fmifs[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

fmifs.dll
Size

51KB
MD5

1663eac846ea00d413e034b3cf8c99c1
SHA1

2122cd6c6cfa8875d2a541a5174324ed5a8ffba7
SHA256

18d423686d2df8c4cdac934568d54c5e5b430ba3d2a996ce692014f18b861648
SHA512

c6362c7890a352456ec5c4fc3e6bbddc0748724c96dca0cbf0d8a99ad35e671293b5078aa13870d966a5f65c02cfd390180c78ee927e9b9cd666aa79647b584a
SSDEEP

1536:0m3+EnLIcmC/fb8uTVZXUvG8Vfp1fp7GTs:0FElgt7GTs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fmifs.dll

Files

fmifs.dll
.dll windows:6 windows x64 arch:x64

ee1527a4a716df81a9cb2614d60e0180

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fmifs.pdb

Imports

msvcrt

memcpy
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
realloc
malloc
free
swscanf
memset

ntdll

RtlFreeHeap
RtlNtStatusToDosError
NtSetVolumeInformationFile
NtClose
NtOpenFile
RtlQueryRegistryValuesEx
RtlInitUnicodeString
NtFsControlFile
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlEqualUnicodeString
NtQueryDirectoryObject
RtlPrefixUnicodeString
NtOpenDirectoryObject
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateHeap

api-ms-win-core-errorhandling-l1-1-1

SetErrorMode
GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-2-1

CreateFileW

api-ms-win-core-io-l1-1-1

DeviceIoControl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetModuleFileNameW
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

