PortableDeviceClassExtension[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PortableDeviceClassExtension.dll
Size

106KB
MD5

4fe8d36c03f8c23c89e98750c708216c
SHA1

c980a0625b1640719a67cea08fd87cab3c2dd44f
SHA256

86e4c504620a0079831bab7120999b2ae17b26994b232ede4943500f40090976
SHA512

a64004f233878bf32c5ed44a366c7cb31e94fcdc2019f9729c66e1567a7aeb6835697cc3dc3b624e5fc7e472522b9790687f621d907f8fbc43a32d738d683b00
SSDEEP

3072:smogXhM67d9XIgjPkFrA5kIV/JQCwV6dH:zOwdpzjPkFrAfz5w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PortableDeviceClassExtension.dll

Files

PortableDeviceClassExtension.dll
.dll regsvr32 windows:10 windows x86 arch:x86

3bb5041a7502d4060b6da10cf07f3939

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PortableDeviceClassExtension.pdb

Imports

msvcrt

memcmp
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
__CxxFrameHandler3
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
_callnewh
vswprintf_s
_vscwprintf
memmove_s
_wcsicmp
_vsnwprintf
_purecall
wcscat_s
wcscpy_s
memcpy_s
free
malloc
wcsncpy_s
??1type_info@@UAE@XZ
_CxxThrowException
memset

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableFlags
TraceMessage
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FreeLibrary
FindResourceExW
DisableThreadLibraryCalls
GetModuleHandleW
LockResource
LoadResource
SizeofResource
GetProcAddress
LoadLibraryExW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
OpenEventW
LeaveCriticalSection
CreateEventW
SetEvent
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

advapi32

GetSecurityInfo

kernel32

lstrcmpiW

user32

UnregisterClassA

rpcrt4

CStdStubBuffer_Connect
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
NdrDllGetClassObject
NdrCStdStubBuffer_Release
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
NdrDllUnregisterProxy
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
NdrDllRegisterProxy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Microsoft_WDF_UMDF_Version

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3bb5041a7502d4060b6da10cf07f3939

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-debug-l1-1-0

advapi32

kernel32

user32

rpcrt4

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 48KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 92B

.rsrc Size: 47KB - Virtual size: 46KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 49KB - Virtual size: 48KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 92B

.rsrc
Size: 47KB - Virtual size: 46KB

.reloc
Size: 3KB - Virtual size: 3KB