difxapi[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

difxapi.dll
Size

381KB
MD5

8e518ba7881face379080ba20ed552e7
SHA1

19571a1a9a0ee9a2e9419ba5650020d39e591bb8
SHA256

d955195d4b76fd1f11ff59254950a718105fa5b6673ed7a58983dd944a76d6dd
SHA512

7a4e24344bbef60e7727d3e69b73eae72e6c17961aab00e05ce704fae6fa13d62fb2b414908bc9f37e9fd006c82bf92d647996a2bd0297f1bfa94df557c5a0db
SSDEEP

6144:6sXALoAfOS2xgNqk7og62bm2yECC8x4IbzA3o5Ft52PHov:bwbvwxk7oH2b92M3828

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
difxapi.dll

Files

difxapi.dll
.dll windows:6 windows x64 arch:x64

cddd60c50d1294bd24fee414238db09f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

difxapi.pdb

Imports

msvcrt

isleadbyte
_fileno
mbtowc
__mb_cur_max
_iob
_snprintf
_itoa
ferror
__badioinfo
__pioinfo
memmove
memcpy
??1type_info@@UEAA@XZ
_initterm
_amsg_exit
_XcptFilter
_resetstkoflw
__C_specific_handler
memset
__CxxFrameHandler
_errno
_wcsupr
_isatty
_write
_wcslwr
_lseeki64
_onexit
__dllonexit
_unlock
_lock
??3@YAXPEAX@Z
_CxxThrowException
iswdigit
_vscwprintf
wcsrchr
wcspbrk
_wcsnicmp
iswalpha
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcsstr
wcschr
??2@YAPEAX_K@Z
_wcsicmp
??_U@YAPEAX_K@Z
_vsnwprintf
malloc
free
??_V@YAXPEAX@Z
memcmp
wcscmp

ntdll

RtlNtStatusToDosError
VerSetConditionMask
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

LCMapStringW
GetThreadLocale
WaitForSingleObjectEx
SetEndOfFile
SetFilePointer
WaitForMultipleObjectsEx
SetEvent
CreateEventW
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
OutputDebugStringA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
HeapSize
VirtualProtect
Sleep
GetProcessHeap
GetSystemTimeAsFileTime
DeviceIoControl
ReleaseMutex
WaitForSingleObject
CreateMutexW
LocalReAlloc
LocalAlloc
GetSystemDirectoryW
LocalFree
HeapReAlloc
HeapAlloc
HeapFree
InitializeCriticalSection
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
SizeofResource
LockResource
LoadResource
FindResourceExW
lstrlenW
SetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
VerifyVersionInfoW
SetFileAttributesW
DeleteFileW
GetFullPathNameW
GetFileAttributesW
CreateDirectoryW
GetTempFileNameW
MoveFileExW
CreateFileW
CloseHandle
FindFirstFileW
lstrcmpW
FindNextFileW
FindClose
RemoveDirectoryW
GetFileSize
CreateFileMappingW
MapViewOfFile
MultiByteToWideChar
UnmapViewOfFile
CopyFileW
GetSystemWindowsDirectoryW
GetEnvironmentVariableW
WideCharToMultiByte
CompareStringW

user32

UnregisterClassA
CharLowerW

setupapi

pSetupGetGlobalFlags
pSetupSetGlobalFlags
SetupDiClassNameFromGuidW
SetupDiSetSelectedDevice
SetupDiOpenDeviceInfoW
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiOpenDevRegKey
CM_Get_Device_IDW
SetupDiSetDeviceRegistryPropertyW
CM_Setup_DevNode
CM_Query_And_Remove_SubTreeW
CM_Get_DevNode_Status
CM_Locate_DevNodeW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
CM_Enumerate_Classes
SetupDiOpenClassRegKey
SetupGetTargetPathW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDefaultQueueCallbackW
SetupCopyOEMInfW
SetupOpenInfFileW
SetupCloseInfFile
SetupDiGetActualSectionToInstallW
SetupGetLineCountW
SetupOpenAppendInfFileW
SetupFindFirstLineW
SetupInstallFilesFromInfSectionW
SetupPromptReboot
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupFindNextLine
SetupFindNextMatchLineW
SetupGetStringFieldW
SetupGetIntField
SetupGetFieldCount
SetupOpenFileQueue
SetupCloseFileQueue
SetupInitDefaultQueueCallbackEx
SetupTermDefaultQueueCallback
SetupQueueCopyW
SetupCommitFileQueueW

advapi32

RegCloseKey
CheckTokenMembership
FreeSid
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW
RegDeleteValueW
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
ControlService
CloseServiceHandle
DeleteService
StartServiceW
AllocateAndInitializeSid

ole32

CoUninitialize
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoInitialize

wintrust

CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust

crypt32

CertFreeCTLContext
CertGetCTLContextProperty
CryptQueryObject
CertFreeCertificateContext

Exports

Exports

DIFXAPISetLogCallbackA
DIFXAPISetLogCallbackW
DriverPackageGetPathA
DriverPackageGetPathW
DriverPackageInstallA
DriverPackageInstallW
DriverPackagePreinstallA
DriverPackagePreinstallW
DriverPackageUninstallA
DriverPackageUninstallW
SetDifxLogCallbackA
SetDifxLogCallbackW

Sections

.text
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cddd60c50d1294bd24fee414238db09f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

setupapi

advapi32

ole32

wintrust

crypt32

Exports

Exports

Sections

.text Size: 363KB - Virtual size: 362KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 6KB - Virtual size: 5KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 188B

.text
Size: 363KB - Virtual size: 362KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 6KB - Virtual size: 5KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 188B