bc:46:21:5a:13:d5:1a:78:c0:a2:d6:56:e1:b4:8f:7e:a9:e9:dd:d3:20:2f:88
Signer

.text
Size: 265KB - Virtual size: 265KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 16KB - Virtual size: 16KB

.idata
Size: 8KB - Virtual size: 7KB

.didat
Size: 1024B - Virtual size: 800B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 856B