NPSM[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NPSM.dll
Size

172KB
MD5

fad303fd24fcc90ca9692189c3566219
SHA1

3d6368ab5dfd1d7e5eba5b66b21383a8b5b8d6de
SHA256

f26ae614bc00171da3d0c81faba43c7dd57bfc2387304406a5e2f16d1dd87493
SHA512

5cb3b4d421fd94ee34ff8a86d4032f4724ece1581237027be60843f280c47446aca73e938af8f690ea3c07bc063ff56ae48107251229c0c9dd86b2b343d65b62
SSDEEP

3072:G8+b+F/+EKR6XpgxCUZtmvhdE19/jwyCoBGzqaeRoOw+x9t:G81WEmGrpdE1SeBGb2wa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NPSM.dll

Files

NPSM.dll
.dll windows:10 windows x86 arch:x86

3d4a81821b9b601c124ce999f6607a48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

NPSM.pdb

Imports

msvcrt

_except_handler4_common
__CxxFrameHandler3
_onexit
__dllonexit
??1type_info@@UAE@XZ
_callnewh
memmove
_unlock
_lock
memcpy
_initterm
malloc
_CxxThrowException
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
?terminate@@YAXXZ
free
_amsg_exit
_XcptFilter
??3@YAXPAX@Z
??0exception@@QAE@ABQBDH@Z
_purecall
_vsnwprintf
??_V@YAXPAX@Z
memcpy_s
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_vsnprintf_s
difftime
time
wcschr
memset

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete
WakeByAddressAll
WaitOnAddress

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsCreateString

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-obsolete-l1-1-0

RegisterTraceGuidsA

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
UnregisterTraceGuids
GetTraceLoggerHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
RoTransformError

api-ms-win-core-synch-l1-1-0

CreateEventExW
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockShared
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
OpenSemaphoreW
SetEvent
CreateEventW
CreateSemaphoreExW
DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockShared
CreateMutexExW
InitializeSRWLock

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA
FreeLibrary

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
ProcessIdToSessionId
GetCurrentThreadId
GetProcessId
GetCurrentProcessId
OpenProcessToken

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
RaiseException
UnhandledExceptionFilter
SetLastError

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoImpersonateClient
CoRevertToSelf
CoTaskMemRealloc
CoCancelCall
CoEnableCallCancellation
CoTaskMemFree
CoGetMalloc
CoSetProxyBlanket
CoResumeClassObjects
CoRegisterClassObject
PropVariantClear
CoWaitForMultipleHandles
CoGetCallContext
CoRevokeClassObject
CoDisconnectContext
CoUninitialize
CoDecrementMTAUsage
CoCreateInstance
CoIncrementMTAUsage
CoInitializeEx
CoDisableCallCancellation
CLSIDFromString

ntdll

RtlFreeHeap
NtQueryInformationToken
RtlInitUnicodeString
RtlEqualSid
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlQueryPackageClaims
RtlPublishWnfStateData

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories
RoGetActivationFactory
RoActivateInstance

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventActivityIdControl
EventUnregister
EventRegister

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolTimer
CreateThreadpoolWait
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CloseThreadpoolWait

api-ms-win-core-featurestaging-l1-1-0

GetFeatureEnabledState
UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage
SubscribeFeatureStateChangeNotification

api-ms-win-core-processthreads-l1-1-1

OpenProcess

rpcrt4

I_RpcBindingInqLocalClientPID

api-ms-win-security-base-l1-1-0

GetTokenInformation
GetLengthSid
CopySid

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

combase

ord68
ord67
ord66

propsys

ord436
PSGetPropertyKeyFromName
PSPropertyKeyFromString
PSCreateMemoryPropertyStore

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
RegisterNowPlayingSessionManagerFactory
ServiceMain
SvchostPushServiceGlobals
UnregisterNowPlayingSessionManagerFactory

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d4a81821b9b601c124ce999f6607a48

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-eventing-obsolete-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

ntdll

api-ms-win-core-winrt-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-power-setting-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-featurestaging-l1-1-0

api-ms-win-core-processthreads-l1-1-1

rpcrt4

api-ms-win-security-base-l1-1-0

api-ms-win-security-capability-l1-1-0

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-shcore-stream-winrt-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-heap-l2-1-0

combase

propsys

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 151KB - Virtual size: 151KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 8KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 64B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 151KB - Virtual size: 151KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 8KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 64B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB