AdmTmpl[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AdmTmpl.dll
Size

453KB
MD5

d7a450f0a0a853e166244e7d3fa6deea
SHA1

67ba1c6516ce70ccc7ab23df9f0ef6c15ff93b48
SHA256

c9615a6a8016d7147d5094c1b56c99c37077570c3a75cbecb8427683ee03f353
SHA512

577bac0939f56e4766d17d6fb401184dfb213f5b6bf4a04dcc635063abc44e904d873caeff48c10755d1344d1588626716f35a2fe4fbd9e1a646b47c52dddda1
SSDEEP

6144:wNxKBloxLUulMhT6zQJqTQTH/nbqeKgpHw5hMekl2Uc21ZZZ/ZZZfJQ6QqeV:wNxsqUD6zQMQTH/bNKAEMecA6HeV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AdmTmpl.dll

Files

AdmTmpl.dll
.dll windows:6 windows x86 arch:x86

72520c4ea255f1173d1397c695b38730

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AdmTmpl.pdb

Imports

msvcrt

_ftol2_sse
wcstoul
_wtoi
_wtoi64
wcsnlen
memcpy
_vsnwprintf
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
malloc
free
_callnewh
_itow
wcsrchr
_purecall
??0exception@@QAE@XZ
memmove_s
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
memcpy_s
wcschr
__RTDynamicCast
memset

kernel32

SetLastError
DebugBreak
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
FormatMessageW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetModuleFileNameW
OutputDebugStringA
FreeLibrary
CompareStringW
GetTickCount
CreateEventW
WaitForSingleObject
CreateThread
SetThreadPriority
EnterCriticalSection
LeaveCriticalSection
Sleep
FreeLibraryAndExitThread
LocalAlloc
CloseHandle
ResetEvent
SetEvent
lstrcmpiW
CompareFileTime
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
FindNextFileW
FindClose
LoadLibraryA
LocalReAlloc
GlobalUnlock
GlobalReAlloc
GlobalLock
GlobalAlloc
GlobalFree
GetFileSize
ReadFile
MultiByteToWideChar
GetUserDefaultLangID
GetThreadPreferredUILanguages
GetFileAttributesW
GetFileMUIPath
GetWindowsDirectoryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
lstrlenW
WriteFile
SetFilePointer
CreateFileW
ExpandEnvironmentStringsW
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
GetLastError
ExpandEnvironmentStringsA
LoadLibraryExA
FindResourceExW
LoadResource
LockResource
GetFileAttributesExW
CreateDirectoryW
LocalFree

user32

SetCursor
RegisterClipboardFormatW
GetWindowLongW
PostMessageW
LoadCursorW
SetWindowLongW
DestroyIcon
TranslateMessage
SetFocus
EnableWindow
GetDlgItem
MessageBoxW
EndDialog
PeekMessageW
MessageBeep
DispatchMessageW
RegisterWindowMessageW
SendMessageW
DialogBoxParamW
LoadImageW
GetKeyboardLayout
CharLowerBuffW
LoadStringW
RegisterClassW
CheckDlgButton
ScreenToClient
GetMessagePos
IsDlgButtonChecked
DefWindowProcW
DestroyWindow
GetClientRect
CreateWindowExW
MsgWaitForMultipleObjects

gdi32

DeleteObject

advapi32

RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteKeyW
IsTextUnicode
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
FreeSid
RegEnumKeyExW

shell32

SHFileOperationW

ole32

CLSIDFromString
OleRun
CoCreateInstance
StringFromGUID2
CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString

xmllite

CreateXmlWriter

Exports

Exports

CreateCmtStoreObject
CreateParserObject
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72520c4ea255f1173d1397c695b38730

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

xmllite

Exports

Exports

Sections

.text Size: 299KB - Virtual size: 299KB

.data Size: 7KB - Virtual size: 9KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 120KB - Virtual size: 120KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 299KB - Virtual size: 299KB

.data
Size: 7KB - Virtual size: 9KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 120KB - Virtual size: 120KB

.reloc
Size: 20KB - Virtual size: 20KB