adsnt[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

adsnt.dll
Size

259KB
MD5

c5c63ff50375cee24132051f090c55bb
SHA1

4f3c11df9beae33e2da7a003869c31f3c79a2b5c
SHA256

40536d97cd231a42aeec6116cf29377e7d3ef79b7b4d1e113568703ac459dd04
SHA512

3434645c7f79f6bd3c3e825243d56e934a8953555039901f8a5c141cba5611d51c055b08cc3ed6d050245266d964fc8615ee7f308abff31b91df05d3fcfd1b3a
SSDEEP

6144:XdI5LJpQMFm8tRgCGYBn5BeEjhRBVxGSd/JZpLIs0G:XdI5LJpQMf/TBnOEjd/GIBB0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adsnt.dll

Files

adsnt.dll
.dll windows:6 windows x86 arch:x86

705239c6cc389d1bdb0cbf20c94d7e61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

adsnt.pdb

Imports

msvcrt

wcsncpy_s
_CxxThrowException
_ftol2
memcmp
memcpy
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
free
_amsg_exit
_XcptFilter
wcsrchr
_wcsnicmp
wcsncat_s
swprintf_s
wcschr
_ltow
_wtol
_itow_s
_purecall
wcscat_s
_wcsicmp
wcscpy_s
memset

ntdll

RtlSecondsSince1970ToTime
RtlRunDecodeUnicodeString
RtlInitUnicodeString
RtlRunEncodeUnicodeString
RtlTimeToSecondsSince1970

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
StartServiceW
OpenServiceW
DeleteService
CreateServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-service-winsvc-l1-2-0

QueryServiceStatus
ControlService

advapi32

EnumServicesStatusW
LookupAccountNameW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
GetLengthSid
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
GetUserNameW

activeds

ord16
ord21
ord23
ord22
ord17
ord18
ord14
ord15
ord7

ole32

StringFromCLSID
CoTaskMemFree
CreatePointerMoniker
CoCreateInstance
CLSIDFromString
IIDFromString
StringFromGUID2

winspool.drv

GetJobW
DeletePrinter
EnumPrintersW
EnumJobsW
GetPrinterW
SetPrinterW
OpenPrinterW
ClosePrinter
AddPrinterW
SetJobW

oleaut32

VariantTimeToDosDateTime
DosDateTimeToVariantTime
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayUnaccessData
SafeArrayAccessData
CreateErrorInfo
SysAllocString
VariantInit
VariantClear
DispGetIDsOfNames
SetErrorInfo
DispInvoke
LoadRegTypeLi
VariantCopy
SysFreeString
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound

netutils

NetpwNameCompare
NetApiBufferFree

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

browcli

NetServerEnum

logoncli

NetGetDCName
NetGetAnyDCName

samcli

NetGroupEnum
NetGroupGetUsers
NetLocalGroupGetMembers
NetLocalGroupEnum
NetLocalGroupDel
NetLocalGroupAdd
NetUserDel
NetGroupAdd
NetLocalGroupGetInfo
NetLocalGroupDelMembers
NetGroupDelUser
NetLocalGroupAddMembers
NetGroupAddUser
NetUserGetLocalGroups
NetGroupGetInfo
NetUserGetGroups
NetUserChangePassword
NetUserAdd
NetGroupSetInfo
NetLocalGroupSetInfo
NetUserGetInfo
NetUserSetInfo
NetQueryDisplayInformation
NetUserModalsSet
NetUserModalsGet
NetGroupDel

srvcli

NetServerGetInfo
NetServerSetInfo
NetSessionGetInfo
NetSessionDel
NetSessionEnum
NetShareDel
NetShareAdd
NetShareSetInfo
NetShareGetInfo
NetFileEnum
NetFileGetInfo
NetShareEnum

wkscli

NetWkstaUserGetInfo
NetWkstaGetInfo
NetUseGetInfo

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
Sleep
LocalFileTimeToFileTime
ResolveDelayLoadedAPI
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemDirectoryW
GetProcAddress
LoadLibraryW
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
FileTimeToDosDateTime
DosDateTimeToFileTime
DelayLoadFailureHook
SystemTimeToTzSpecificLocalTime
GetComputerNameW
FreeLibrary
DeleteCriticalSection
RaiseException
InitializeCriticalSection
GetModuleHandleW
DisableThreadLibraryCalls
GetTickCount
CompareStringOrdinal
SystemTimeToFileTime
SetLastError
GetSystemTime
GetLastError
LocalAlloc
LocalFree
LeaveCriticalSection
EnterCriticalSection
lstrlenW
FormatMessageW
GetSystemTimeAsFileTime
GetCurrentProcess
TerminateProcess

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

705239c6cc389d1bdb0cbf20c94d7e61

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-winsvc-l1-2-0

advapi32

activeds

ole32

winspool.drv

oleaut32

netutils

dsrole

browcli

logoncli

samcli

srvcli

wkscli

mpr

kernel32

Exports

Exports

Sections

.text Size: 207KB - Virtual size: 207KB

.data Size: 31KB - Virtual size: 30KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 207KB - Virtual size: 207KB

.data
Size: 31KB - Virtual size: 30KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB