DevDispItemProvider[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

DevDispItemProvider.dll
Size

101KB
MD5

24c03102b77ca720076cff0a74751fab
SHA1

29072b451b03b25230d87409932ef138f49d989f
SHA256

582b82dea7cc432ac612552645c4cdaa8914e27e740872c6aa0b96c91711ecfd
SHA512

a3c14ee4b63a8c3ec81bb3a99bde275a30c2b908cea59496b3da175052a9b03059b3726dbc4fb9c9c769ceb20ead6a358481b83e0b1537d59828ddbc0b145720
SSDEEP

3072:NeFjOjElT6/ZDifVKh2ykrM+2vwvX372gb:M9OjE9OZ4SAMvvQ7

Score

1^/10

Malware Config

Signatures

Files

DevDispItemProvider.dll
.dll windows:10 windows x86 arch:x86

7c0638382acd4de2fb134ce3d20d0469

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:b4:50:b2:88:26:41:7a:bb:1e:e3:d1:12:c8:74:0d:27:ca:69:dc:6b:ae:26:f5:7c:ea:f4:a1:1e:51:0b:d8
Signer

Actual PE Digest

56:b4:50:b2:88:26:41:7a:bb:1e:e3:d1:12:c8:74:0d:27:ca:69:dc:6b:ae:26:f5:7c:ea:f4:a1:1e:51:0b:d8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DevDispItemProvider.pdb

Imports

msvcrt

memcpy
_except_handler4_common
_initterm
wcschr
wcsstr
memcmp
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_purecall
_wcsicmp
memset

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlGUIDFromString
RtlInitUnicodeStringEx
RtlLengthSecurityDescriptor
RtlValidRelativeSecurityDescriptor
RtlAvlRemoveNode
RtlAvlInsertNodeEx
RtlNtStatusToDosErrorNoTeb
RtlPrefixUnicodeString

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
UnregisterTraceGuids
RegisterTraceGuidsW
TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibrary

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseSRWLockShared

api-ms-win-core-com-l1-1-0

CoInitializeEx
CLSIDFromString
CoIncrementMTAUsage
PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
StringFromGUID2
CoDecrementMTAUsage

api-ms-win-core-localization-l1-2-0

FormatMessageW
LocaleNameToLCID
SetThreadPreferredUILanguages

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-devices-query-l1-1-1

DevCreateObjectQueryFromIdEx
DevCreateObjectQueryFromIdsEx
DevCreateObjectQueryEx

api-ms-win-devices-query-l1-1-0

DevFindProperty
DevGetObjectProperties
DevGetObjects
DevFreeObjects
DevCloseObjectQuery
DevCreateObjectQuery
DevSetObjectProperties
DevFreeObjectProperties

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DevQueryEntry

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c0638382acd4de2fb134ce3d20d0469

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

56:b4:50:b2:88:26:41:7a:bb:1e:e3:d1:12:c8:74:0d:27:ca:69:dc:6b:ae:26:f5:7c:ea:f4:a1:1e:51:0b:d8Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-devices-query-l1-1-1

api-ms-win-devices-query-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 81KB - Virtual size: 80KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

56:b4:50:b2:88:26:41:7a:bb:1e:e3:d1:12:c8:74:0d:27:ca:69:dc:6b:ae:26:f5:7c:ea:f4:a1:1e:51:0b:d8
Signer

.text
Size: 81KB - Virtual size: 80KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB