NPSMDesktopProvider[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

NPSMDesktopProvider.dll
Size

803KB
MD5

f3d4129fd76ee8c798e928b603bd06de
SHA1

7e909c843ae5634876c2ae7b86aefe4052835329
SHA256

cf6bfc81753c9906bfd5fb2781458ec4bde3d561a31dbfc1e669e91c157052cf
SHA512

c31a108a8156e015ec26cc61b620bceb253f7b6b78a3d8a4396c5eeed3907b2022de186ba8ab500e628258dc58d9e4b1d1274c9946b42544ed235badab85bd8c
SSDEEP

3072:3I4iyXglSIz0gsJ/EVuxNq9iAsxLKKiY4NjC8o:Y4jglS0M/Pxb5idC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NPSMDesktopProvider.dll

Files

NPSMDesktopProvider.dll
.dll windows:10 windows x86 arch:x86

5c43c979a6523a01f4e2a5cc49fb529a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

NPSMDesktopProvider.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
__CxxFrameHandler3
_initterm
memcpy_s
_vsnwprintf
_onexit
memmove
_wsplitpath_s
_wcsicmp
realloc
wcschr
_callnewh
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler4_common
memcmp
_CxxThrowException
_purecall
memmove_s
malloc
_amsg_exit
_XcptFilter
free
memcpy
memset

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef
SHCreateThreadRef
SHCreateThread
SHSetThreadRef

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameA
LoadStringW
GetModuleHandleW
LoadLibraryExW
GetModuleHandleExW
GetProcAddress

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

SetEvent
WaitForSingleObject
Sleep
DeleteCriticalSection
CreateEventExW
CreateSemaphoreExW
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSemaphore
ReleaseMutex
InitOnceBeginInitialize
ReleaseSRWLockExclusive
LeaveCriticalSection
InitOnceComplete
ReleaseSRWLockShared
InitOnceInitialize
InitOnceExecuteOnce
AcquireSRWLockShared
WaitForSingleObjectEx
CreateMutexExW
InitializeCriticalSectionEx
EnterCriticalSection
InitializeSRWLock

api-ms-win-core-winrt-error-l1-1-1

SetRestrictedErrorInfo
RoOriginateError
IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
RoTransformError

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsSetValue
OpenProcess
CreateThread
TlsFree
OpenProcessToken

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-1

RaiseException
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-com-l1-1-1

RoGetAgileReference
CoCreateInstance
CoWaitForMultipleHandles
CoInitializeEx
CoUninitialize
CoGetApartmentType
CoRevertToSelf
CoImpersonateClient
CoTaskMemAlloc
CoCancelCall
CoDisableCallCancellation
CoEnableCallCancellation
CoTaskMemRealloc
CoGetMalloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
TrySubmitThreadpoolCallback
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolWaitCallbacks
CloseThreadpoolTimer
CallbackMayRunLong
FreeLibraryWhenCallbackReturns
IsThreadpoolTimerSet
CloseThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolTimerCallbacks

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

api-ms-win-core-heap-l1-2-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-localization-l1-2-1

GetLocaleInfoW
FormatMessageW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
EventActivityIdControl

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-security-base-l1-2-0

DuplicateTokenEx

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDuplicateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

ntdll

RtlFreeHeap
NtQueryInformationToken
RtlInitUnicodeString
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-core-localization-obsolete-l1-3-0

GetUserDefaultUILanguage

api-ms-win-security-capability-l1-1-0

CapabilityCheck

mmdevapi

ord11
ord10

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_LoadImageW
ImageList_Destroy

kernel32

CreateEventW
InitializeCriticalSection

gdi32

StretchBlt
GetDeviceCaps
SelectObject
CreateCompatibleDC
GetObjectW
DeleteDC
CreateDIBSection
DeleteObject
CreateCompatibleBitmap

user32

IsWindow
ord2521
PeekMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
GetWindowThreadProcessId
PostThreadMessageW
LoadImageW
GetDC
GetSystemMetrics
ReleaseDC

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_QueryService

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-service-winsvc-l1-2-0

QueryServiceStatus

rpcrt4

NdrClientCall4
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree
RpcStringBindingComposeW

api-ms-win-service-private-l1-1-1

SubscribeServiceChangeNotifications
UnsubscribeServiceChangeNotifications

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 653KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c43c979a6523a01f4e2a5cc49fb529a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-localization-l1-2-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

ntdll

api-ms-win-core-localization-obsolete-l1-3-0

api-ms-win-security-capability-l1-1-0

mmdevapi

comctl32

kernel32

gdi32

user32

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-2-0

rpcrt4

api-ms-win-service-private-l1-1-1

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 132KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 653KB - Virtual size: 652KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 132KB - Virtual size: 132KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 653KB - Virtual size: 652KB

.reloc
Size: 8KB - Virtual size: 8KB