adsldp[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

adsldp.dll
Size

219KB
MD5

8e906b30470bf9ae50fdd5db00ec58de
SHA1

8208f3ac3216507f444ab2fe4fc2d2306a9f24b0
SHA256

604bbae4ce2038662d3eee91ff375abb7d55a9d80b8d361a6cc93ab1985a05f4
SHA512

d71f459188920613a654c410329a1a810928d24194551d637dcd91c1104a80621d80b3248684a7571ee1efd6ed2e4308ea3ff0660bc16f55d93d3b029fe2c443
SSDEEP

3072:+MtX5E545Abeo8Pcjd+Gyma9LVCgifYYOCEwGo3klZleYA8EJqzVC:+4JEZbeo8P6iJqgiY8So3kn4YA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adsldp.dll

Files

adsldp.dll
.dll windows:6 windows x86 arch:x86

ee3f93d74d2f25a8af53713fdb7eff23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

adsldp.pdb

Imports

msvcrt

_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter
_wtoi64
wcstok
swscanf_s
_wtol
_itow_s
_ltow
_wcsnicmp
wcsstr
_wcslwr
qsort
wcschr
wcscpy_s
swprintf_s
_wcsicmp
memcpy
memcmp
wcsncpy_s
wcscat_s
_purecall
memset

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW

api-ms-win-security-base-l1-2-0

GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner

kernel32

DelayLoadFailureHook
FormatMessageW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
lstrlenW
RaiseException
LocalFree
GetLastError
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
DisableThreadLibraryCalls
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
GetSystemDirectoryW
LoadLibraryW
SetLastError
GetTickCount
CompareStringOrdinal
CompareStringW
LocalAlloc
ResolveDelayLoadedAPI

activeds

ord14
ord18
ord17
ord12
ord16
ord28
ord27
ord31
ord26
ord25
ord22
ord7
ord3
ord15

adsldpc

ADsGetNextRow
ADsGetPreviousRow
ADsGetColumn
ADsGetNextColumnName
ADsFreeColumn
ADsEnumAttributes
ADsCreateAttributeDefinition
ADsWriteAttributeDefinition
ADsGetFirstRow
ADsEnumClasses
ADsCreateClassDefinition
ADsWriteClassDefinition
ADsDeleteClassDefinition
LdapcKeepHandleAround
LdapGetSyntaxIdOfAttribute
LdapCacheAddRef
ADsHelperGetCurrentRowMessage
ADsCloseSearchHandle
ADsAbandonSearch
ADsExecuteSearch
ADsDeleteAttributeDefinition
ADsSetSearchPreference
ADsObject
FreeObjectInfo
LdapTypeFreeLdapObjects
LdapGetSchemaObjectCount
SchemaOpen
SchemaClose
LdapGetSubSchemaSubEntryPath
LdapMakeSchemaCacheObsolete
LdapCloseObject
SchemaAddRef
LdapModifyS
LdapOpenObject
LdapAddS
BuildLDAPPathFromADsPath2
SchemaGetClassInfo
LdapSearchS
LdapMsgFree
SchemaGetSyntaxOfAttribute
LdapFirstEntry
LdapGetValues
LdapReadAttribute
LdapValueFree
LdapGetSyntaxOfAttributeOnServer
SchemaGetPropertyInfo
SchemaGetStringsFromStringTable
LdapCountEntries
FindSearchTableIndex
SortAndRemoveDuplicateOIDs
intcmp
FindEntryInSearchTable
SchemaGetObjectCount
SchemaGetClassInfoByIndex
ADsDeleteDSObject
GetDisplayName
InitObjectInfo
??0CLexer@@QAE@XZ
??1CLexer@@QAE@XZ
?InitializePath@CLexer@@QAEJPAG@Z
?SetAtDisabler@CLexer@@QAEXH@Z
PathName
?GetNextToken@CLexer@@QAEJPAGPAK@Z
Component
IsGCNamespace
GetDefaultServer
LdapOpenObject2
LdapReadAttributeFast
BuildADsPathFromLDAPPath2
BuildADsParentPath
ReadPagingSupportedAttr
LdapSearchInitPage
LdapSearchExtS
LdapGetNextPageS
LdapSearchAbandonPage
LdapNextEntry
LdapGetDn
?SetFSlashDisabler@CLexer@@QAEXH@Z
LdapMemFree
BuildADsPathFromParent
ADSIPrint
BuildADsParentPathFromObjectInfo2
AdsTypeToLdapTypeCopyTime
AdsTypeToLdapTypeCopyGeneralizedTime
AdsTypeToLdapTypeCopyDNWithBinary
AdsTypeToLdapTypeCopyDNWithString
LdapTypeToAdsTypeDNWithBinary
LdapTypeToAdsTypeDNWithString
LdapTypeToAdsTypeUTCTime
LdapTypeToAdsTypeGeneralizedTime
LdapTypeFreeLdapModList
LdapTypeCopyConstruct
UnMarshallLDAPToLDAPSynID
LdapValueFreeLen
LdapFirstAttribute
LdapAttributeFree
LdapNextAttribute
LdapTypeFreeLdapModObject
LdapInitializeSearchPreferences
ReadServerSupportsIsADControl
ReadServerSupportsIsADAMControl
ReadSecurityDescriptorControlType
LdapModifyExtS
LdapAddExtS
BerEncodingQuotaControl
LdapDeleteS
GetLDAPTypeName
LdapModDnS
LdapRenameExtS
GetServerAndPort
LdapcSetStickyServer
AdsTypeToLdapTypeCopyConstruct
AdsTypeFreeAdsObjects
LdapTypeToAdsTypeCopyConstruct
LdapDeleteExtS
MapADSTypeToLDAPType
LdapTypeBinaryToString
MapLDAPTypeToADSType
ADsSetObjectAttributes
ADsGetObjectAttributes
ADsCreateDSObjectExt
SchemaGetPropertyInfoByIndex

wldap32

ord53
ord54
ord12

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee3f93d74d2f25a8af53713fdb7eff23

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-registry-l1-1-0

api-ms-win-security-base-l1-2-0

kernel32

activeds

adsldpc

wldap32

Exports

Exports

Sections

.text Size: 183KB - Virtual size: 182KB

.data Size: 15KB - Virtual size: 15KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 140B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 183KB - Virtual size: 182KB

.data
Size: 15KB - Virtual size: 15KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 140B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB