AdmTmpl[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AdmTmpl.dll
Size

428KB
MD5

5862a867bb6228d427cb784f610662f7
SHA1

c96bd61a35e96fb7f0f315c6fc45776289b3c74e
SHA256

f2ebaebbca8e338d44d0c9c9c47b33e58adee243c7e661d554655fb871263078
SHA512

ee7112c7e23737f2e6aed1fed5fc14d94da9e44b3a90f9f70ccec125921155ebff4a148adb0d66b1b2717bf56f895ae8650eb256380b5121b52aaf1e57470f6b
SSDEEP

6144:V+UjbFma8ThmCFmCbGekP8exvHtSy0s5hMekl2Uc21ZZZ/ZZZfJxRe:VlNTCF7bGT5vZLMecT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AdmTmpl.dll

Files

AdmTmpl.dll
.dll windows:6 windows x86 arch:x86

f8339ea7c787aa10703debbd89b370d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AdmTmpl.pdb

Imports

msvcrt

??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
memmove_s
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler3
memset
??1exception@@UAE@XZ
memcpy_s
_vsnwprintf
wcstoul
memcpy
_wtoi
_wtoi64
_ftol2_sse
??0exception@@QAE@XZ
wcschr
_purecall
__RTDynamicCast
wcsrchr
_itow
free
_CxxThrowException
_callnewh
malloc
_XcptFilter
_initterm
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
_except_handler4_common

kernel32

lstrlenW
SetFilePointer
CreateFileW
ExpandEnvironmentStringsW
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
GetLastError
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
LoadLibraryW
GetModuleFileNameW
OutputDebugStringA
FreeLibrary
FormatMessageW
CompareStringW
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
CompareFileTime
lstrcmpiW
WriteFile
WaitForSingleObject
LocalFree
InterlockedIncrement
LocalAlloc
SetEvent
ResetEvent
FindClose
FindNextFileW
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileW
LocalReAlloc
FreeLibraryAndExitThread
Sleep
CreateEventW
GetTickCount
SetThreadPriority
CreateThread
GlobalLock
GlobalReAlloc
GlobalUnlock
GlobalFree
GlobalAlloc
GetUserDefaultLangID
MultiByteToWideChar
ReadFile
GetFileSize
GetThreadPreferredUILanguages
GetFileMUIPath
GetWindowsDirectoryW
InterlockedExchange
InterlockedCompareExchange
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CloseHandle
SetLastError
DebugBreak
ExpandEnvironmentStringsA
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
GetFileAttributesExW
LockResource
LoadResource
FindResourceExW
InterlockedDecrement

user32

IsDlgButtonChecked
EnableWindow
MessageBeep
MessageBoxW
DialogBoxParamW
LoadCursorW
SetCursor
TranslateMessage
DispatchMessageW
PeekMessageW
GetMessagePos
GetDlgItem
SetFocus
EndDialog
PostMessageW
SendMessageW
LoadImageW
CharLowerBuffW
LoadStringW
CheckDlgButton
ScreenToClient
RegisterWindowMessageW
DefWindowProcW
CreateWindowExW
RegisterClassW
DestroyWindow
RegisterClipboardFormatW
GetKeyboardLayout
GetWindowLongW
SetWindowLongW
GetClientRect
MsgWaitForMultipleObjects
DestroyIcon

gdi32

DeleteObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyW
RegDeleteKeyW
RegEnumValueW
RegQueryInfoKeyW
IsTextUnicode
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid

shell32

SHFileOperationW

ole32

CoTaskMemAlloc
CreateStreamOnHGlobal
StringFromGUID2
CoInitializeEx
CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString

oleaut32

SysFreeString
SysAllocString

xmllite

CreateXmlWriter

ntdll

RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
RtlFreeHeap
NtCreateFile
NtClose
RtlIsDosDeviceName_U
RtlNtStatusToDosError

Exports

Exports

CreateCmtStoreObject
CreateParserObject
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8339ea7c787aa10703debbd89b370d6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

xmllite

ntdll

Exports

Exports

Sections

.text Size: 278KB - Virtual size: 278KB

.data Size: 7KB - Virtual size: 8KB

.rsrc Size: 120KB - Virtual size: 120KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 278KB - Virtual size: 278KB

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 120KB - Virtual size: 120KB

.reloc
Size: 21KB - Virtual size: 20KB