RemoveDeviceElevated[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

RemoveDeviceElevated.dll
Size

11KB
MD5

70340896be8660cf2d508566e496722f
SHA1

c70a520f4b236e1c73a876e556f33e6a4fe0af00
SHA256

331e594a1c94908dbf0a5637f644ddf92c1bf22be1457731ac6cc572f8d2ec50
SHA512

430407b115a8d9f026c124b19bffad3f84218a4f324e7b9f55416e6fdd4264dcb72d09db7da7e55326cd603feb82d66521eb8a2ab78e1d03b4f7d7a14b6e0681
SSDEEP

192:Kk3+h8QOaltYRTiA7nMRGMZY61JQpqvtW1UaJWGO:3u+QOaHY1hnc9JwktW1tJW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RemoveDeviceElevated.dll

Files

RemoveDeviceElevated.dll
.dll regsvr32 windows:6 windows x86 arch:x86

319f6f6ac3aabdd36bef9ec3493570ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

RemoveDeviceElevated.pdb

Imports

msvcrt

memcmp
_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
TerminateProcess

ole32

HICON_UserSize
HWND_UserSize
HWND_UserFree
HICON_UserMarshal
HWND_UserMarshal
HWND_UserUnmarshal
HICON_UserUnmarshal
HICON_UserFree
ObjectStublessClient3

rpcrt4

IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_AddRef
CStdStubBuffer_Disconnect
NdrDllUnregisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
NdrDllRegisterProxy
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
CStdStubBuffer_Invoke

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 67B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

319f6f6ac3aabdd36bef9ec3493570ff

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

ole32

rpcrt4

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.orpc Size: 512B - Virtual size: 67B

.data Size: 512B - Virtual size: 872B

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 3KB

.orpc
Size: 512B - Virtual size: 67B

.data
Size: 512B - Virtual size: 872B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB