PortableDeviceStatus[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PortableDeviceStatus.dll
Size

417KB
MD5

7a764507a500670a4165d3ea8bcad1f9
SHA1

c12e86ce7dbcdbfbfd64850bcb6215200b67a854
SHA256

3deab8ab1a7a32ea1aea3ae166696391e09da87b76bcd3c184728bc7508a8aa9
SHA512

fe3f67301e7f7d2dc95b69d3fa2b987b69fc72ea4001fbbfc4b6863bbdf6acf2c78943717108544c4bdf5d945fe62fcb3f43f58322145f5ebcf64e7ade8d74f9
SSDEEP

3072:Frvn9qzCuqgkWOS4Xo4tGx5WX8Oaq9ksAOnoeR1jKiYya/LZeS:Fc4OWX8bq9ag

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PortableDeviceStatus.dll

Files

PortableDeviceStatus.dll
.dll regsvr32 windows:10 windows x86 arch:x86

275cfa2a0c2fbb9e16d713daca8e5047

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PortableDeviceStatus.pdb

Imports

msvcrt

_initterm
_except_handler4_common
_errno
realloc
_amsg_exit
_XcptFilter
memcpy_s
_lock
_unlock
__dllonexit
_onexit
_callnewh
memmove_s
_vsnwprintf
wcsncpy_s
malloc
free
_purecall
wcscat_s
wcscpy_s
memcmp
memset

kernel32

OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SizeofResource
SetThreadLocale
EnterCriticalSection
GetModuleFileNameW
GetThreadLocale
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetLastError
DisableThreadLibraryCalls
RaiseException
FindResourceExW
LoadResource
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
WaitForSingleObject
GetCurrentThreadId
CloseHandle
OpenThread
GetModuleHandleExW
CompareStringOrdinal
CreateFileW
FormatMessageW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

user32

PostMessageW
DefWindowProcW
IsWindow
GetWindowLongW
LoadStringW
UnregisterClassA
DestroyWindow
RegisterDeviceNotificationW
CreateWindowExW
DispatchMessageW
PeekMessageW
UnregisterDeviceNotification
SetWindowLongW
PostQuitMessage
CharNextW
UnregisterClassW
RegisterClassExW
GetMessageW

ole32

GetRunningObjectTable
CreateItemMoniker
CoInitializeEx
CoUninitialize
PropVariantCopy
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
PropVariantClear

oleaut32

VarUI4FromStr

shlwapi

ord16
ord354

advapi32

RegCreateKeyExW
TraceMessage
GetTraceLoggerHandle
RegEnumKeyExW
GetTraceEnableFlags
RegSetValueExW
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
RegOpenKeyExW
EventUnregister
RegDeleteValueW
EventRegister
EventWriteTransfer
RegQueryInfoKeyW
RegCloseKey
RegGetValueW

propsys

PSGetNameFromPropertyKey
PropVariantCompareEx
InitPropVariantFromFileTime
PSCreateMemoryPropertyStore
InitPropVariantFromCLSID

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

275cfa2a0c2fbb9e16d713daca8e5047

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

ole32

oleaut32

shlwapi

advapi32

propsys

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 48KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 360KB - Virtual size: 359KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 48KB - Virtual size: 48KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 360KB - Virtual size: 359KB

.reloc
Size: 4KB - Virtual size: 3KB