Windows[.]Devices[.]Usb[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Windows.Devices.Usb.dll
Size

281KB
MD5

e9cc89c578916426928d640badc74a10
SHA1

b508bd2f6106cb0e2979ec72e8ed2ffa18961df7
SHA256

ab94c653c61b8e50e76a43a67270011d670a781adc6861e3d07a7b1007b3f542
SHA512

2f3cebffdbd715ac08a60b98f4bdfbfd2624388342dbd131762d238e165215402a57677d8944d93212af05b6f3313753800a25de484571ca544eef931e1620be
SSDEEP

3072:8hfT9Kb+zSIErRL70clGbWlDtQv7zYfk8BM28xES2Rucr+Yi9+IpGntS6E5GjVrr:gfT9Q5DnGig/YMLxEJrIpGSe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Windows.Devices.Usb.dll

Files

Windows.Devices.Usb.dll
.dll windows:6 windows x86 arch:x86

920fe70b9b82020771fd83176fd6018e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Windows.Devices.Usb.pdb

Imports

msvcrt

wcsstr
swscanf_s
_wcsicmp
memset
??0exception@@QAE@XZ
_CxxThrowException
_callnewh
_XcptFilter
_amsg_exit
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
realloc
free
malloc
memmove_s
_purecall
_initterm
_lock
_unlock
__dllonexit
_vsnwprintf
??_V@YAXPAX@Z
_onexit
__CxxFrameHandler3
??1type_info@@UAE@XZ
_except_handler4_common
??3@YAXPAX@Z
memcmp
memcpy

api-ms-win-core-winrt-error-l1-1-1

GetRestrictedErrorInfo
SetRestrictedErrorInfo
IsErrorPropagationEnabled
RoTransformError
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
RoOriginateError
RoOriginateErrorW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserFree
HSTRING_UserUnmarshal
HSTRING_UserMarshal
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsCreateString
HSTRING_UserSize

api-ms-win-core-com-l1-1-1

CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoCreateInstance
RoGetAgileReference
CoGetApartmentType
CoWaitForMultipleHandles
CoUninitialize
CoGetCallerTID
CLSIDFromString
CoInitializeEx
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
CoSetProxyBlanket
CoCopyProxy
CoMarshalInterface
CreateStreamOnHGlobal
CoCreateFreeThreadedMarshaler

api-ms-win-devices-config-l1-1-1

CM_Unregister_Notification
CM_Register_Notification

api-ms-win-core-psm-app-l1-1-0

PsmRegisterAppStateChangeNotification
PsmQueryCurrentAppState
PsmUnregisterAppStateChangeNotification

ntdll

RtlNtStatusToDosError

kernel32

RegCloseKey
RegQueryValueExW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
OpenProcess
TlsGetValue
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
TrySubmitThreadpoolCallback
CallbackMayRunLong
FreeLibraryWhenCallbackReturns
GetModuleHandleExW
CreateEventExW
GetCurrentProcessId
OpenSemaphoreW
ReleaseSemaphore
TlsAlloc
CreateSemaphoreW
TlsFree
GetTickCount
TlsSetValue
FreeLibraryAndExitThread
FreeLibrary
SetEvent
Sleep
WaitForSingleObject
GetCurrentThreadId
EncodePointer
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSection
RaiseException
DecodePointer
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
DisableThreadLibraryCalls
CreateThreadpoolIo
CloseThreadpoolIo
CloseHandle
SubmitThreadpoolWork
CreateThreadpoolWork
EnterCriticalSection
LeaveCriticalSection
CloseThreadpoolWork
DeleteCriticalSection
InitializeCriticalSectionEx
CancelIoEx
CancelThreadpoolIo
StartThreadpoolIo
CreateThread
InitOnceInitialize
InitOnceExecuteOnce
GetLastError
SetLastError

ole32

ObjectStublessClient3
ObjectStublessClient10
ObjectStublessClient6
ObjectStublessClient13
ObjectStublessClient11
ObjectStublessClient9
ObjectStublessClient7
ObjectStublessClient15
ObjectStublessClient8
ObjectStublessClient12
NdrProxyForwardingFunction4
ObjectStublessClient14
NdrProxyForwardingFunction5
NdrProxyForwardingFunction3

rpcrt4

CStdStubBuffer_Connect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
NdrCStdStubBuffer_Release
IUnknown_Release_Proxy
NdrStubCall2
CStdStubBuffer_CountRefs
NdrOleAllocate
NdrStubForwardingFunction
NdrOleFree
IUnknown_QueryInterface_Proxy
CStdStubBuffer_AddRef
CStdStubBuffer_DebugServerQueryInterface
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrCStdStubBuffer2_Release

user32

LoadStringW
PostThreadMessageW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx

advapi32

RegOpenKeyW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTokenInformation
OpenProcessToken
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
TraceMessage

shlwapi

SHSetThreadRef
SHCreateThreadRef
SHGetThreadRef

winusb

WinUsb_QueryInterfaceSettings
WinUsb_ControlTransfer
WinUsb_SetCurrentAlternateSettingAsync
WinUsb_QueryDeviceInformation
WinUsb_GetDescriptor
WinUsb_Initialize
WinUsb_GetAssociatedInterface
WinUsb_ResetPipeAsync
WinUsb_GetPipePolicy
WinUsb_SetPipePolicy
WinUsb_WritePipe
WinUsb_ReadPipe
WinUsb_FlushPipe
WinUsb_Free

api-ms-win-devices-query-l1-1-1

DevGetObjectProperties
DevFreeObjectProperties

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 462B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

minATL
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

920fe70b9b82020771fd83176fd6018e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-devices-config-l1-1-1

api-ms-win-core-psm-app-l1-1-0

ntdll

kernel32

ole32

rpcrt4

user32

advapi32

shlwapi

winusb

api-ms-win-devices-query-l1-1-1

Exports

Exports

Sections

.text Size: 229KB - Virtual size: 228KB

.orpc Size: 512B - Virtual size: 462B

.data Size: 5KB - Virtual size: 5KB

.idata Size: 7KB - Virtual size: 6KB

.tls Size: 512B - Virtual size: 9B

minATL Size: 512B - Virtual size: 48B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 229KB - Virtual size: 228KB

.orpc
Size: 512B - Virtual size: 462B

.data
Size: 5KB - Virtual size: 5KB

.idata
Size: 7KB - Virtual size: 6KB

.tls
Size: 512B - Virtual size: 9B

minATL
Size: 512B - Virtual size: 48B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 36KB