activeds[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

activeds.dll
Size

212KB
MD5

1e70b22bca4f1d21fe9e0edd49a96bb0
SHA1

b419cfeb1cf0e0e17f294d3f6537a5e8938c0329
SHA256

0fc263a961ed8284e117ce3963cd1329b6cc897dc19e791101dcfc71e52443a7
SHA512

5f4b9d2f1b267934ce4e2370f01868c4f6ec71c6e4ef6f50892cc8688611d24ea1d9a158b30ed62cd1f60fa7dc47a688b19cd6af3f6ec1acb031b9e7fae55d5d
SSDEEP

6144:k8IuLLX00xZ05Oca+hPn2lmM0XMb61vj:31LLXdZ0IInymM6O6V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
activeds.dll

Files

activeds.dll
.dll windows:10 windows x86 arch:x86

a84d85413a75cd6302ee7e19425039c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

activeds.pdb

Imports

msvcrt

?terminate@@YAXXZ
memset
_ftol2_sse
memcmp
malloc
memcpy
free
_initterm
_except_handler4_common
_amsg_exit
_XcptFilter
iswspace
_wcsnicmp
_snwprintf_s
memcpy_s
wcstok
wcschr
wcscpy_s
swscanf_s
wcscat_s
swprintf_s
_wcsicmp
wcsncpy_s
__CxxFrameHandler3

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserDefaultLCID

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
TerminateProcess
GetCurrentProcessId
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
RegGetKeySecurity
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegSetKeySecurity

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

ntdll

RtlNtStatusToDosError

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

adsldpc

FreeADsMem
AllocADsMem
AllocADsStr
ConvertU2TrusteeToSid
LdapCrackUserDNtoNTLMUser2
ConvertSidToString
ConvertSidToU2Trustee
GetServerAndPort
GetDomainDNSNameForDomain
ADsGetLastError
ADsSetLastError
ReallocADsMem
FreeADsStr

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ADsBuildEnumerator
ADsBuildVarArrayInt
ADsBuildVarArrayStr
ADsDecodeBinaryData
ADsEncodeBinaryData
ADsEnumerateNext
ADsFreeEnumerator
ADsGetLastError
ADsGetObject
ADsOpenObject
ADsSetLastError
AdsFreeAdsValues
AdsTypeToPropVariant
AdsTypeToPropVariant2
AllocADsMem
AllocADsStr
BinarySDToSecurityDescriptor
ConvertSecDescriptorToVariant
ConvertSecurityDescriptorToSecDes
ConvertTrusteeToSid
DllCanUnloadNow
DllGetClassObject
FreeADsMem
FreeADsStr
PropVariantToAdsType
PropVariantToAdsType2
ReallocADsMem
ReallocADsStr
SecurityDescriptorToBinarySD

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a84d85413a75cd6302ee7e19425039c3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

ntdll

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

adsldpc

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 179KB

.data Size: 16KB - Virtual size: 17KB

.idata Size: 3KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 372B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 180KB - Virtual size: 179KB

.data
Size: 16KB - Virtual size: 17KB

.idata
Size: 3KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 372B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB