amtlib[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

amtlib.dll
Size

38KB
MD5

9267b3cd370eed4cf0b4d69e4d406052
SHA1

12cafb52f486a018e5cac82d06378be01f49e146
SHA256

b90699a130b402475b3fcca73c92d09913e98dc91876ecd51578da7858d8972d
SHA512

6f37cb73158f90c0d8a0f3895ab6fb12430b18620b1a888af24c264881a35f79f56186a61e8b5ebf4f6fe59748e59bc36559535e01dceef8df5853b96fc07c95
SSDEEP

768:NbFOqp18fSU5XfW5qwis/g2e5sQcR3Cn7t72EiD68g7EzPXMCNAx415Atmo2zNEH:NbFOqMfv5v8is/zRS7tC6SzfMCNAm15s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume5/Program Files (x86)/Adobe/Acrobat DC/Acrobat/amtlib.dll

Files

amtlib.dll
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume5/Program Files (x86)/Adobe/Acrobat DC/Acrobat/amtlib.dll
.dll windows x86

Password: S@ndb0x!2023@@

5f931ee6022f63a8566f4e48ef1231f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrA
StrStrIA

kernel32

CreateProcessW
HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
GetFileAttributesW
CloseHandle
GetPrivateProfileIntW
GetPrivateProfileStringW
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
GetLastError
GetModuleFileNameA
GetFileAttributesA

user32

WaitForInputIdle

advapi32

SetTokenInformation
OpenProcessToken

shell32

SHGetFolderPathA
SHGetFolderPathW

Exports

Exports

AMTGetCurrentLicenseState
AMTGetLibVersion
AMTGetParentLEIDLicenseStatus
AMTGetProductClearSerialNumber
AMTGetRoyaltyBearingLEIDs
AMTObtainProductLicense
AMTObtainRunningLicenseRecord
AMTPlugPlugRequest
AMTPreObtainProductLicense
AMTPreValidateProductLicense
AMTRecordCodecInvocation
AMTReleaseProductLicense
AMTRetrieveAdobeID
AMTRetrieveLibraryPath
AMTRetrievePersonGUIDWithAuthSource
AMTValidateProductLicense
GetAsnVersion
asnInst_InstallerProductInfo_constructor
asnInst_getAsnProductInfo
asnInst_getAsnProductInfoInMem
asn_exit
asn_info
asn_init
asn_makePrivate
asn_makePrivateEx
free
malloc

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pr0
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S@ndb0x!2023@@

Password: S@ndb0x!2023@@

5f931ee6022f63a8566f4e48ef1231f0

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 6KB

.pr0 Size: 30KB - Virtual size: 29KB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 6KB

.pr0
Size: 30KB - Virtual size: 29KB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB