DeviceSetupManager[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

DeviceSetupManager.dll
Size

202KB
MD5

263625a4f616538eb867b6306a6590db
SHA1

5c0ff8a3007e36e3c5d93f4f941ffe11982912cd
SHA256

2a064720c247eaa3446efdcc9e01d84cba875905d78dfed0fbd62d1ee422d416
SHA512

b6c9fa72828ee35b6f2db2f3ea1aa5d2bf93a6f0ee910722c68751dfd728bb15a5676415bdd2c90341ab6285909224f4fd2ac6b694e31a217a3d4a0bb391ad61
SSDEEP

6144:Yt/6wDPlBEgCzPBV0bNG7vDyAigjoFyeXf9MJbH:YsSs/zPAbN2iIoFyeXf9MJb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DeviceSetupManager.dll

Files

DeviceSetupManager.dll
.dll windows:6 windows x64 arch:x64

187e7bd7620a36c4f6ee4ba37c0b0b94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DeviceSetupManager.pdb

Imports

msvcrt

__CxxFrameHandler3
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
_initterm
_amsg_exit
_XcptFilter
__C_specific_handler
memset
_wcsnicmp
wcschr
_wcsicmp
_vsnwprintf
swprintf_s
_purecall
memmove_s
??3@YAXPEAX@Z
memcpy_s
_wcsupr
??_U@YAPEAX_K@Z
malloc
??_V@YAXPEAX@Z
free
??2@YAPEAX_K@Z
_CxxThrowException

rpcrt4

RpcImpersonateClient
RpcRevertToSelf
RpcServerUnregisterIfEx
RpcServerInqCallAttributesW
RpcServerTestCancel
RpcAsyncCompleteCall
RpcBindingInqAuthClientW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcServerUseProtseqEpW
NdrAsyncServerCall
NdrServerCall2
Ndr64AsyncServerCallAll
NdrServerCallAll
RpcStringFreeW
RpcServerRegisterIfEx
I_RpcMapWin32Status
RpcAsyncAbortCall

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableFlags
UnregisterTraceGuids
TraceMessage

api-ms-win-core-synch-l1-2-0

Sleep
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateMutexW
ReleaseMutex
CreateEventW
ResetEvent
WaitForSingleObject
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
SetEvent
AcquireSRWLockShared
ReleaseSRWLockShared

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWrite

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
SetThreadpoolTimer
SetThreadpoolThreadMaximum
CloseThreadpool
CreateThreadpool
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-sysinfo-l1-2-1

GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64

api-ms-win-core-com-l1-1-1

CoTaskMemAlloc
StringFromIID
CoInitializeEx
CoUninitialize
StringFromGUID2
PropVariantCopy
CoCreateInstance
CLSIDFromString
CoTaskMemFree
PropVariantClear

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
GetCurrentProcess
CreateProcessAsUserW
OpenThreadToken
GetCurrentThread
GetCurrentProcessId
CreateThread
TerminateProcess
ProcessIdToSessionId

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LoadResource
SizeofResource
DisableThreadLibraryCalls
LoadStringW
LockResource

api-ms-win-devices-config-l1-1-1

CM_Locate_DevNodeW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-service-core-l1-1-1

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

oleaut32

SysAllocStringLen
SysStringLen
SysFreeString
VariantClear
SysAllocString
VariantInit

api-ms-win-security-base-l1-2-0

CreateWellKnownSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
DuplicateToken
MapGenericMask
AccessCheck
CheckTokenMembership

api-ms-win-core-localization-l1-2-1

SetThreadPreferredUILanguages
GetThreadPreferredUILanguages

api-ms-win-core-heap-l1-2-0

HeapDestroy
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
HeapSize

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-2-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

ntdll

WinSqmAddToStreamEx
RtlInitUnicodeString
NtCreateWnfStateName

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

cfgmgr32

DevCloseObjectQuery
DevCreateObjectQuery
DevFreeObjects
DevGetObjects
DevCreateObjectQueryFromId
DevGetObjectProperties
DevFreeObjectProperties
DevSetObjectProperties
CM_Request_Device_Eject_ExW

setupapi

SetupOpenInfFileW
SetupFindNextMatchLineW
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoW
SetupGetStringFieldW
SetupDiReportDriverNotFoundError
SetupDiReportAdditionalSoftwareRequested
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiReportGenericDriverInstalled
SetupDiBuildDriverInfoList
SetupFindFirstLineW
SetupCloseInfFile
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupDiGetDriverInstallParamsW
SetupDiGetSelectedDriverW
SetupUninstallOEMInfW

newdev

DiInstallDevice

kernel32

WTSGetActiveConsoleSessionId
WaitForMultipleObjects
ResolveDelayLoadedAPI
GetPackagesByPackageFamily
DelayLoadFailureHook

wevtapi

EvtSubscribe
EvtRender
EvtClose
EvtCreateRenderContext

deviceassociation

DafCreateAssociationContext
DafStartRemoveAssociation
DafCloseAssociationContext

Exports

Exports

ServiceMain

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

187e7bd7620a36c4f6ee4ba37c0b0b94

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-service-core-l1-1-1

api-ms-win-power-setting-l1-1-0

oleaut32

api-ms-win-security-base-l1-2-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-rtlsupport-l1-2-0

ntdll

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

cfgmgr32

setupapi

newdev

kernel32

wevtapi

deviceassociation

Exports

Exports

Sections

.text Size: 166KB - Virtual size: 166KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 5KB - Virtual size: 5KB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 144B

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 166KB - Virtual size: 166KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 5KB - Virtual size: 5KB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 144B

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 1KB - Virtual size: 1KB