PortableDeviceApi[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PortableDeviceApi.dll
Size

509KB
MD5

fd7a68c728c5d85eafd8bfd32de12211
SHA1

21d972d738c9084861cd0d70ccb3b7723a654d55
SHA256

8aec713533214e9654aa4b0ae2388800a8d2d3686c83684ef33119855fb1edf6
SHA512

f3f06b3516cd63e07b20f9943349ebc86323700e9be3e14005508ee62c99c49cbbdbcc3d9758773c1fc808a3f0701417181d370dc3cfd9f91c600457be1125e4
SSDEEP

12288:llcSszkZdSR63BuUP20UF5zUYC57m2Pv2AOw:OkZdSR63BuUP20UFhU357m2Pv2jw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PortableDeviceApi.dll

Files

PortableDeviceApi.dll
.dll regsvr32 windows:10 windows x86 arch:x86

0c8dbce909ae64b383901d80d54b81d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PortableDeviceApi.pdb

Imports

msvcrt

_unlock
_errno
wcsncmp
vswprintf_s
realloc
_amsg_exit
_vscwprintf
_wcsicmp
calloc
_except_handler4_common
??1type_info@@UAE@XZ
_initterm
_onexit
_callnewh
wcsnlen
memmove_s
_purecall
?terminate@@YAXXZ
__dllonexit
memcpy
_lock
wcscat_s
__CxxFrameHandler3
wcscpy_s
free
malloc
wcsncpy_s
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy_s
_vsnwprintf
_XcptFilter
_CxxThrowException
_ftol2
memcmp
memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleW
GetModuleFileNameA
LoadLibraryExW
FreeLibraryAndExitThread
LockResource
SizeofResource
GetProcAddress
LoadResource
GetModuleHandleExW
LoadStringW
FindResourceExW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
ReleaseMutex
EnterCriticalSection
WaitForMultipleObjectsEx
InitializeCriticalSection
CreateSemaphoreExW
CreateEventW
AcquireSRWLockExclusive
SetEvent
WaitForSingleObject
ReleaseSRWLockExclusive
DeleteCriticalSection
WaitForSingleObjectEx
ReleaseSemaphore
LeaveCriticalSection
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
GetProcessHeap
HeapDestroy
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

CreateThread
ResumeThread
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
OpenProcessToken
GetCurrentThread
OpenThreadToken
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

rpcrt4

NdrCStdStubBuffer_Release
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
NdrDllGetClassObject
NdrDllRegisterProxy
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_Connect
CStdStubBuffer_QueryInterface
NdrDllCanUnloadNow
CStdStubBuffer_CountRefs
NdrDllUnregisterProxy
CStdStubBuffer_Invoke
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
NdrCStdStubBuffer2_Release
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
NdrClientCall2
NdrStubCall2
NdrStubForwardingFunction

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent
TraceMessage
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableLevel

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventActivityIdControl
EventUnregister
EventWriteTransfer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-security-base-l1-1-0

GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation

api-ms-win-core-io-l1-1-0

CancelIoEx
DeviceIoControl
GetOverlappedResult

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback
CallbackMayRunLong
FreeLibraryWhenCallbackReturns

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
InitOnceComplete
WakeAllConditionVariable
Sleep
InitOnceBeginInitialize

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

kernel32

GetCurrentPackageFamilyName
lstrcmpiW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 402KB - Virtual size: 401KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c8dbce909ae64b383901d80d54b81d8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

rpcrt4

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-3

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l2-1-0

kernel32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 402KB - Virtual size: 401KB

.data Size: 5KB - Virtual size: 9KB

.idata Size: 6KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 296B

.rsrc Size: 63KB - Virtual size: 62KB

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 402KB - Virtual size: 401KB

.data
Size: 5KB - Virtual size: 9KB

.idata
Size: 6KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 296B

.rsrc
Size: 63KB - Virtual size: 62KB

.reloc
Size: 30KB - Virtual size: 30KB