Wldap32[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Wldap32.dll
Size

264KB
MD5

0a1a4114ce339372a28b73397d898b2d
SHA1

adbbe82c704da5f88b7809e7651a0b10fae017f1
SHA256

74e8442d6a22d238a0091f928f8a31ee0dccd14cc33c3cd0fe40a5a949572ee8
SHA512

2909e0eb88b073b798815c9a877dbe195cec0be5a448db229d24280869e96ab0e5eae1885cfecd2c0740e8a577b7525c05a52bae14bc2f3619dec873f6c307bf
SSDEEP

6144:YQm3kDfVovSsRzDABekbUx3YqLYXXR/QBssHyBi:neka3YqLYXX9QusHZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Wldap32.dll

Files

Wldap32.dll
.dll windows:6 windows x86 arch:x86

4403dd23327747c76b407c99f4537827

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wldap32.pdb

Imports

msvcrt

_except_handler4_common
_wcsupr_s
memset
_itow
_vsnprintf
wcsrchr
memcpy
_amsg_exit
_initterm
free
malloc
_XcptFilter

ntdll

RtlIpv4StringToAddressW
EtwEventUnregister
EtwEventWrite
EtwEventRegister

api-ms-win-core-localregistry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegGetValueW

kernel32

Sleep
LoadLibraryExA
InterlockedCompareExchange
DelayLoadFailureHook
GetModuleFileNameW
GetSystemDirectoryA
LoadLibraryA
GetSystemTimeAsFileTime
QueryPerformanceCounter
HeapFree
HeapAlloc
GetCurrentThread
GetCurrentProcess
GetCurrentProcessId
GetTickCount
LocalFree
MultiByteToWideChar
InitializeCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CompareStringW
GetLastError
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
SetEvent
InterlockedExchange
WideCharToMultiByte
GetCurrentThreadId
ResetEvent
FreeLibrary
GetProcAddress
CompareStringA
lstrcmpW
GetComputerNameW
TlsGetValue
GetVersionExA
GetVersion
TlsFree
HeapDestroy
GetProcessHeap
DeleteCriticalSection
TlsSetValue
CloseHandle
WaitForSingleObjectEx
InterlockedDecrement
CreateEventA
HeapCreate
SetLastError
TlsAlloc

