RemoveDeviceElevated[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

RemoveDeviceElevated.dll
Size

10KB
MD5

efdcd273d15a67e7179dbd3447a31705
SHA1

fb41f81c91762cd73b705a92e6de04698af80bb9
SHA256

a5b99fd51320defa650280a49b1d85768200bee703e33a1defae32ffb998ac7c
SHA512

df04bd1fa784de44a69b824e233435b3a984cf3ec09091a8dde885dfe38eee252d4430ca8ff77060f7109b291bd05f0efa963a463bdfe579c1f724156322dbd2
SSDEEP

192:12aKvmlCcMP++4oc9T+MAmh/fr1EcCZssCZWeJWDLt:SrP++4oc9T+uxreZQZWeJWDLt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RemoveDeviceElevated.dll

Files

RemoveDeviceElevated.dll
.dll regsvr32 windows:10 windows x86 arch:x86

ff8444614c80874449a58e2b7f1c8263

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

RemoveDeviceElevated.pdb

Imports

msvcrt

malloc
_except_handler4_common
_XcptFilter
free
_initterm
_amsg_exit

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

rpcrt4

IUnknown_QueryInterface_Proxy
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient3

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

ole32

HICON_UserUnmarshal
HWND_UserUnmarshal
HWND_UserFree
HICON_UserMarshal
HWND_UserSize
HICON_UserFree
HICON_UserSize
HWND_UserMarshal

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff8444614c80874449a58e2b7f1c8263

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

ole32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 864B

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 464B

.text
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 864B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 464B