adsnt[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

adsnt.dll
Size

346KB
MD5

185a689b0c24dfbae423611c437a6787
SHA1

3085e6e22cb5f374ef8e50ab876478068931c684
SHA256

0a4a3488848b1173508f448ea39c0a80b00f3cb17ceb276ad131b40f8f192e2a
SHA512

cf7a9d40c552724772e33a520c8623434bfbe113f2b2e43625f0f80fb417ee7fb76e276e7bbf69adf2a9f108c4d36b75a7c4c1845dec62211c8126400da52afc
SSDEEP

6144:4CMFxfIHRQOfSaqZRP/lVlR5e9w8ElGwc4y:QFxfjOfSvZt/lV35eW8EIwc4y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adsnt.dll

Files

adsnt.dll
.dll windows:6 windows x64 arch:x64

8b36d78fcc03ea9a3a598e7be2b43ec2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

adsnt.pdb

Imports

msvcrt

_CxxThrowException
memcpy
memset
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
wcsrchr
_wcsnicmp
wcsncat_s
swprintf_s
wcschr
_ltow
_wtol
_itow_s
_purecall
wcscat_s
_wcsicmp
wcscpy_s
wcsncpy_s
wcscmp

ntdll

RtlSecondsSince1970ToTime
RtlRunDecodeUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlRunEncodeUnicodeString
RtlTimeToSecondsSince1970
RtlInitUnicodeString

api-ms-win-service-management-l1-1-0

StartServiceW
CreateServiceW
CloseServiceHandle
OpenServiceW
DeleteService
OpenSCManagerW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-service-winsvc-l1-2-0

ControlService
QueryServiceStatus

advapi32

GetUserNameW
EnumServicesStatusW
LookupAccountNameW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
GetLengthSid
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW

activeds

ord7
ord16
ord21
ord23
ord22
ord17
ord18
ord14
ord15

ole32

CoTaskMemFree
CreatePointerMoniker
StringFromGUID2
CoCreateInstance
CLSIDFromString
StringFromCLSID
IIDFromString

winspool.drv

GetJobW
DeletePrinter
EnumPrintersW
EnumJobsW
GetPrinterW
SetJobW
SetPrinterW
OpenPrinterW
AddPrinterW
ClosePrinter

oleaut32

SafeArrayUnaccessData
CreateErrorInfo
SystemTimeToVariantTime
VariantTimeToSystemTime
DosDateTimeToVariantTime
VariantTimeToDosDateTime
SafeArrayAccessData
SysAllocString
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
VariantInit
VariantClear
DispGetIDsOfNames
SetErrorInfo
DispInvoke
LoadRegTypeLi
VariantCopy
SysFreeString
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy

netutils

NetpwNameCompare
NetApiBufferFree

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

browcli

NetServerEnum

logoncli

NetGetAnyDCName
NetGetDCName

samcli

NetLocalGroupGetMembers
NetGroupDel
NetLocalGroupDel
NetGroupGetUsers
NetUserDel
NetGroupAdd
NetLocalGroupGetInfo
NetLocalGroupDelMembers
NetGroupDelUser
NetLocalGroupAddMembers
NetGroupAddUser
NetUserGetLocalGroups
NetGroupGetInfo
NetUserGetGroups
NetUserChangePassword
NetUserAdd
NetGroupSetInfo
NetLocalGroupSetInfo
NetUserGetInfo
NetUserSetInfo
NetQueryDisplayInformation
NetUserModalsSet
NetUserModalsGet
NetGroupEnum
NetLocalGroupEnum
NetLocalGroupAdd

srvcli

NetServerGetInfo
NetSessionGetInfo
NetSessionDel
NetSessionEnum
NetShareGetInfo
NetFileEnum
NetFileGetInfo
NetShareEnum
NetShareSetInfo
NetShareAdd
NetShareDel
NetServerSetInfo

wkscli

NetWkstaUserGetInfo
NetUseGetInfo
NetWkstaGetInfo

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
ResolveDelayLoadedAPI
DelayLoadFailureHook
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetProcAddress
LoadLibraryW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrlenW
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
FormatMessageW
FileTimeToDosDateTime
GetSystemDirectoryW
SystemTimeToTzSpecificLocalTime
GetComputerNameW
FreeLibrary
DeleteCriticalSection
RaiseException
InitializeCriticalSection
GetModuleHandleW
DisableThreadLibraryCalls
GetTickCount
CompareStringOrdinal
SystemTimeToFileTime
GetSystemTime
SetLastError
GetLastError
LocalAlloc
LocalFree
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b36d78fcc03ea9a3a598e7be2b43ec2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-winsvc-l1-2-0

advapi32

activeds

ole32

winspool.drv

oleaut32

netutils

dsrole

browcli

logoncli

samcli

srvcli

wkscli

mpr

kernel32

Exports

Exports

Sections

.text Size: 279KB - Virtual size: 279KB

.data Size: 35KB - Virtual size: 35KB

.pdata Size: 16KB - Virtual size: 15KB

.idata Size: 7KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 24B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 279KB - Virtual size: 279KB

.data
Size: 35KB - Virtual size: 35KB

.pdata
Size: 16KB - Virtual size: 15KB

.idata
Size: 7KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB