dmutil[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dmutil.dll
Size

25KB
MD5

320b67819f61cc819a37eec9f42a0c03
SHA1

10ffa1ba1547588c532221e8965557bc05b316e4
SHA256

193c07b0336d6fa382acb60d6e27eb4efbb420ca7ec518e3efa48e105a04008e
SHA512

1d7df208e0153fc88d5ec7db13817a4d75a9c36cd2666365b09de4aadb62d92fdbd39b1101fb2f359617a08bcbf06f1364c62de3f9510c4a72727214b04fba85
SSDEEP

768:6WU38lUC/nlI1ef89CRYCdt/9J30Qo1BQ3:GHcI1eViMV0Qo1BQ3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dmutil.dll

Files

dmutil.dll
.dll windows:6 windows x64 arch:x64

35301158717001a0f3b251ade6bbaf58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dmutil.pdb

Imports

msvcrt

_vsnwprintf
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
??2@YAPEAX_K@Z
mbstowcs
free
malloc
_wgetenv
wcstok
_vsnprintf
memcpy
memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
VerSetConditionMask
NtClose
NtDeviceIoControlFile
NtReadFile
NtWriteFile
RtlAdjustPrivilege
NtSetInformationFile
NtQueryInformationFile
NtSetBootEntryOrder
NtQueryBootEntryOrder
NtAddBootEntry
RtlFreeUnicodeString
NtOpenFile
RtlCreateUnicodeString

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

TerminateProcess
lstrlenA
lstrlenW
GetCurrentDirectoryW
Sleep
HeapFree
HeapAlloc
GetProcessHeap
CreateThread
LocalFree
FormatMessageW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
VerifyVersionInfoW
LoadLibraryW
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
lstrcmpW
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeLibrary
GetProcAddress

Exports

Exports

AddEntryBootFileGpt
AddEntryBootFileMbr
CoDisableDynamicVolumes
DisplayError
DisplayErrorRgszw
DllMain
DmCommonNtOpenFile
DynamicSupport
FTrace
FTraceValist
FreeRgszw
GetErrorData
GetInstallDirectoryPath
GetSystemVolume
IsPersonalSKU
LowAcquirePrivilege
LowGetPartitionInfo
LowNtAddBootEntry
LowNtReadFile
LowNtReadOnlyAttributeOff
LowNtWriteFile
RgszwDupRgszw
RgszwFromArgs
RgszwFromValist
SafeLoadVdsService
ShowMessage
ShowMessageValist
SzwDupSzw
SzwFromSza
TranslateError

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35301158717001a0f3b251ade6bbaf58

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-registry-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 684B

.idata Size: 2KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 72B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 52B

.text
Size: 17KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 684B

.idata
Size: 2KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 72B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 52B