Microsoft[.]Management[.]Infrastructure[.]Native[.]Unmanaged[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Microsoft.Management.Infrastructure.Native.Unmanaged.dll
Size

14KB
MD5

d701558a21bc165ae75c0dd4b2a71cd5
SHA1

eb9e6d0638f7a2430dce7808a0f557d461670c4c
SHA256

138751e76ba44f47a9e7cf837647860c92996fd5897a6a1c6a2b0514e016c2a7
SHA512

e0758c310b9db1bfc5a586c5c165e687ca4dca53c2c807206a1c7abbb1ace1c0f422e774f09c09c97e2db4067ee467c9d4743b9235e8a559c0eea7edc403c7db
SSDEEP

192:KtSGQaLQWQOPudyvV9tENgsgHXgKME6k5IJbWHceWITEH:Kt9Q1OPudC4Ngs4V5IJbWHceWj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Microsoft.Management.Infrastructure.Native.Unmanaged.dll

Files

Microsoft.Management.Infrastructure.Native.Unmanaged.dll
.dll windows:10 windows x86 arch:x86

76db6a07de705b9942c01c1011ba54f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Management.Infrastructure.Native.Unmanaged.pdb

Imports

msvcrt

_except_handler4_common
_initterm
malloc
_amsg_exit
_XcptFilter
free
memset

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CreateThreadpool
CloseThreadpool
CloseThreadpoolWork
SubmitThreadpoolWork
LeaveCriticalSectionWhenCallbackReturns

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenThreadToken
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentThread
SetThreadToken

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

mi

mi_clientFT_V1

Exports

Exports

GetAddr_OperationCallbacks_ClassObjectNeededCallback
GetAddr_OperationCallbacks_FreeIncludedFileBufferCallback
GetAddr_OperationCallbacks_GetIncludedFileBufferCallback
GetAddr_OperationCallbacks_NativeClassCallback
GetAddr_OperationCallbacks_NativeIndicationCallback
GetAddr_OperationCallbacks_NativeInstanceCallback
GetAddr_OperationCallbacks_NativePromptUserCallback
GetAddr_OperationCallbacks_NativeStreamedParameterResultCallback
GetAddr_OperationCallbacks_NativeWriteErrorCallback
GetAddr_OperationCallbacks_NativeWriteMessageCallback
GetAddr_OperationCallbacks_NativeWriteProgressCallback
GetAddr_SessionHandle_OnReleaseHandleCompleted
MI_ApplicationWrapper_Initialize
MI_ApplicationWrapper_ScheduleCleanupCallback
MI_ApplicationWrapper_SetAppDomainIsUnloading
MI_Helpers_GetCurrentSecurityToken
MI_Helpers_IsClrShuttingDown
MI_Helpers_SetClrIsNotShuttingDown
MI_Helpers_SetClrIsShuttingDown
MI_OperationWrapper_DecrementCount_AndDontWorryAboutLifetimeOfMiDotNetDll
MI_OperationWrapper_DecrementCount_AndManageLifetimeOfMiDotNetDll
MI_OperationWrapper_GetClass
MI_OperationWrapper_GetIndication
MI_OperationWrapper_GetInstance
MI_OperationWrapper_Initialize
MI_OperationWrapper_ScheduleDrainingWorkIfNeeded
MI_OperationWrapper_SetupDrainingIfNeeded
UnmanagedMI_GetMiClientFT_V1
UnmanagedMI_GetMiEvaluatorFT_V1
UnmanagedMI_GetMiMonitoringFT_V1
UnmanagedMI_GetMiReactiveExtensionsFT_V1

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76db6a07de705b9942c01c1011ba54f0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

mi

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 928B

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 444B

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 928B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 444B