admwprox[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

admwprox.dll
Size

50KB
MD5

0b3bcf3b19654f78f53f0980426cd33a
SHA1

6804ad3fa6d34e9fd546f7135be98895f4f1bc30
SHA256

ac652fefbd5819f4ac9dbfc35201ce712c6b654513706f1c3520c28ac431248d
SHA512

df30e0a5352f5104622babb705476bb1db30e8c5a8a273a3475bd8e866a75ec5a002b63292e7be100243455d202e5582c6009c6ec5c44a88ec689be719786cff
SSDEEP

768:qw3hAwgClbPIc4CXtEY5PafmAHXsCZOPrFbkr9uyxV0+K:ewgCJp4PY5CfmWXsCZOTZI9usV0+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
admwprox.dll

Files

admwprox.dll
.dll regsvr32 windows:6 windows x86 arch:x86

22dc15371b2c9cb145989edc74c8574d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

admwprox.pdb

Imports

msvcrt

_mbslen
_mbsicmp
_mbsnicmp
_mbslwr
_mbsupr
strrchr
_strlwr
_strupr
_strnicmp
_stricmp
strlen
strncpy_s
memset
_vsnprintf_s
wcscat_s
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
strcpy_s
??2@YAPAXI@Z
sprintf_s
memcpy
??3@YAXPAX@Z

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DisableThreadLibraryCalls
OutputDebugStringA
InterlockedDecrement
LocalFree
LocalAlloc
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
GetCurrentThread
GetCurrentProcess
GetLastError
InterlockedExchange
Sleep
InterlockedCompareExchange
GetSystemDirectoryW
LoadLibraryW
HeapLock
HeapWalk
HeapUnlock
GetProcessHeap
DeleteTimerQueueTimer
LocalReAlloc
GetModuleHandleW
GetSystemInfo
GlobalFree
WriteFile
FlushFileBuffers
GlobalAlloc
GetStdHandle
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetLastError
GetCPInfo
HeapFree
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
HeapCreate
HeapDestroy

advapi32

CryptHashSessionKey
CryptDestroyHash
CryptCreateHash
CryptEncrypt
CryptDecrypt
CryptSignHashA
CryptGetUserKey
CryptExportKey
CryptHashData
CryptVerifySignatureA
CryptImportKey
CryptDestroyKey
CryptGenKey
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptSetProvParam
CryptReleaseContext
CryptAcquireContextA
SetThreadToken
AllocateAndInitializeSid
EqualSid
FreeSid
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DeregisterEventSource
CryptGetHashParam
OpenProcessToken
GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf
OpenThreadToken

rpcrt4

CStdStubBuffer_Disconnect
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrClientCall2
I_RpcBindingIsClientLocal
IUnknown_Release_Proxy

ole32

CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ReleaseObjectSecurityContextW

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22dc15371b2c9cb145989edc74c8574d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

rpcrt4

ole32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.orpc Size: 512B - Virtual size: 360B

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 39KB

.orpc
Size: 512B - Virtual size: 360B

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB