gmsaclient[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

gmsaclient.dll
Size

32KB
MD5

8fcac5054ac3750d1c92c8c26710e2de
SHA1

7fd30a6b856427509ff68434c4a2f33e3b5d387c
SHA256

e0be42063592fac4f49233a95cb87e6e6c300b6393ce48b4df6c725bef50d074
SHA512

dfe458bc2731d3fb6eea012e0c9c88daaea2e3df9a0618d619966789cf84c5a64cb4976bf73dee56f32da28e6c01d6dd3f104c6cbabf668238c8a02440930365
SSDEEP

768:eqbjOBzaIEUDLcOLnli5SiAAso0PR9Q8Ojd7OvQ:eqbjOBegDwinlicXAsfOjd7C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gmsaclient.dll

Files

gmsaclient.dll
.dll windows:10 windows x86 arch:x86

d01d2c56d21defcca9a30532fc31ef0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

gmsaclient.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o___stdio_common_vswprintf
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
_o__wcsicmp
_o__wtoi
_except_handler4_common
wcsrchr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-file-l1-1-0

CompareFileTime

wldap32

ord136
ord142
ord41
ord140
ord14
ord16
ord118
ord36
ord200
ord79
ord26
ord18
ord73
ord208
ord145
ord13
ord224

rpcrt4

RpcImpersonateClient
RpcRevertToSelf
I_RpcMapWin32Status

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW
GetTraceEnableFlags
UnregisterTraceGuids
TraceMessage

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

dnsapi

DnsNameCompare_W

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

bcrypt

BCryptGenRandom

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

netutils

NetApiBufferFree
NetApiBufferAllocate

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

ntdll

RtlInitUnicodeString
RtlFreeUnicodeString
RtlDeleteResource
RtlDuplicateUnicodeString
RtlReleaseResource
RtlInitializeResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared

api-ms-win-core-synch-l1-2-0

Sleep

Exports

Exports

GMSAAdd
GMSACheckIfExistsInAD
GMSACleanup
GMSADelete
GMSAGetPassword
GMSAInit
GMSARefreshPasswords

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d01d2c56d21defcca9a30532fc31ef0a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-file-l1-1-0

wldap32

rpcrt4

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-heap-l2-1-0

dnsapi

api-ms-win-core-timezone-l1-1-0

bcrypt

api-ms-win-core-sysinfo-l1-1-0

netutils

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

ntdll

api-ms-win-core-synch-l1-2-0

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 23KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB