Windows[.]Devices[.]SmartCards[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Windows.Devices.SmartCards.dll
Size

614KB
MD5

77661b60f71ed83712510a4dbd2f24f0
SHA1

3e0c16f5bebc503638334486570e9c04eaf8c608
SHA256

2e775e568f0bd842a7c1d9ee3a7c25b7ae4b488702f6c602b7c43b33b370bbc1
SHA512

78e72922efd38fb591b8d546e3bc2e2ec9d8a040620872eda9ed462e4585dba3c3d146e8f416728319a02cd97e550a69b6d232423d07a7e47163cfe158ce8e9f
SSDEEP

6144:o9a66cLUuDMCYrSIv6yk9uc4rDm7bK45CYtK1Wq6ZWn3CVI5/LZrEj:KaTuICYZuuFm7bwYtQWq6ZW3Ce5jZE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Windows.Devices.SmartCards.dll

Files

Windows.Devices.SmartCards.dll
.dll windows:6 windows x86 arch:x86

30669f00960da30a6f4c97615b8c63ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Windows.Devices.SmartCards.pdb

Imports

msvcrt

??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
_vsnwprintf
??0exception@@QAE@ABQBD@Z
__pctype_func
?terminate@@YAXXZ
_lock
memmove
wcschr
memcpy
??_V@YAXPAX@Z
localeconv
memmove_s
??1bad_cast@@UAE@XZ
ldexp
realloc
___lc_codepage_func
memset
setlocale
sprintf_s
___lc_handle_func
??0exception@@QAE@XZ
memchr
_errno
__crtLCMapStringA
malloc
??0bad_cast@@QAE@ABV0@@Z
_wcsicmp
isupper
wcsnlen
memcpy_s
abort
_CxxThrowException
strnlen
___mb_cur_max_func
calloc
islower
_initterm
_Gettnames
_Getdays
_Getmonths
_Strftime
strtod
isspace
tolower
___lc_collate_cp_func
__crtCompareStringA
memcmp
__crtCompareStringW
free
__crtLCMapStringW
_amsg_exit
_XcptFilter
_purecall
??1type_info@@UAE@XZ
strcspn
__mb_cur_max
_except_handler4_common
__CxxFrameHandler3
??2@YAPAXI@Z
_onexit
__dllonexit
_unlock
??3@YAXPAX@Z

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
FreeLibrary
FindResourceExW
LockResource
LoadResource
DisableThreadLibraryCalls
LoadLibraryExW
FreeLibraryAndExitThread

api-ms-win-core-processthreads-l1-1-2

GetCurrentThread
TlsSetValue
GetCurrentProcessId
GetProcessId
OpenThreadToken
GetCurrentProcess
TlsFree
TlsAlloc
GetCurrentThreadId
CreateThread
TerminateProcess
OpenProcessToken
TlsGetValue
OpenProcess

api-ms-win-core-winrt-error-l1-1-1

RoTransformError
RoReportFailedDelegate
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoOriginateErrorW
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

DeleteCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
CreateEventW
WaitForSingleObject
ReleaseSRWLockExclusive
SetEvent
EnterCriticalSection
InitOnceExecuteOnce
TryEnterCriticalSection
InitializeSRWLock
ReleaseSRWLockShared
InitializeCriticalSection
AcquireSRWLockShared
ReleaseSemaphore
OpenSemaphoreW
CreateEventExW
LeaveCriticalSection
Sleep

api-ms-win-core-com-l1-1-1

CoWaitForMultipleHandles
CoTaskMemAlloc
CoInitializeEx
CoMarshalInterface
CreateStreamOnHGlobal
CoSetProxyBlanket
CoRevertToSelf
CoCopyProxy
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoGetApartmentType
RoGetAgileReference
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoImpersonateClient
CoMarshalInterThreadInterfaceInStream
CoCreateGuid
CoGetCallContext
CoUninitialize
CoGetMalloc
CoGetCallerTID
CoTaskMemFree
CoReleaseMarshalData

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDuplicateString
HSTRING_UserFree
HSTRING_UserUnmarshal
HSTRING_UserMarshal
HSTRING_UserSize
WindowsCreateString
WindowsStringHasEmbeddedNull

rpcrt4

NdrOleAllocate
CStdStubBuffer_Disconnect
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrStubCall2
CStdStubBuffer_DebugServerRelease
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_IsIIDSupported
IUnknown_AddRef_Proxy
NdrDllGetClassObject
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrStubForwardingFunction
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrCStdStubBuffer2_Release

api-ms-win-core-errorhandling-l1-1-1

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-kernel32-legacy-l1-1-1

RaiseFailFastException
CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef
SHCreateThreadRef
SHSetThreadRef

combase

ord13
ord11
ord16
ord7
ord14
ord6
ord32
ord10
ord12
ord5
ord9
ord2
ord8
ord34
ord15
ord33
ord90

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
TrySubmitThreadpoolCallback
CallbackMayRunLong
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
FreeLibraryWhenCallbackReturns

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-security-base-l1-2-0

GetTokenInformation
GetLengthSid
CopySid
CheckTokenCapability
CreateWellKnownSid
CheckTokenMembership
DuplicateToken
AllocateAndInitializeSid
FreeSid

ncrypt

NCryptSetProperty
NCryptCreatePersistedKey
NCryptOpenStorageProvider
NCryptFreeObject

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CryptProtectMemory
CryptUnprotectMemory
CertEnumCertificatesInStore
CertOpenStore
CertFreeCertificateContext
CertCloseStore

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-localization-l1-2-1

GetLocaleInfoW

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

devobj

DevObjOpenDeviceInterface
DevObjCreateDeviceInfoList
DevObjDeleteDeviceInterfaceData
DevObjGetDeviceInterfaceProperty
DevObjDestroyDeviceInfoList

cryptsp

CryptReleaseContext
CryptSetProvParam
CryptAcquireContextW

api-ms-win-devices-query-l1-1-1

DevCloseObjectQuery
DevCreateObjectQuery

winscard

SCardReleaseContext
SCardAccessStartedEvent
SCardGetStatusChangeW
SCardListReadersW
SCardFreeMemory
SCardReleaseStartedEvent
g_rgSCardT1Pci
g_rgSCardT0Pci
SCardDisconnect
SCardCancel
SCardEstablishContext
SCardConnectW
SCardListCardsW
SCardGetCardTypeProviderNameW
SCardBeginTransaction
SCardReconnect
SCardEndTransaction
SCardTransmit
SCardGetDeviceTypeIdW

twinapi.appcore

ord2
ord3
ord12

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

ntdll

NtQueryInformationProcess
RtlEqualSid
RtlFreeHeap
RtlInitUnicodeString
NtQueryInformationToken
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlAllocateHeap

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 561KB - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 693B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30669f00960da30a6f4c97615b8c63ef

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

rpcrt4

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-shcore-thread-l1-1-0

combase

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-security-base-l1-2-0

ncrypt

crypt32

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-winrt-robuffer-l1-1-0

devobj

cryptsp

api-ms-win-devices-query-l1-1-1

winscard

twinapi.appcore

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-heap-obsolete-l1-1-0

ntdll

Exports

Exports

Sections

.text Size: 561KB - Virtual size: 561KB

.orpc Size: 1024B - Virtual size: 693B

.data Size: 2KB - Virtual size: 4KB

.idata Size: 10KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 92B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 561KB - Virtual size: 561KB

.orpc
Size: 1024B - Virtual size: 693B

.data
Size: 2KB - Virtual size: 4KB

.idata
Size: 10KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 92B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 36KB