admwprox[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

admwprox.dll
Size

47KB
MD5

91a0f7a03a1acf26ab2ac034e57c9b57
SHA1

60c4131b2de2f79bea7ae5520649224fad0c4d7f
SHA256

8fd462d17cd548ef16f159d367425cdf266ded5027fb94566af78dca6e2458fa
SHA512

9a8194a2e6d23e01e8372ca69f429ca25f074e0ac56629260f6864397f4865ec5e574ee8a50a1649a8dd7edd6ceae51cc261917bd19225e21a6c5b7d81351651
SSDEEP

768:o23hh2yCNyxA84CTKnaZT1vSLnNJZ3y3l5GK/hSMMScpnuvGyB9Dm:v2yCcxAP7athSnZ32l5p/hXMScpn0Gyv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
admwprox.dll

Files

admwprox.dll
.dll regsvr32 windows:10 windows x86 arch:x86

d227e20ea72793416dddb56fb089bf4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

admwprox.pdb

Imports

msvcrt

_aligned_malloc
_aligned_free
strnlen
strrchr
wcscat_s
memcmp
_vsnprintf_s
memcpy
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
sprintf_s
strcpy_s
memset

kernel32

WriteFile
FlushFileBuffers
GlobalFree
GetStdHandle
GlobalAlloc
InitializeCriticalSectionAndSpinCount
GetCPInfo
SetLastError
OutputDebugStringA
DisableThreadLibraryCalls
LocalAlloc
LocalFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThread
GetLastError
CloseHandle
GetCurrentProcess
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
LoadLibraryExW
GetSystemDirectoryW
InterlockedPopEntrySList
HeapReAlloc
QueryDepthSList
InitializeSListHead
DeleteTimerQueueTimer
GetProcessHeap
GetSystemInfo
HeapFree
HeapAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
HeapCreate
HeapDestroy
GetModuleHandleW

advapi32

CryptHashSessionKey
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptGetUserKey
CryptImportKey
CryptVerifySignatureA
CryptSignHashA
CryptHashData
CryptExportKey
CryptDestroyKey
CryptGenKey
EqualSid
SetThreadToken
FreeSid
CryptSetProvParam
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CryptGetHashParam
DeregisterEventSource
OpenThreadToken
RevertToSelf
ImpersonateLoggedOnUser
OpenProcessToken
GetTokenInformation
CryptDestroyHash

rpcrt4

I_RpcBindingIsClientLocal
IUnknown_Release_Proxy
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_CountRefs
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
NdrClientCall2
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
CStdStubBuffer_QueryInterface

ole32

CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc

ntdll

RtlGetCurrentPeb

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ReleaseObjectSecurityContextW

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d227e20ea72793416dddb56fb089bf4e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

rpcrt4

ole32

ntdll

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 37KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 37KB - Virtual size: 37KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 3KB - Virtual size: 2KB