DevicePairingFolder[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

DevicePairingFolder.dll
Size

81KB
MD5

e6b72df02ee0561db7381aee0ca4b7bb
SHA1

d701771e4b7066338d3b829fd29d4600ade3c8f8
SHA256

f20d8f5a35b859b49e03d18cfb1264bcb34b96e1ac5e66f2ba49b368b121dd12
SHA512

205d3af7b9cf2975497e0838e3602fd48be0a9246b81cb683eef84746316641cfd843885afc2119eb902768de064addc448a10bf26b8fa844ccbfe41db33ab6b
SSDEEP

1536:1q36cErQXQp06s+SuCq756uBsmZ0UIHBOUR9ubNMOpBF/rkU+puo4amN:1qrcpA+SpqMRH1MNvBtrkUYOam

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DevicePairingFolder.dll

Files

DevicePairingFolder.dll
.dll windows:10 windows x86 arch:x86

c17654a98427231401c9d2618bf2f7de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DevicePairingFolder.pdb

Imports

msvcrt

__CxxFrameHandler3
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
free
malloc
wcsncpy_s
memcpy_s
_CxxThrowException
_lock
_callnewh
_wtol
wcschr
wcsstr
_amsg_exit
?what@exception@@UBEPBDXZ
_initterm
_vsnwprintf
_purecall
_XcptFilter
memcpy
??1type_info@@UAE@XZ
realloc
_errno
_except_handler4_common
_onexit
__dllonexit
_unlock
memset

shell32

ord18
SHBindToFolderIDListParent
ord155
SHCreateDefaultContextMenu
SHCreateDataObject
SHCreateDefaultExtractIcon
ord16
ord19
SHChangeNotify
ord25
ord763
ShellExecuteExW
SHCreateShellItemArrayFromIDLists
ord256
ord153
SHBindToParent

shlwapi

StrToIntW
ord219
ord199
SHStrDupW
ord615
ord16
ord619
ord344
StrRetToBufW
StrChrW
StrPBrkW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
FreeLibrary
GetModuleHandleA
LoadLibraryExW
GetModuleFileNameW
GetProcAddress
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameA
DisableThreadLibraryCalls
LoadStringW

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
SetEvent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
CreateEventW
ResetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SafeArrayGetElement
VariantInit
VariantClear
SysAllocString
VarUI4FromStr
SysFreeString

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateInstance
CoUninitialize
PropVariantClear
CoTaskMemRealloc
CoGetMalloc
PropVariantCopy
CoWaitForMultipleHandles
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegEnumKeyExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

rpcrt4

UuidToStringW
RpcStringFreeW
UuidFromStringW

api-ms-win-devices-query-l1-1-0

DevCreateObjectQuery
DevCloseObjectQuery

kernel32

lstrcmpiW
lstrlenW

propsys

PSPropertyBag_WriteDWORD
PropVariantChangeType
PropVariantCompareEx
PSGetPropertyFromPropertyStorage
VariantCompare
PSGetPropertyDescription
PSCreateMemoryPropertyStore
PropVariantToVariant
PropVariantToStringAlloc

user32

UnregisterClassA

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c17654a98427231401c9d2618bf2f7de

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

shell32

shlwapi

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

rpcrt4

api-ms-win-devices-query-l1-1-0

kernel32

propsys

user32

api-ms-win-core-heap-l2-1-0

Exports

Exports

Sections

.text Size: 66KB - Virtual size: 66KB

.data Size: 512B - Virtual size: 2KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 66KB - Virtual size: 66KB

.data
Size: 512B - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 4KB