AdmTmpl[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AdmTmpl.dll
Size

443KB
MD5

f14dd1f9265ba22cf27f5d3bf08ba17e
SHA1

3da989eae9c56ceca4729c3022f12ae4b54f652e
SHA256

2e18e738033628880258ce5b9a3366e62b2046c019f3f6f9c979a8187218419e
SHA512

50a9eee10929832e02ee9605032719b46dd07bac4b1f45082950fa0774705a936d1bcee43ea4c08607eeb56f60724d53388a8524e80579c02e47bb865de71728
SSDEEP

6144:m6phByL4FeWrUWSbLb6eBkijbKTK/2m0BNc5hMekl2Uc21ZZZ/ZZZfJ9mTk:7ho4LoWSb/6eBbKO0jgMec8A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AdmTmpl.dll

Files

AdmTmpl.dll
.dll windows:10 windows x86 arch:x86

36bf45b4890ab0a797a782b743c4df08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AdmTmpl.pdb

Imports

msvcrt

wcstoul
_wtoi
_ftol2_sse
_wtoi64
memmove
wcsnlen
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
memcpy
__CxxFrameHandler3
??0exception@@QAE@ABQBD@Z
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
malloc
free
_callnewh
wcsrchr
_itow
wcschr
_vsnwprintf
_purecall
__RTDynamicCast
memset

api-ms-win-core-errorhandling-l1-1-1

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l2-1-0

LocalReAlloc
GlobalAlloc
GlobalFree
LocalAlloc
LocalFree

api-ms-win-core-file-l1-2-1

ReadFile
GetFileAttributesExW
CreateDirectoryW
FindClose
GetFileSize
CreateFileW
SetFilePointer
FindFirstFileW
GetFileAttributesW
WriteFile
CompareFileTime
FileTimeToLocalFileTime
FindNextFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW

api-ms-win-core-localization-l1-2-1

GetUserDefaultLangID
GetThreadPreferredUILanguages
GetFileMUIPath
FormatMessageW

api-ms-win-core-libraryloader-l1-2-0

LockResource
LoadResource
FreeLibrary
GetModuleFileNameW
FreeLibraryAndExitThread
LoadLibraryExW
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleHandleA
LoadStringW
FindResourceExW

api-ms-win-core-synch-l1-2-0

CreateEventW
DeleteCriticalSection
WaitForSingleObject
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
ResetEvent
SetEvent

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryA
LoadLibraryW

api-ms-win-core-debug-l1-1-1

DebugBreak
OutputDebugStringA
OutputDebugStringW

oleaut32

SysFreeString
SysAllocString

api-ms-win-security-base-l1-2-0

AddAccessAllowedAce
InitializeAcl
GetAce
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
GetLengthSid
SetSecurityDescriptorDacl

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegOpenKeyExA
RegEnumValueW
RegSetValueExW

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetLocalTime
GetTickCount
GetWindowsDirectoryW

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
CreateThread
SetThreadPriority

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-com-l1-1-1

CoUninitialize
CoCreateInstance
CoInitializeEx
CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
CLSIDFromString

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-1

GetDateFormatW
GetTimeFormatW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

advapi32

RegDeleteKeyW
RegCreateKeyW
IsTextUnicode

gdi32

DeleteObject

kernel32

lstrcmpiW
ExpandEnvironmentStringsA
LoadLibraryExA
GlobalLock
GlobalUnlock
lstrlenW
GlobalReAlloc

ole32

OleRun

shell32

SHFileOperationW

user32

LoadCursorW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
MessageBeep
IsDlgButtonChecked
SetFocus
GetClientRect
SetCursor
SetWindowLongW
RegisterWindowMessageW
DialogBoxParamW
RegisterClassW
MessageBoxW
EnableWindow
PostMessageW
GetDlgItem
RegisterClipboardFormatW
SendMessageW
GetWindowLongW
EndDialog
CreateWindowExW
GetMessagePos
ScreenToClient
CheckDlgButton
LoadImageW
DestroyIcon
GetKeyboardLayout
DestroyWindow
DefWindowProcW

xmllite

CreateXmlWriter

Exports

Exports

CreateCmtStoreObject
CreateParserObject
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36bf45b4890ab0a797a782b743c4df08

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-debug-l1-1-1

oleaut32

api-ms-win-security-base-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-string-l2-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-profile-l1-1-0

advapi32

gdi32

kernel32

ole32

shell32

user32

xmllite

Exports

Exports

Sections

.text Size: 288KB - Virtual size: 288KB

.data Size: 7KB - Virtual size: 9KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 120KB - Virtual size: 120KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 288KB - Virtual size: 288KB

.data
Size: 7KB - Virtual size: 9KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 120KB - Virtual size: 120KB

.reloc
Size: 20KB - Virtual size: 19KB