dmcertinst[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

dmcertinst.exe
Size

185KB
MD5

bc89dbedcf1afbadb3a09d6854ec506b
SHA1

4c20c9c445fc73e1bace934455adf7acbe7305d4
SHA256

d92689a7ba57ad92dab92affefc4aff3d977b84911bdfa9f346139bc22912b4b
SHA512

e171fc1a2eba28d60744de5c6b27fa85b2469086de12ad6a33fc13f3e76df68b4e33f7b9b6cfa7d9d5dff2c0e3fdb5fb75745ec8cd340e36faa3e9e355587544
SSDEEP

3072:SJ7CKX3H/j+UocmR0MEhotZqRuKuxd5E5v1SReJwq2lW:SJ7CKX3H/jBmqMqDXv7wqi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dmcertinst.exe

Files

dmcertinst.exe
.exe windows:10 windows x64 arch:x64

d3b9416a984efc2dcad2fec809767160

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dmcertinst.pdb

Imports

msvcp110_win

?_Xbad_alloc@std@@YAXXZ
??1_Container_base12@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Orphan_all@_Container_base12@std@@QEAAXXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?id@?$codecvt@GDH@std@@2V0locale@2@A
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??0?$codecvt@GDH@std@@QEAA@_K@Z
??1?$codecvt@GDH@std@@MEAA@XZ
??_7_Facet_base@std@@6B@
?_Getcat@?$codecvt@GDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??_7codecvt_base@std@@6B@
??1_Lockit@std@@QEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?in@?$codecvt@GDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAG3AEAPEAG@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Syserror_map@std@@YAPEBDH@Z
??Bid@locale@std@@QEAA_KXZ
??_7?$codecvt@GDH@std@@6B@
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Xlength_error@std@@YAXPEBD@Z
??_7facet@locale@std@@6B@
?_Winerror_map@std@@YAPEBDH@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Xout_of_range@std@@YAXPEBD@Z

msvcrt

memmove
memcpy
memcmp
_CxxThrowException
memset
_wcmdln
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
_wcsnicmp
strrchr
strchr
strtol
_errno
_set_errno
__CxxFrameHandler3
strncpy_s
sprintf_s
_vsnprintf
memmove_s
swprintf_s
wcstoul
wcstok_s
_vsnwprintf
memcpy_s
??3@YAXPEAX@Z
_purecall
??1exception@@UEAA@XZ
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
??0exception@@QEAA@XZ
_unlock
_lock
_commode
_fmode
wcscmp
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
free
malloc
??0exception@@QEAA@AEBV0@@Z
_wcsicmp
wcsstr
wcsrchr
??_V@YAXPEAX@Z
wcscpy_s
_vsnprintf_s

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetProcAddress
GetModuleHandleExW
LoadStringW
GetModuleHandleW
GetModuleFileNameA
LoadLibraryExW
FreeLibrary

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetStartupInfoW
TerminateProcess
OpenProcessToken
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
RaiseException
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

CreateEventExW
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
ReleaseMutex
WaitForSingleObjectEx
SetEvent
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OpenEventW
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForMultipleObjectsEx
CreateMutexExW
CreateSemaphoreExW
InitializeCriticalSectionEx

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegDeleteTreeW

api-ms-win-core-namedpipe-l1-1-0

WaitNamedPipeW

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFile

api-ms-win-core-com-l1-1-0

GetHGlobalFromStream
CreateStreamOnHGlobal
CoWaitForMultipleHandles
CoGetApartmentType
CoUninitialize
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoInitializeEx

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
Sleep
SleepConditionVariableSRW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock

ntdll

RtlIsStateSeparationEnabled

omadmapi

ord64
ord35

certenroll

ord45

umpdc

Pdcv2ActivationClientRegister
Pdcv2ActivationClientDeactivate
Pdcv2ActivationClientUnregister
Pdcv2ActivationClientActivate
Pdcv2ActivationClientRenewActivation

declaredconfiguration

DMOrchestratorUpdateDocStatus

oleaut32

SysStringLen
VariantInit
SysFreeString
SysAllocString
VariantClear

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoActivateInstance
RoInitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

ncrypt

NCryptDeleteKey
NCryptOpenKey
NCryptFreeObject
NCryptGetProperty
NCryptOpenStorageProvider

crypt32

CertFindCertificateInStore
CryptUnprotectData
CertFreeCertificateContext
CryptSetKeyIdentifierProperty
CertGetCertificateContextProperty
CryptBinaryToStringW
CryptEncodeObjectEx
CertDeleteCertificateFromStore
CertCloseStore
CertOpenStore

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

rpcrt4

UuidCreate

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

dmcmnutils

UnicodeToMB
HexStringToBinary
BinaryToHexString
CopyString
OmaDmRegistryGetDWORD

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3b9416a984efc2dcad2fec809767160

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp110_win

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

ntdll

omadmapi

certenroll

umpdc

declaredconfiguration

oleaut32

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

ncrypt

crypt32

api-ms-win-core-threadpool-l1-2-0

rpcrt4

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

dmcmnutils

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 121KB - Virtual size: 120KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 4KB - Virtual size: 6KB

.pdata Size: 6KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 176B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 544B

.text
Size: 121KB - Virtual size: 120KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 4KB - Virtual size: 6KB

.pdata
Size: 6KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 176B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 544B