devmgr[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

devmgr.dll
Size

505KB
MD5

b824a3c5a6e33c5d5c06b8f48115c88c
SHA1

65deeb229dd150c1caa47d6f4456ac0a0e40b83f
SHA256

f9a9dafb0da5715d61c9497c943c6a6d2db2133ca3368d20a9a58b03ac77549e
SHA512

7de99a6d53dd94fe4ff43c76958c076e3439bec48e4f800ea2de12c2f5e3f4e2de58f0a62a74d6631a21cf87d99406d414abeccc669c647a7205cfb96ec986e5
SSDEEP

6144:j5hEdCw1a2YRUkF6w3fahJftiKP60kAGhFB3oIZnPRhIKaEOMWWkmGUsKpzRcVG:j5hEdESqfQSPgKaEKUB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
devmgr.dll

Files

devmgr.dll
.dll regsvr32 windows:6 windows x64 arch:x64

7897470ef92052a7bdd2034f8596a9aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

devmgr.pdb

Imports

msvcrt

_CxxThrowException
__CxxFrameHandler3
memcpy
_vsnprintf
toupper
memmove
wcschr
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_initterm
_amsg_exit
??3@YAXPEAX@Z
_resetstkoflw
__C_specific_handler
memset
wcsrchr
qsort
wcsstr
_wcslwr
iswspace
_wcsicmp
_vscwprintf
vswprintf_s
_vsnwprintf
malloc
free
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
??2@YAPEAX_K@Z
_purecall
memmove_s
memcpy_s
_XcptFilter
wcscmp

ntdll

NtCreateKey
NtOpenKey
RtlInitUnicodeString
NtClose
RtlFreeUnicodeString
RtlFormatCurrentUserKeyPath
NtSetInformationFile
NtQueryInformationFile
RtlGetVersion
NtQuerySystemInformation
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteN
RtlUnicodeToMultiByteSize
RtlNtStatusToDosError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQueryValueKey
NtSetValueKey

kernel32

FindClose
MoveFileExW
SleepEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
CreateDirectoryW
FindFirstFileW
DisableThreadLibraryCalls
DeactivateActCtx
LoadLibraryW
SetLastError
GetLastError
GetProcAddress
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleFileNameW
GetModuleHandleExW
QueryActCtxW
OutputDebugStringA
SizeofResource
LockResource
LoadResource
FindResourceExW
lstrcmpiW
GetCommandLineW
FreeResource
MultiByteToWideChar
GetSystemDirectoryW
lstrlenW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
LoadLibraryExW
GetModuleHandleW
RegDeleteValueW
WideCharToMultiByte
FreeLibrary
FormatMessageW
RegQueryValueExW
LocalFree
GetComputerNameW
FileTimeToSystemTime
GetDateFormatW
OpenEventW
FindNextFileW
InitializeCriticalSection
GetComputerNameExW
EnterCriticalSection
LeaveCriticalSection
Sleep
DeleteCriticalSection
CreateThread
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetSystemWindowsDirectoryW
CompareStringOrdinal
GetFileAttributesW
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
IsProcessorFeaturePresent
SearchPathW
WaitForSingleObject
GetDateFormatEx
FileTimeToLocalFileTime
GetTimeFormatEx
DeleteFileW
GetTempPathW
CreateFileW
WriteFile
LocalAlloc
lstrcmpW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
SetFileAttributesW
GetFileInformationByHandle
LCMapStringW
CreateHardLinkW
SetFilePointer
FlushFileBuffers
GetFileSize
GetLocalTime
GetCommandLineA
ResolveDelayLoadedAPI
GetModuleFileNameA
CreateEventW
WaitForSingleObjectEx
SetEvent
lstrlenA
DeviceIoControl
CloseHandle
DelayLoadFailureHook

user32

UnregisterClassA
ScreenToClient
GetMessagePos
SetWindowPos
EndDeferWindowPos
DeferWindowPos
MapWindowPoints
GetWindowRect
BeginDeferWindowPos
GetClientRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DestroyMenu
TrackPopupMenu
GetCursorPos
AppendMenuW
CreatePopupMenu
GetKeyState
SetProcessDPIAware
EndDialog
GetSysColor
GetWindowLongW
ReleaseDC
GetDC
GetForegroundWindow
CallWindowProcW
GetWindowTextW
GetWindowTextLengthW
CheckDlgButton
RegisterClipboardFormatW
DispatchMessageW
TranslateMessage
IsDialogMessageW
PeekMessageW
MsgWaitForMultipleObjects
CreateDialogParamW
DefWindowProcW
KillTimer
SetTimer
DestroyWindow
RegisterWindowMessageW
RegisterClassW
GetClassInfoW
IsWindow
CharUpperW
GetSystemMetrics
DialogBoxParamW
SetForegroundWindow
LoadCursorW
SetCursor
InvalidateRect
CreateWindowExW
GetWindowLongPtrW
LoadBitmapW
IsWindowEnabled
SetFocus
GetFocus
EnableWindow
ShowWindow
SendMessageW
IsDlgButtonChecked
GetParent
PostMessageW
DestroyIcon
SendDlgItemMessageW
SetDlgItemTextW
SetWindowLongPtrW
GetDlgItem
LoadIconW
LoadImageW
MessageBoxW
LoadStringW
FindWindowExW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoUninitialize
ReleaseStgMedium
CoCreateInstance
CreateStreamOnHGlobal

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
InitiateSystemShutdownExW
WmiCloseBlock
WmiSetSingleInstanceW
WmiQuerySingleInstanceW
WmiDevInstToInstanceNameW
WmiOpenBlock
RegConnectRegistryW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
OpenSCManagerW
CloseServiceHandle
OpenServiceW
QueryServiceConfigW

gdi32

DeleteObject
GetDeviceCaps

setupapi

SetupOpenFileQueue
SetupSetThreadLogToken
SetupGetThreadLogToken
CM_Free_Log_Conf_Handle
CM_Free_Res_Des_Handle
CM_Get_Next_Res_Des_Ex
CM_Get_Res_Des_Data_Ex
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Hardware_Profile_Info_ExW
CM_Get_HW_Prof_Flags_ExW
CM_Reenumerate_DevNode_Ex
CM_Get_First_Log_Conf_Ex
CM_Get_DevNode_Status_Ex
CM_Get_Device_ID_ExW
CM_Locate_DevNode_ExW
CM_Get_Sibling_Ex
CM_Get_Child_Ex
SetupVerifyInfFileW
pSetupInfGetDigitalSignatureInfo
SetupDiEnumDeviceInfo
SetupDiBuildClassInfoListExW
SetupDiOpenDeviceInfoW
SetupDiGetClassImageListExW
SetupDiGetDeviceInfoListDetailW
SetupDiGetClassDevsExW
SetupDiDestroyClassImageList
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
pSetupInfIsInbox
SetupDiGetDeviceInstallParamsW
SetupDiGetDevicePropertyW
SetupDiLoadDeviceIcon
SetupDiLoadClassIcon
SetupDiCreateDeviceInfoListExW
SetupDiGetClassPropertyExW
SetupDiGetClassImageIndex
SetupDiGetClassDevPropertySheetsW
CM_Get_Parent_Ex
CM_Get_DevNode_Registry_Property_ExW
CM_Open_DevNode_Key_Ex
CM_Disconnect_Machine
CM_Open_Class_Key_ExW
SetupDiSetSelectedDriverW
CM_Connect_MachineW
pSetupStringFromGuid
SetupDiGetClassInstallParamsW
SetupDiDestroyDriverInfoList
SetupScanFileQueueW
SetupCloseFileQueue
SetupQueueCopyW
SetupDiSetClassInstallParamsW
SetupDiCreateDeviceInfoList
pSetupDiBuildInfoDataFromStrongName
SetupUninstallOEMInfW
SetupDiDestroyDeviceInfoList
SetupDiEnumDriverInfoW
SetupDiGetDevicePropertyKeys
SetupDiGetClassPropertyKeysExW
pSetupIsBiDiLocalizedSystemEx
SetupDiGetClassDescriptionW
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiCallClassInstaller

newdev

DiRollbackDriver
DiShowUpdateDevice

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shell32

ShellExecuteW
ord730
SHGetStockIconInfo
ShellExecuteExW
ord245

shlwapi

StrToIntW
StrRChrW

uxtheme

SetWindowTheme

wevtapi

EvtFormatMessage
EvtCreateRenderContext
EvtOpenPublisherMetadata
EvtSubscribe
EvtRender
EvtClose

Exports

Exports

DeviceAdvancedPropertiesA
DeviceAdvancedPropertiesW
DeviceCreateHardwarePage
DeviceCreateHardwarePageCustom
DeviceCreateHardwarePageEx
DeviceManager_ExecuteA
DeviceManager_ExecuteW
DeviceProblemTextA
DeviceProblemTextW
DeviceProblemWizardA
DeviceProblemWizardW
DeviceProblenWizard_RunDLLA
DeviceProblenWizard_RunDLLW
DevicePropertiesA
DevicePropertiesExA
DevicePropertiesExW
DevicePropertiesW
DeviceProperties_RunDLLA
DeviceProperties_RunDLLW
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7897470ef92052a7bdd2034f8596a9aa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

ole32

advapi32

gdi32

setupapi

newdev

version

shell32

shlwapi

uxtheme

wevtapi

Exports

Exports

Sections

.text Size: 268KB - Virtual size: 267KB

.data Size: 3KB - Virtual size: 3KB

.pdata Size: 11KB - Virtual size: 11KB

.idata Size: 13KB - Virtual size: 12KB

.didat Size: 512B - Virtual size: 64B

.rsrc Size: 206KB - Virtual size: 206KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 268KB - Virtual size: 267KB

.data
Size: 3KB - Virtual size: 3KB

.pdata
Size: 11KB - Virtual size: 11KB

.idata
Size: 13KB - Virtual size: 12KB

.didat
Size: 512B - Virtual size: 64B

.rsrc
Size: 206KB - Virtual size: 206KB

.reloc
Size: 2KB - Virtual size: 1KB