AdmTmpl[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AdmTmpl.dll
Size

443KB
MD5

4b5acf8d1d8109261131e0dcddd4ec5e
SHA1

bb9eeeb6cb1a32d6cd9acd5290cd6880727c2d85
SHA256

9b9a7f89db6c059e20b451943efaf77cf79c5e51ab9d2d19b439ee39f42d6ade
SHA512

9d1000fd2316357cd0eb4e84cb6dc4632b0eac9f39af89b2350fbe6e0f3c9d25e74ff24324df20fb49281de08f2d38d7493e43b999a69d5b3a42c61d906dfea1
SSDEEP

12288:FWqJKHe3Bfzz89dOSfUqePY5Nj7Meco0:FJKH+u9dOSfU9CNj7Mecd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AdmTmpl.dll

Files

AdmTmpl.dll
.dll windows:10 windows x86 arch:x86

a96e9de2adbee86a8ab5343bdd6e5ea3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AdmTmpl.pdb

Imports

msvcrt

__RTDynamicCast
_ftol2_sse
memmove
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
memcpy
__CxxFrameHandler3
??0exception@@QAE@ABQBD@Z
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
malloc
free
_callnewh
wcsrchr
_itow
wcschr
_vsnwprintf
_purecall
wcsnlen
_wtoi
_wtoi64
wcstoul
memset

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalFree
LocalReAlloc
GlobalAlloc

api-ms-win-core-file-l1-2-1

FindNextFileW
CreateFileW
GetFileSize
ReadFile
SetFilePointer
FindClose
CreateDirectoryW
GetFileAttributesExW
WriteFile
FindFirstFileW
GetFileAttributesW
CompareFileTime
FileTimeToLocalFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW

api-ms-win-core-localization-l1-2-1

GetFileMUIPath
FormatMessageW
GetUserDefaultLangID
GetThreadPreferredUILanguages

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FindResourceExW
GetModuleHandleA
LoadResource
GetModuleHandleW
LockResource
FreeLibraryAndExitThread
DisableThreadLibraryCalls
LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleFileNameW

api-ms-win-core-synch-l1-2-0

ResetEvent
Sleep
SetEvent
CreateEventW
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
EnterCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryA
LoadLibraryW

api-ms-win-core-debug-l1-1-1

OutputDebugStringA
DebugBreak
OutputDebugStringW

oleaut32

SysFreeString
SysAllocString

api-ms-win-security-base-l1-2-0

InitializeAcl
GetLengthSid
AddAccessAllowedAce
AllocateAndInitializeSid
GetAce
InitializeSecurityDescriptor
FreeSid
SetSecurityDescriptorDacl

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExA
RegOpenKeyExA
RegEnumValueW
RegSetValueExW

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetLocalTime
GetWindowsDirectoryW
GetTickCount

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
TerminateProcess
SetThreadPriority
CreateThread
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-com-l1-1-1

CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CreateStreamOnHGlobal
StringFromGUID2
CLSIDFromString

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-1

GetDateFormatW
GetTimeFormatW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

advapi32

RegDeleteKeyW
RegCreateKeyW
IsTextUnicode

gdi32

DeleteObject

kernel32

lstrcmpiW
lstrlenW
GlobalUnlock
GlobalLock
ExpandEnvironmentStringsA
LoadLibraryExA
GlobalReAlloc

ole32

OleRun

shell32

SHFileOperationW

user32

GetMessagePos
ScreenToClient
CheckDlgButton
LoadImageW
RegisterClipboardFormatW
EndDialog
GetKeyboardLayout
GetWindowLongW
MessageBeep
SendMessageW
LoadCursorW
GetDlgItem
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
RegisterWindowMessageW
RegisterClassW
CreateWindowExW
DestroyWindow
DefWindowProcW
SetFocus
GetClientRect
DestroyIcon
EnableWindow
IsDlgButtonChecked
SetWindowLongW
DialogBoxParamW
MessageBoxW
SetCursor
PostMessageW

xmllite

CreateXmlWriter

Exports

Exports

CreateCmtStoreObject
CreateParserObject
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a96e9de2adbee86a8ab5343bdd6e5ea3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-debug-l1-1-1

oleaut32

api-ms-win-security-base-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-string-l2-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-profile-l1-1-0

advapi32

gdi32

kernel32

ole32

shell32

user32

xmllite

Exports

Exports

Sections

.text Size: 288KB - Virtual size: 288KB

.data Size: 7KB - Virtual size: 9KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 120KB - Virtual size: 120KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 288KB - Virtual size: 288KB

.data
Size: 7KB - Virtual size: 9KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 120KB - Virtual size: 120KB

.reloc
Size: 20KB - Virtual size: 19KB