appmgmts[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

appmgmts.dll
Size

146KB
MD5

b757069a5db12c10d5f01be57a820a48
SHA1

e98be19f5b2f299f5da609674d1b9140abbf77ef
SHA256

7d0746a8d0050befec4465c122f1d960704e262bb571196aa4995b8efe3cfb0d
SHA512

4e8ed6a5b88e718f24dd40f0510b7bebd471f2c1eec3bdedfe66e5363812703f3618f5ada940ca2fb880a9722404d4c46a39663f575dc615c768d77613172b55
SSDEEP

3072:2urqVJaInIS/GDFoCIf0o0XQJ9hF1EkvtuRByIFySrfnxaQXh0fP+s7G7x2R7n5G:VrqaGI2QXh0lRf10

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
appmgmts.dll

Files

appmgmts.dll
.dll windows:6 windows x86 arch:x86

53491f234fe86173672d788e8602acd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

appmgmts.pdb

Imports

msvcrt

memset
_vsnwprintf
wcschr
_purecall
wcsrchr
wcsncmp
wcstoul
_wcslwr
_wcsicmp
__CxxFrameHandler3
_wcsnicmp
memcpy
swscanf
_XcptFilter
malloc
free
_initterm
_amsg_exit
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit

ntdll

RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlNtStatusToDosError
RtlAdjustPrivilege
RtlConvertSidToUnicodeString
RtlUnicodeStringToInteger
RtlInitUnicodeString
RtlFreeUnicodeString

kernel32

FindClose
FindFirstFileW
DisableThreadLibraryCalls
GetSystemDefaultLangID
DebugBreak
ResetEvent
SetEvent
WriteFile
SetEndOfFile
CreateFileW
DeleteCriticalSection
InitializeCriticalSection
SetFileAttributesW
CreateDirectoryW
GetFileAttributesW
FindNextFileW
GetSystemTime
GetSystemInfo
GetComputerNameW
CompareStringW
GetProcAddress
LoadLibraryW
FreeLibrary
MoveFileExW
LeaveCriticalSection
EnterCriticalSection
FreeLibraryAndExitThread
WaitForSingleObjectEx
ReadFileEx
GetCurrentProcess
GetModuleHandleExW
ExpandEnvironmentStringsW
MoveFileW
CompareFileTime
SetFilePointer
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
FormatMessageW
InterlockedDecrement
InterlockedIncrement
GetFullPathNameW
GetCurrentDirectoryW
RemoveDirectoryW
GetVersionExW
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetFileSize
ReadFile
InterlockedExchange
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FileTimeToSystemTime
CopyFileW
lstrcmpW
LocalAlloc
LocalFree
lstrlenW
CreateEventW
CreateThread
WaitForMultipleObjects
WaitForSingleObject
GetCurrentThread
DeleteFileW
lstrcmpiW
GetLastError
CloseHandle
SetLastError
GetSystemDirectoryW
GetFileAttributesExW

userenv

FreeGPOListW
GetAppliedGPOListW
ForceSyncFgPolicy
RsopSetPolicySettingStatus
RsopAccessCheckByType
EnterCriticalPolicySection
LeaveCriticalPolicySection
RsopResetPolicySettingStatus

advapi32

SetFileSecurityW
DeleteAce
EqualSid
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
OpenEventLogW
ReportEventW
CloseEventLog
OpenProcessToken
GetTokenInformation
RegDeleteKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
FreeSid
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
OpenThreadToken
RegisterServiceCtrlHandlerW
SetServiceStatus
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
RegSetValueExW
DuplicateTokenEx
ImpersonateLoggedOnUser
RegOpenCurrentUser
RevertToSelf
RegCloseKey
GetAce
AddAccessAllowedAce
RegEnumKeyW
DuplicateToken
GetUserNameW
CheckTokenMembership
ConvertSidToStringSidW
ConvertStringSidToSidW
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

rpcrt4

RpcServerUseProtseqW
RpcBindingToStringBindingW
UuidCreate
RpcImpersonateClient
NdrServerCall2
RpcStringBindingParseW
RpcStringFreeW
RpcEpUnregister
RpcEpRegisterW
UuidFromStringW
RpcServerInqBindings
RpcRaiseException
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcBindingVectorFree

adsldpc

ADSISetObjectAttributes
ADSICloseDSObject
ADSIGetObjectAttributes
ADSICloseSearchHandle
ADSIFreeColumn
ADSIGetFirstRow
ADSIExecuteSearch
ADSIDeleteDSObject
ADSISetSearchPreference
ADSICreateDSObject
BuildADsPathFromParent
ADSIGetNextRow
ADsEncodeBinaryData
ADSIGetColumn
ADSIOpenDSObject
BuildADsParentPath
FreeADsMem

oleaut32

SysStringLen
VariantInit
VariantClear
SafeArrayCreate
SafeArrayPutElement
SysFreeString
SysAllocString

ole32

CoInitializeEx
CoUninitialize

Exports

Exports

CsCreateClassStore
CsEnumApps
CsGetAppCategories
CsGetClassAccess
CsGetClassStore
CsGetClassStorePath
CsRegisterAppCategory
CsServerGetClassStore
CsSetOptions
CsUnregisterAppCategory
DllCanUnloadNow
DllGetClassObject
GenerateGroupPolicy
IID_IClassAdmin
ProcessGroupPolicyObjectsEx
ReleaseAppCategoryInfoList
ReleasePackageDetail
ReleasePackageInfo
ServiceMain

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53491f234fe86173672d788e8602acd7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

userenv

advapi32

rpcrt4

adsldpc

oleaut32

ole32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 136KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 136KB - Virtual size: 136KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB