adsmsext[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

adsmsext.dll
Size

101KB
MD5

32ab69f912a4b6fdff266d96b9b39c10
SHA1

da19010561d5afd27176175d726d0d73458464bb
SHA256

2fac1cfc80cd56a9e5b2c2a4d319b4d9d5c9b307b28caa6385ad00ecf1f77e35
SHA512

a1dcca327d6e03296dc1719f1d8eaeb2566a68d7ec20847c701ff7a86b12608b9081ba9691b0ca428fa71cd085b4b7f4041e6a19784235dd22b5db8ea486a11f
SSDEEP

1536:OcMBsVcycAQmpxIoE1RWQ7uS5QT0kLQKbAh:U7+Vi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adsmsext.dll

Files

adsmsext.dll
.dll windows:6 windows x64 arch:x64

caa986398c58a92bd0ab6f27461cfa6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

adsmsext.pdb

Imports

msvcrt

memcpy
memset
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
swscanf_s
_wcsnicmp
swprintf_s
wcstok
wcschr
_wcsicmp
wcscpy_s
wcscat_s
_purecall
wcscmp

ntdll

RtlInitString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitUnicodeString

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-file-l1-2-1

LocalFileTimeToFileTime
FileTimeToLocalFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
Sleep

api-ms-win-core-sysinfo-l1-2-1

GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-security-base-l1-2-0

ImpersonateLoggedOnUser
RevertToSelf

advapi32

LogonUserW

activeds

ord16
ord14
ord15
ord18
ord9
ord7
ord17

adsldpc

FreeObjectInfo
LdapCompareExt
ADsObject
LdapGetSyntaxOfAttributeOnServer
LdapCrackUserDNtoNTLMUser2
GetDefaultServer
BuildLDAPPathFromADsPath2
ReadServerSupportsIsADAMControl
ReadServerSupportsIsADControl
ADSIPrint
LdapOpenObject
LdapModifyS
ChangeSeparator
LdapReadAttributeFast
LdapValueFree
BuildADsPathFromLDAPPath
LdapCloseObject

wldap32

ord12

ole32

CoCreateInstance

winspool.drv

GetPrinterW
OpenPrinterW
SetPrinterW
ClosePrinter

oleaut32

SysAllocString
LoadRegTypeLi
DispInvoke
SetErrorInfo
DispGetIDsOfNames
VariantCopy
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate
SysFreeString
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
VariantInit
VariantClear
CreateErrorInfo
DosDateTimeToVariantTime
VariantTimeToDosDateTime

samcli

NetUserChangePassword
NetUserSetInfo

kernel32

SystemTimeToFileTime
LocalFree
FormatMessageW
FileTimeToDosDateTime
DosDateTimeToFileTime
LoadLibraryW
SystemTimeToTzSpecificLocalTime
LocalAlloc
RaiseException
FileTimeToSystemTime
DelayLoadFailureHook
ResolveDelayLoadedAPI

sspicli

LsaFreeReturnBuffer
LsaDeregisterLogonProcess
LsaConnectUntrusted
LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

caa986398c58a92bd0ab6f27461cfa6d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-security-base-l1-2-0

advapi32

activeds

adsldpc

wldap32

ole32

winspool.drv

oleaut32

samcli

kernel32

sspicli

Exports

Exports

Sections

.text Size: 86KB - Virtual size: 86KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 3KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 24B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 86KB - Virtual size: 86KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 3KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB