AppManagementConfiguration[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AppManagementConfiguration.dll
Size

126KB
MD5

551a739a3cb16579cd1aaf341e584896
SHA1

8ab05aa3a6801597bfc335757dc6f981f5fd8df2
SHA256

aeccbdfad0deb67433583feebd2110f06afc74de7801f7e860cba9a026a62d36
SHA512

0f92016d2b63decda1f188f5cc44f01bdc824ef0aef49846dab69ba1b093360aee9d9d96cb10a8f10f9c2d0100575f050374ca35c98873c907fc058e3c03c0e6
SSDEEP

3072:4q+HnITbnIIeenx4EI6ws/IyAvkq5yLVFRzEngOcqBPrT0oH8t046VCHMpiYof2a:dmYZT0BPrT7ct0FwHMpiLYK/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AppManagementConfiguration.dll

Files

AppManagementConfiguration.dll
.dll windows:10 windows x86 arch:x86

b7a4df7164b0d968a87e57f5e1ed9b8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AppManagementConfiguration.pdb

Imports

msvcrt

??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_purecall
??3@YAXPAX@Z
memcpy_s
_vsnwprintf
memmove
memcpy
_CxxThrowException
_initterm
??0exception@@QAE@ABQBD@Z
_callnewh
??_V@YAXPAX@Z
malloc
__CxxFrameHandler3
_vsnprintf_s
_XcptFilter
_amsg_exit
?what@exception@@UBEPBDXZ
free
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler4_common
??0exception@@QAE@ABQBDH@Z
memset

kernel32

GetTickCount
FreeLibrary
LocalFree
LocalAlloc
GetProcessMitigationPolicy
GetModuleFileNameW
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
EncodePointer
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
DisableThreadLibraryCalls
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
ReleaseSRWLockShared
HeapAlloc
DecodePointer
GetProcAddress
CreateMutexExW
AcquireSRWLockShared

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegSetValueExW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

api-ms-win-service-management-l1-1-0

CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
ControlService

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ProcessAppVPolicy
ProcessUevPolicy

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7a4df7164b0d968a87e57f5e1ed9b8d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

ole32

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-winsvc-l1-1-0

oleaut32

Exports

Exports

Sections

.text Size: 111KB - Virtual size: 110KB

.data Size: 3KB - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 111KB - Virtual size: 110KB

.data
Size: 3KB - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB