MMDevAPI[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

MMDevAPI.dll
Size

283KB
MD5

5ccf34813d589fb8d682201bbc8f7181
SHA1

d0cbedaed07f069da0aeba6708b760630fab796e
SHA256

9d7fcf6f95716c82f9edca7deef8bf8547319386c63b63bed821ab5ec713bc57
SHA512

ecfaf2b7830419985d7919457f7c152f5e3b53bca5d89eafb201806f6c7f60b04f4569870f9898820559b79b1e0ea2a4818d0d1dd1fb392f7c85723d8fc8d1d3
SSDEEP

6144:jleobLiNEZoXLjcVApe73IgVgD67Mz48S4gHuHUhCjKz:r3eWoXXcnIgvoc8StF/

Score

1^/10

Malware Config

Signatures

Files

MMDevAPI.dll
.dll regsvr32 windows:6 windows x86 arch:x86

6e940b8fd41d3ebd432e0a44ff879783

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/06/2013, 21:43

Not After

17/09/2014, 21:43

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f2:9e:40:2a:8c:f0:6a:fc:aa:6b:54:11:54:bb:88:df:bf:25:e0:a1:9d:d6:a2:d0:55:71:1a:32:d6:de:0e:36
Signer

Actual PE Digest

f2:9e:40:2a:8c:f0:6a:fc:aa:6b:54:11:54:bb:88:df:bf:25:e0:a1:9d:d6:a2:d0:55:71:1a:32:d6:de:0e:36

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MMDevAPI.pdb

Imports

msvcrt

_initterm
_ftol2_sse
_amsg_exit
__CxxFrameHandler3
_CxxThrowException
wcsncpy_s
realloc
??1type_info@@UAE@XZ
_XcptFilter
memcmp
__dllonexit
memset
_vsnprintf
wcstol
_wtoi
wcsncmp
_wcsicmp
_vsnwprintf
?terminate@@YAXXZ
_unlock
wcstoul
memmove_s
calloc
_errno
wcscat_s
wcscpy_s
_resetstkoflw
memcpy_s
_purecall
_onexit
malloc
free
_lock
_except_handler4_common
memcpy

ntdll

EtwSendNotification
EtwNotificationUnregister
EtwNotificationRegister
EtwLogTraceEvent
ShipAssert
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
FindResourceExW
GetModuleHandleExW
GetModuleHandleW
SizeofResource
DisableThreadLibraryCalls
LoadStringW
LoadLibraryExW
LoadResource
GetProcAddress
GetModuleFileNameW

api-ms-win-core-heap-l1-2-0

HeapReAlloc
HeapDestroy
HeapSize
HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegGetValueW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteTreeW
RegDeleteKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitializeCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
AcquireSRWLockExclusive
TryEnterCriticalSection
EnterCriticalSection
Sleep
ResetEvent
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
CreateEventW
InitializeSRWLock
WaitForSingleObject
DeleteCriticalSection
SetEvent

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-string-l2-1-0

CharNextW

rpcrt4

RpcStringFreeW
NdrClientCall2
RpcStringBindingComposeW
RpcBindingFromStringBindingW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWait
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolTimer
SetThreadpoolWait
FreeLibraryWhenCallbackReturns
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolCleanupGroup

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
ProcessIdToSessionId
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventUnregister
EventRegister

api-ms-win-core-localization-l1-2-1

FormatMessageW
GetThreadLocale
SetThreadLocale

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime
GetSystemTime
GetLocalTime

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-file-l1-2-1

CreateFileW
CompareFileTime

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-io-l1-1-1

DeviceIoControl

api-ms-win-core-debug-l1-1-1

OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-shlwapi-obsolete-l1-1-0

SHLoadIndirectString

devobj

DevObjOpenDeviceInfo
DevObjDestroyDeviceInfoList
DevObjSetDeviceInterfaceProperty
DevObjGetDeviceInterfacePropertyKeys
DevObjGetDeviceInterfaceAlias
DevObjGetDeviceInterfaceProperty
DevObjOpenDeviceInterfaceRegKey
DevObjSetDeviceProperty
DevObjGetDeviceProperty
DevObjEnumDeviceInterfaces
DevObjGetDeviceInterfaceDetail
DevObjOpenDeviceInterface
DevObjGetClassDevs
DevObjGetDeviceInstanceId
DevObjEnumDeviceInfo
DevObjCreateDeviceInfoList

api-ms-win-service-private-l1-1-1

SubscribeServiceChangeNotifications
UnsubscribeServiceChangeNotifications

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-localization-private-l1-1-0

LoadStringByReference

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

ActivateAudioInterfaceAsync
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 32B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e940b8fd41d3ebd432e0a44ff879783

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

f2:9e:40:2a:8c:f0:6a:fc:aa:6b:54:11:54:bb:88:df:bf:25:e0:a1:9d:d6:a2:d0:55:71:1a:32:d6:de:0e:36Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-string-l2-1-0

rpcrt4

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-io-l1-1-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

devobj

api-ms-win-service-private-l1-1-1

api-ms-win-core-windowserrorreporting-l1-1-0

api-ms-win-core-threadpool-private-l1-1-0

api-ms-win-core-localization-private-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 243KB - Virtual size: 243KB

RT_BSS Size: - Virtual size: 32B

.data Size: 3KB - Virtual size: 3KB

.idata Size: 7KB - Virtual size: 6KB

RT_DATA Size: 512B - Virtual size: 32B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

f2:9e:40:2a:8c:f0:6a:fc:aa:6b:54:11:54:bb:88:df:bf:25:e0:a1:9d:d6:a2:d0:55:71:1a:32:d6:de:0e:36
Signer

.text
Size: 243KB - Virtual size: 243KB

RT_BSS
Size: - Virtual size: 32B

.data
Size: 3KB - Virtual size: 3KB

.idata
Size: 7KB - Virtual size: 6KB

RT_DATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB