adsldp[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

adsldp.dll
Size

194KB
MD5

fb0c2a6f1f58cfd082f3258a28672514
SHA1

80036c393d17d46aa3a2a76223fde981c85a9dd4
SHA256

1cebacc9649859b951a92d7f3b89402d6b3aa40f3fd431ffe11f57fdf2c09d38
SHA512

4eda6f614e213cecd1912a1004858dabccab7a1c1cca64a26a6eb503029f0f57b1871bd170181d226d51fd8370ee8184b6c75ef5255f4e6dc840fe071a5ba764
SSDEEP

3072:nK0vk2n2gn0vqPA/GwOR+T6+Uer+hB9Ps8J0NONysyoy3rmGELv:ndk2nPn0vWAefIT6+UAaPs8J0ky3rm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adsldp.dll

Files

adsldp.dll
.dll windows:10 windows x86 arch:x86

65f2f1a46d0f4fe541026969d6f109ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

adsldp.pdb

Imports

msvcrt

_except_handler4_common
_initterm
free
_amsg_exit
_XcptFilter
_itow_s
swscanf_s
_wtoi64
_wtol
_ltow
qsort
wcstok
wcsncpy_s
wcschr
swprintf_s
_purecall
wcscat_s
_wcsnicmp
wcsstr
_wcslwr
wcscpy_s
memcpy
memcmp
malloc
_wcsicmp
memset

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
RaiseException

wldap32

ord53
ord54
ord12
ord14

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-l1-2-0

FormatMessageW

activeds

ord28
ord3
ord27
ord7
ord22
ord25
ord26
ord31
ord16
ord17
ord12
ord18
ord15
ord14

adsldpc

SchemaGetSyntaxOfAttribute
SchemaGetClassInfo
SchemaAddRef
LdapMakeSchemaCacheObsolete
LdapGetSubSchemaSubEntryPath
LdapGetSchemaObjectCount
LdapcKeepHandleAround
SchemaGetPropertyInfo
LdapNextAttribute
LdapAttributeFree
LdapFirstAttribute
LdapValueFreeLen
UnMarshallLDAPToLDAPSynID
SchemaGetStringsFromStringTable
FindSearchTableIndex
LdapTypeCopyConstruct
LdapTypeFreeLdapModList
SortAndRemoveDuplicateOIDs
LdapTypeFreeLdapModObject
LdapGetSyntaxIdOfAttribute
LdapTypeBinaryToString
Component
?GetNextToken@CLexer@@QAEJPAGPAK@Z
GetDisplayName
LdapDeleteExtS
LdapTypeToAdsTypeCopyConstruct
AdsTypeFreeAdsObjects
AdsTypeToLdapTypeCopyConstruct
LdapGetSyntaxOfAttributeOnServer
LdapcSetStickyServer
FindEntryInSearchTable
LdapRenameExtS
LdapModDnS
GetLDAPTypeName
LdapDeleteS
LdapReadAttribute
BuildADsPathFromParent
LdapTypeFreeLdapObjects
LdapSearchS
BerEncodingQuotaControl
LdapAddS
LdapAddExtS
LdapModifyS
LdapModifyExtS
ReadServerSupportsIsADAMControl
ReadServerSupportsIsADControl
LdapOpenObject
SchemaGetPropertyInfoByIndex
SchemaGetClassInfoByIndex
SchemaGetObjectCount
SchemaOpen
ADsObject
LdapMemFree
intcmp
FreeObjectInfo
PathName
?SetFSlashDisabler@CLexer@@QAEXH@Z
?SetAtDisabler@CLexer@@QAEXH@Z
InitObjectInfo
?InitializePath@CLexer@@QAEJPAG@Z
??1CLexer@@QAE@XZ
??0CLexer@@QAE@XZ
LdapGetValues
LdapGetDn
LdapNextEntry
LdapFirstEntry
ADsHelperGetCurrentRowMessage
ADSIPrint
BuildADsParentPathFromObjectInfo2
LdapTypeToAdsTypeUTCTime
LdapTypeToAdsTypeGeneralizedTime
LdapTypeToAdsTypeDNWithBinary
LdapTypeToAdsTypeDNWithString
MapADSTypeToLDAPType
MapLDAPTypeToADSType
AdsTypeToLdapTypeCopyTime
AdsTypeToLdapTypeCopyGeneralizedTime
AdsTypeToLdapTypeCopyDNWithBinary
AdsTypeToLdapTypeCopyDNWithString
GetServerAndPort
LdapInitializeSearchPreferences
LdapCloseObject
LdapCacheAddRef
ADsSetObjectAttributes
ADsGetObjectAttributes
ReadSecurityDescriptorControlType
ADsCreateDSObjectExt
SchemaClose
ADsDeleteDSObject
ADsEnumAttributes
ADsCreateAttributeDefinition
ADsWriteAttributeDefinition
ADsDeleteAttributeDefinition
ADsEnumClasses
ADsCreateClassDefinition
ADsWriteClassDefinition
ADsDeleteClassDefinition
LdapSearchAbandonPage
ADsSetSearchPreference
ADsExecuteSearch
ADsAbandonSearch
ADsCloseSearchHandle
ADsGetFirstRow
ADsGetNextRow
ADsGetPreviousRow
ADsGetColumn
ADsGetNextColumnName
ADsFreeColumn
IsGCNamespace
GetDefaultServer
LdapOpenObject2
LdapReadAttributeFast
BuildADsPathFromLDAPPath2
BuildADsParentPath
LdapValueFree
BuildLDAPPathFromADsPath2
ReadPagingSupportedAttr
LdapSearchInitPage
LdapSearchExtS
LdapCountEntries
LdapGetNextPageS
LdapMsgFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65f2f1a46d0f4fe541026969d6f109ab

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

wldap32

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-localization-l1-2-0

activeds

adsldpc

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 162KB - Virtual size: 162KB

.data Size: 12KB - Virtual size: 12KB

.idata Size: 6KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 248B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 162KB - Virtual size: 162KB

.data
Size: 12KB - Virtual size: 12KB

.idata
Size: 6KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 248B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 9KB