Exports

Exports

LdapGetLastError
LdapMapErrorToWin32
LdapUTF8ToUnicode
LdapUnicodeToUTF8
ber_alloc_t
ber_bvdup
ber_bvecfree
ber_bvfree
ber_first_element
ber_flatten
ber_free
ber_init
ber_next_element
ber_peek_tag
ber_printf
ber_scanf
ber_skip_tag
cldap_open
cldap_openA
cldap_openW
ldap_abandon
ldap_add
ldap_addA
ldap_addW
ldap_add_ext
ldap_add_extA
ldap_add_extW
ldap_add_ext_s
ldap_add_ext_sA
ldap_add_ext_sW
ldap_add_s
ldap_add_sA
ldap_add_sW
ldap_bind
ldap_bindA
ldap_bindW
ldap_bind_s
ldap_bind_sA
ldap_bind_sW
ldap_check_filterA
ldap_check_filterW
ldap_cleanup
ldap_close_extended_op
ldap_compare
ldap_compareA
ldap_compareW
ldap_compare_ext
ldap_compare_extA
ldap_compare_extW
ldap_compare_ext_s
ldap_compare_ext_sA
ldap_compare_ext_sW
ldap_compare_s
ldap_compare_sA
ldap_compare_sW
ldap_conn_from_msg
ldap_connect
ldap_control_free
ldap_control_freeA
ldap_control_freeW
ldap_controls_free
ldap_controls_freeA
ldap_controls_freeW
ldap_count_entries
ldap_count_references
ldap_count_values
ldap_count_valuesA
ldap_count_valuesW
ldap_count_values_len
ldap_create_page_control
ldap_create_page_controlA
ldap_create_page_controlW
ldap_create_sort_control
ldap_create_sort_controlA
ldap_create_sort_controlW
ldap_create_vlv_controlA
ldap_create_vlv_controlW
ldap_delete
ldap_deleteA
ldap_deleteW
ldap_delete_ext
ldap_delete_extA
ldap_delete_extW
ldap_delete_ext_s
ldap_delete_ext_sA
ldap_delete_ext_sW
ldap_delete_s
ldap_delete_sA
ldap_delete_sW
ldap_dn2ufn
ldap_dn2ufnA
ldap_dn2ufnW
ldap_encode_sort_controlA
ldap_encode_sort_controlW
ldap_err2string
ldap_err2stringA
ldap_err2stringW
ldap_escape_filter_element
ldap_escape_filter_elementA
ldap_escape_filter_elementW
ldap_explode_dn
ldap_explode_dnA
ldap_explode_dnW
ldap_extended_operation
ldap_extended_operationA
ldap_extended_operationW
ldap_extended_operation_sA
ldap_extended_operation_sW
ldap_first_attribute
ldap_first_attributeA
ldap_first_attributeW
ldap_first_entry
ldap_first_reference
ldap_free_controls
ldap_free_controlsA
ldap_free_controlsW
ldap_get_dn
ldap_get_dnA
ldap_get_dnW
ldap_get_next_page
ldap_get_next_page_s
ldap_get_option
ldap_get_optionA
ldap_get_optionW
ldap_get_paged_count
ldap_get_values
ldap_get_valuesA
ldap_get_valuesW
ldap_get_values_len
ldap_get_values_lenA
ldap_get_values_lenW
ldap_init
ldap_initA
ldap_initW
ldap_memfree
ldap_memfreeA
ldap_memfreeW
ldap_modify
ldap_modifyA
ldap_modifyW
ldap_modify_ext
ldap_modify_extA
ldap_modify_extW
ldap_modify_ext_s
ldap_modify_ext_sA
ldap_modify_ext_sW
ldap_modify_s
ldap_modify_sA
ldap_modify_sW
ldap_modrdn
ldap_modrdn2
ldap_modrdn2A
ldap_modrdn2W
ldap_modrdn2_s
ldap_modrdn2_sA
ldap_modrdn2_sW
ldap_modrdnA
ldap_modrdnW
ldap_modrdn_s
ldap_modrdn_sA
ldap_modrdn_sW
ldap_msgfree
ldap_next_attribute
ldap_next_attributeA
ldap_next_attributeW
ldap_next_entry
ldap_next_reference
ldap_open
ldap_openA
ldap_openW
ldap_parse_extended_resultA
ldap_parse_extended_resultW
ldap_parse_page_control
ldap_parse_page_controlA
ldap_parse_page_controlW
ldap_parse_reference
ldap_parse_referenceA
ldap_parse_referenceW
ldap_parse_result
ldap_parse_resultA
ldap_parse_resultW
ldap_parse_sort_control
ldap_parse_sort_controlA
ldap_parse_sort_controlW
ldap_parse_vlv_controlA
ldap_parse_vlv_controlW
ldap_perror
ldap_rename_ext
ldap_rename_extA
ldap_rename_extW
ldap_rename_ext_s
ldap_rename_ext_sA
ldap_rename_ext_sW
ldap_result
ldap_result2error
ldap_sasl_bindA
ldap_sasl_bindW
ldap_sasl_bind_sA
ldap_sasl_bind_sW
ldap_search
ldap_searchA
ldap_searchW
ldap_search_abandon_page
ldap_search_ext
ldap_search_extA
ldap_search_extW
ldap_search_ext_s
ldap_search_ext_sA
ldap_search_ext_sW
ldap_search_init_page
ldap_search_init_pageA
ldap_search_init_pageW
ldap_search_s
ldap_search_sA
ldap_search_sW
ldap_search_st
ldap_search_stA
ldap_search_stW
ldap_set_dbg_flags
ldap_set_dbg_routine
ldap_set_option
ldap_set_optionA
ldap_set_optionW
ldap_simple_bind
ldap_simple_bindA
ldap_simple_bindW
ldap_simple_bind_s
ldap_simple_bind_sA
ldap_simple_bind_sW
ldap_sslinit
ldap_sslinitA
ldap_sslinitW
ldap_start_tls_sA
ldap_start_tls_sW
ldap_startup
ldap_stop_tls_s
ldap_ufn2dn
ldap_ufn2dnA
ldap_ufn2dnW
ldap_unbind
ldap_unbind_s
ldap_value_free
ldap_value_freeA
ldap_value_freeW
ldap_value_free_len

Sections

.text
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4403dd23327747c76b407c99f4537827

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-localregistry-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 242KB - Virtual size: 242KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 242KB - Virtual size: 242KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 13KB - Virtual size: 12KB