admwprox[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

admwprox.dll
Size

47KB
MD5

db8f43cdeb75279ddab62e88c18f27f5
SHA1

dfa911756a15122cffad63eca571680bce0dd3f7
SHA256

f879ca252cc1c199bb6ce494e160a33edde67b50ac8597024d7517bfdde48248
SHA512

0f31e14598724d35b9636bf6ec1cd16adff400a6851f8ca9cf7bf61333d703ec6acb28f440df5b65e6098b9e1b101aa46ad5feb7a9003a710d9d27e8446d4f05
SSDEEP

768:e23hh2yCNi3A84CTKnaZT1vSLnNJZ3y3l5GK/hSMMScpAxvQxB9Dm:R2yCY3AP7athSnZ32l5p/hXMScpAtQxv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
admwprox.dll

Files

admwprox.dll
.dll regsvr32 windows:10 windows x86 arch:x86

d227e20ea72793416dddb56fb089bf4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

admwprox.pdb

Imports

msvcrt

_aligned_malloc
_aligned_free
strnlen
strrchr
wcscat_s
memcmp
_vsnprintf_s
memcpy
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
sprintf_s
strcpy_s
memset

kernel32

WriteFile
FlushFileBuffers
GlobalFree
GetStdHandle
GlobalAlloc
InitializeCriticalSectionAndSpinCount
GetCPInfo
SetLastError
OutputDebugStringA
DisableThreadLibraryCalls
LocalAlloc
LocalFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThread
GetLastError
CloseHandle
GetCurrentProcess
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
LoadLibraryExW
GetSystemDirectoryW
InterlockedPopEntrySList
HeapReAlloc
QueryDepthSList
InitializeSListHead
DeleteTimerQueueTimer
GetProcessHeap
GetSystemInfo
HeapFree
HeapAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
HeapCreate
HeapDestroy
GetModuleHandleW

advapi32

CryptHashSessionKey
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptGetUserKey
CryptImportKey
CryptVerifySignatureA
CryptSignHashA
CryptHashData
CryptExportKey
CryptDestroyKey
CryptGenKey
EqualSid
SetThreadToken
FreeSid
CryptSetProvParam
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CryptGetHashParam
DeregisterEventSource
OpenThreadToken
RevertToSelf
ImpersonateLoggedOnUser
OpenProcessToken
GetTokenInformation
CryptDestroyHash

rpcrt4

I_RpcBindingIsClientLocal
IUnknown_Release_Proxy
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_CountRefs
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
NdrClientCall2
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
CStdStubBuffer_QueryInterface

ole32

CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc

ntdll

RtlGetCurrentPeb

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ReleaseObjectSecurityContextW

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d227e20ea72793416dddb56fb089bf4e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

rpcrt4

ole32

ntdll

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 37KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 37KB - Virtual size: 37KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 3KB - Virtual size: 2KB