ulib

?DisplayMsg@MESSAGE@@QEAAEK@Z
?Strupr@WSTRING@@QEAAPEAV1@XZ
?QuerySTR@WSTRING@@QEBAPEADKKPEADKE@Z
?QueryResourceStringV@BASE_SYSTEM@@SAEPEAVWSTRING@@KPEBDPEAD@Z
?LogMessage@MESSAGE@@QEAAEPEBVWSTRING@@@Z
?SPrintfAppend@DSTRING@@UEAAEPEBGZZ
?SPrintf@DSTRING@@UEAAEPEBGZZ
?NewBuf@DSTRING@@UEAAEK@Z
?Resize@DSTRING@@UEAAEK@Z
?Strcmp@WSTRING@@QEBAJPEBV1@KKKK@Z
?InsertString@WSTRING@@QEAAEKPEBV1@KK@Z
?DeleteChAt@WSTRING@@QEAAXKK@Z
?QueryNumber@WSTRING@@QEBAEPEAJKK@Z
?QueryString@WSTRING@@QEBAPEAV1@KK@Z
?QueryMemberCount@ARRAY@@UEBAKXZ
?QueryIterator@ARRAY@@UEBAPEAVITERATOR@@XZ
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
?Initialize@ARRAY@@QEAAEKK@Z
??1ARRAY@@UEAA@XZ
??0ARRAY@@QEAA@XZ
??9WSTRING@@QEBAEAEBV0@@Z
?Stricmp@WSTRING@@QEBAJPEBV1@@Z
?Strcmp@WSTRING@@QEBAJPEBV1@@Z
?GetWSTR@WSTRING@@QEBAPEBGXZ
?Initialize@WSTRING@@QEAAEXZ
?AnalyzePath@PATH@@QEAA?AW4PATH_ANALYZE_CODE@@PEAVWSTRING@@PEAV1@0@Z
?IsLoggingEnabled@MESSAGE@@QEAAEXZ
??0CLASS_DESCRIPTOR@@QEAA@XZ
?Initialize@CLASS_DESCRIPTOR@@QEAAEXZ
?QueryChCount@WSTRING@@QEBAKXZ
??8WSTRING@@QEBAEAEBV0@@Z
?QueryLibraryEntryPoint@SYSTEM@@SAP6A_JXZPEBVWSTRING@@0PEAPEAX@Z
?FreeLibraryHandle@SYSTEM@@SAXPEAX@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
?QueryWSTR@WSTRING@@QEBAPEAGKKPEAGKE@Z
?Strcat@WSTRING@@QEAAEPEBV1@@Z
??0DSTRING@@QEAA@XZ
??1DSTRING@@UEAA@XZ
?SetClassDescriptor@OBJECT@@IEAAXPEBVCLASS_DESCRIPTOR@@@Z
?QueryChAt@WSTRING@@QEBAGK@Z
??0MESSAGE@@QEAA@XZ
??1MESSAGE@@UEAA@XZ
?Initialize@MESSAGE@@QEAAEXZ
?IsSuppressedMessage@MESSAGE@@UEAAEE@Z
?IsYesResponse@MESSAGE@@UEAAEE@Z
?QueryStringInput@MESSAGE@@UEAAEPEAVWSTRING@@@Z
?IsInAutoChk@MESSAGE@@UEAAEXZ
?IsInSetup@MESSAGE@@UEAAEXZ
?IsKeyPressed@MESSAGE@@UEAAEKK@Z
?WaitForUserSignal@MESSAGE@@UEAAEXZ
?SelectResponse@MESSAGE@@UEAAKKZZ
?SetDotsOnly@MESSAGE@@UEAAEE@Z
?Compare@OBJECT@@UEBAJPEBV1@@Z
?SetLoggingEnabled@MESSAGE@@QEAAXE@Z
??0HMEM@@QEAA@XZ
??1HMEM@@UEAA@XZ
?Initialize@HMEM@@QEAAEXZ
?Resize@HMEM@@QEAAEKK@Z
?QueryDriveType@SYSTEM@@SA?AW4DRIVE_TYPE@@PEBVWSTRING@@@Z
?QueryNextLibraryEntryPoint@SYSTEM@@SAP6A_JXZPEAXPEBVWSTRING@@@Z
?DisplayMsg@MESSAGE@@QEAAEKPEBDZZ
?Log@MESSAGE@@QEAAEPEBDZZ
?QueryPackedLog@MESSAGE@@QEAAEPEAVHMEM@@PEAK@Z
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?Stricmp@WSTRING@@QEBAJPEBV1@KKKK@Z
?Strcat@WSTRING@@QEAAEPEBG@Z
??0PATH@@QEAA@XZ
?Initialize@PATH@@QEAAEPEBVWSTRING@@E@Z
?Initialize@PATH@@QEAAEPEBGE@Z
?AppendString@PATH@@QEAAEPEBVWSTRING@@@Z
?SqmExportOnError@SQMEXPORT@@SAXKKEE_KU_GUID@@@Z
?IsDrive@PATH@@QEBAEXZ
??1PATH@@UEAA@XZ

ifsutil

?AddDriveName@MOUNT_POINT_MAP@@QEAAEPEAVWSTRING@@0@Z
?AddVolumeName@MOUNT_POINT_MAP@@QEAAEPEAVWSTRING@@0@Z
?Initialize@MOUNT_POINT_MAP@@QEAAEXZ
??1MOUNT_POINT_MAP@@UEAA@XZ
??0MOUNT_POINT_MAP@@QEAA@XZ
?QueryVolumeName@MOUNT_POINT_MAP@@QEAAEPEAVWSTRING@@0@Z
?NtDeviceNameToDosDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?NtDriveNameToDosDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?QueryDriveName@MOUNT_POINT_MAP@@QEAAEPEAVWSTRING@@0@Z
?GetAt@MOUNT_POINT_MAP@@QEAAEKPEAVWSTRING@@0@Z
?QueryUdfMediaNeedsLowLevelFormat@DP_DRIVE@@QEAAEXZ
??0LOG_IO_DP_DRIVE@@QEAA@XZ
?QueryCorruptionState@IFS_SYSTEM@@SAEPEAVWSTRING@@PEAKPEAEPEAJ@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?EnableVolumeIntegrity@IFS_SYSTEM@@SAEPEBVWSTRING@@G@Z
?GetDefaultFileSystemIfs@@YAEPEAUFMIFS_DEF_FS_PARAM@@PEAUFMIFS_DEF_FS_OUT@@PEAK@Z
?InvalidateFve@@YAEPEAVDSTRING@@PEAVMESSAGE@@PEAU_FORMATEX_FN_PARAM@@@Z
?NotifyFveAfterFormat@@YAXPEAVDSTRING@@@Z
??0DP_DRIVE@@QEAA@XZ
??1DP_DRIVE@@UEAA@XZ
?Initialize@DP_DRIVE@@QEAAEPEBVWSTRING@@PEAVMESSAGE@@EEG@Z
?CloseDriveHandle@DP_DRIVE@@QEAAXXZ
?QuerySectorSize@DP_DRIVE@@UEBAKXZ
?QuerySectors@DP_DRIVE@@UEBA?AVBIG_INT@@XZ
?QueryDataRedundancyCount@DP_DRIVE@@UEAAJPEAK0@Z
?QueryNtfsSupportInfo@DP_DRIVE@@SAJPEAXPEAE@Z
?Initialize@LOG_IO_DP_DRIVE@@QEAAEPEBVWSTRING@@PEAVMESSAGE@@EG@Z
?QueryID@DP_DRIVE@@QEAAEPEAVWSTRING@@PEBV2@@Z
?IsBootCriticalVolume@DP_DRIVE@@QEAAEXZ
?QueryVolumeSize@IFS_SYSTEM@@SAEPEBVWSTRING@@PEA_K@Z
?IsVolumeDirty@IFS_SYSTEM@@SAEPEAVWSTRING@@PEAE1PEAJ@Z
?QueryID@DP_DRIVE@@QEAAEPEAU_GUID@@PEBVWSTRING@@@Z
?GetSnapshotNtDeviceName@SNAPSHOT@@QEAAPEAGXZ
?QuerySnapshotDiffAreaVolume@SNAPSHOT@@QEAAEPEAVWSTRING@@@Z
?GetVolumeSnapshot@SNAPSHOT@@SAJPEAVWSTRING@@PEAPEAV1@@Z
?ReleaseVolumeSnapshot@SNAPSHOT@@SAEPEAV1@@Z
?IsFatalError@SNAPSHOT@@SAEJ@Z
?GetSnapshotErrorMessage@SNAPSHOT@@SAEJPEAVWSTRING@@@Z
?GetCurrentSnapshot@SNAPSHOT@@SAPEAV1@XZ
?DiskCopyMainLoop@@YAHPEBVWSTRING@@000EPEAVMESSAGE@@1@Z
?QueryDriveType@DP_DRIVE@@QEBA?AW4DRIVE_TYPE@@XZ
?QueryFileSystemName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@PEAJ1@Z

api-ms-win-eventlog-legacy-l1-1-0

ReportEventW
DeregisterEventSource
RegisterEventSourceW

Exports

Exports

Chkdsk
ChkdskEx
ComputeFmMediaType
DiskCopy
EnableVolumeCompression
EnableVolumeIntegrity
Extend
Format
FormatEx
FormatEx2
FreeCorruptionInfo
GetCorruptionInfoClose
GetDefaultFileSystem
GetFirstCorruptionInfo
GetNextCorruptionInfo
QueryAvailableFileSystemFormat
QueryCorruptionState
QueryCorruptionStateByHandle
QueryDeviceInformation
QueryDeviceInformationByHandle
QueryFileSystemName
QueryIsDiskCheckScheduledForNextBoot
QueryLatestFileSystemVersion
QuerySupportedMedia
SetLabel

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee1527a4a716df81a9cb2614d60e0180

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-io-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

ulib

ifsutil

api-ms-win-eventlog-legacy-l1-1-0

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 37KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 960B

.idata Size: 9KB - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 512B - Virtual size: 112B

.text
Size: 37KB - Virtual size: 37KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 960B

.idata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 512B - Virtual size: 112B