appmgmts[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

appmgmts.dll
Size

157KB
MD5

396c20fa19413bc8cdedf690fa4b1a24
SHA1

d5e112d6b2540685ea2f81814e5a139495b269c4
SHA256

33fdeb1b5ba02f2fa61b0ed64421ba45f3bb43c125a171675019dd89b466427c
SHA512

581ca319238bc8e0e6bfa442cf4e8e039ed6f8b565910db7faec0ccc4ef4833ffd77c598db90ea3aa15168c66787c6ae016faae68368ab05f4daee629b0fd95d
SSDEEP

3072:kP+FKTWdSH/+O/bWhpsxLR6jGVWo9GJaeb+PdmcQ6iCl4L/FFNoA/XAs:MvHBTjxsiVEJaopcICl4L/FFNoA/Xt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
appmgmts.dll

Files

appmgmts.dll
.dll windows:10 windows x86 arch:x86

a2b3373dade3c47b3e158eb11b9b189e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

appmgmts.pdb

Imports

msvcrt

_vsnwprintf
__dllonexit
_unlock
_lock
_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter
wcsrchr
_purecall
wcschr
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
__CxxFrameHandler3
wcstoul
wcsncmp
_wcslwr
_wcsnicmp
_wcsicmp
swscanf
??0exception@@QAE@ABQBD@Z
memset

rpcrt4

RpcRaiseException
RpcStringFreeW
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcServerInterfaceGroupClose
UuidFromStringW
RpcServerInterfaceGroupCreateW
RpcImpersonateClient
NdrServerCall2
RpcServerInterfaceGroupActivate
UuidCreate

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
OpenProcessToken
GetCurrentThread
GetCurrentProcessId
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess
CreateThread

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegOpenCurrentUser

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

GetAce
AllocateAndInitializeSid
GetLengthSid
SetFileSecurityW
RevertToSelf
DeleteAce
InitializeAcl
AddAccessAllowedAce
AddAccessAllowedAceEx
EqualSid
ImpersonateLoggedOnUser
CheckTokenMembership
InitializeSecurityDescriptor
DuplicateToken
SetSecurityDescriptorDacl
FreeSid
DuplicateTokenEx
GetTokenInformation
CopySid

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

userenv

LeaveCriticalPolicySection
RsopAccessCheckByType
EnterCriticalPolicySection
ForceSyncFgPolicy
GetAppliedGPOListW
RsopSetPolicySettingStatus
RsopResetPolicySettingStatus
FreeGPOListW

api-ms-win-core-file-l1-1-0

DeleteFileW
WriteFile
SetFileAttributesW
GetFileAttributesExW
GetFileSize
SetEndOfFile
CreateFileW
SetFilePointer
ReadFile
FindFirstFileW
GetFullPathNameW
CreateDirectoryW
FindClose
GetFileAttributesW
CompareFileTime
FindNextFileW
ReadFileEx
RemoveDirectoryW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ResetEvent
WaitForSingleObject
CreateEventW
InitializeCriticalSectionEx
EnterCriticalSection
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
WaitForSingleObjectEx

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetVersionExW
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
GetLocalTime

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetSystemDefaultLangID

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
DisableThreadLibraryCalls
FreeLibraryAndExitThread
GetProcAddress
LoadLibraryExW

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-service-core-l1-1-0

SetServiceStatus

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
ExpandEnvironmentStringsW

oleaut32

SysStringLen
SysFreeString
VariantClear
SysAllocString
SafeArrayCreate
SafeArrayPutElement
VariantInit

adsldpc

ADSIGetObjectAttributes
ADSISetSearchPreference
FreeADsMem
BuildADsParentPath
ADSIOpenDSObject
ADSIGetColumn
ADSIDeleteDSObject
ADSICreateDSObject
ADSIFreeColumn
ADSIGetNextRow
ADSIGetFirstRow
ADSISetObjectAttributes
ADSICloseSearchHandle
ADSIExecuteSearch
ADSICloseDSObject
ADsEncodeBinaryData
BuildADsPathFromParent

advapi32

GetUserNameW
RegEnumKeyW
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
ReportEventW
OpenEventLogW
CloseEventLog
RegDeleteKeyW

kernel32

lstrcmpW
GetComputerNameW
lstrcmpiW
MoveFileW

ntdll

RtlAdjustPrivilege
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlUnicodeStringToInteger
RtlInitUnicodeString
RtlLeaveCriticalSection
RtlEnterCriticalSection

Exports

Exports

CsCreateClassStore
CsEnumApps
CsGetAppCategories
CsGetClassAccess
CsGetClassStore
CsGetClassStorePath
CsRegisterAppCategory
CsServerGetClassStore
CsSetOptions
CsUnregisterAppCategory
DllCanUnloadNow
DllGetClassObject
GenerateGroupPolicy
IID_IClassAdmin
ProcessGroupPolicyObjectsEx
ReleaseAppCategoryInfoList
ReleasePackageDetail
ReleasePackageInfo
ServiceMain

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2b3373dade3c47b3e158eb11b9b189e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

userenv

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-com-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

oleaut32

adsldpc

advapi32

kernel32

ntdll

Exports

Exports

Sections

.text Size: 138KB - Virtual size: 138KB

.data Size: 1024B - Virtual size: 3KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 138KB - Virtual size: 138KB

.data
Size: 1024B - Virtual size: 3KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB