adsldpc.pdb
Static task
static1
Behavioral task
behavioral1
Sample
adsldpc.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
adsldpc.dll
Resource
win10v2004-20240508-en
General
-
Target
adsldpc.dll
-
Size
245KB
-
MD5
0c817deff7f2159524f9125fe0180b90
-
SHA1
4b523f2925174c85bc31ce4a6d4e0b9b9a26f650
-
SHA256
0a0987422a05589fb6bd238472c943e79f3899d40097cd56bd4199a7442de3ed
-
SHA512
d2be21fa96603dc8e1a9a9a624575ad65609272ae5a1124cbb976ff26006f2da01971b442cf2ad9591809cd17099efc16b560fc6d19e3574b91c1c519350d3e1
-
SSDEEP
3072:J5paETVnUJgBanD/NykHFUMlbFT1QdIMNLkOv5LwE1LHxyvIFWjUpaK3do:JquVUJgBVkWQ+5LwED3d
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource adsldpc.dll
Files
-
adsldpc.dll.dll windows:6 windows x64 arch:x64
0618ca6e12d3be7e3b405246a2e46c34
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
memcpy
memset
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnwprintf
_wcsnicmp
wcsstr
bsearch
qsort
wcsncat_s
iswdigit
swprintf_s
_itow_s
_wtoi
wcsrchr
wcstoul
swscanf_s
_wtol
_wcsicmp
memcpy_s
wcschr
wcscat_s
wcsncpy_s
wcscpy_s
wcscmp
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwEventWrite
EtwEventUnregister
EtwEventRegister
RtlIdentifierAuthoritySid
wldap32
ord54
ord14
ord94
ord300
ord311
ord301
ord304
ord310
ord309
ord219
ord146
ord88
ord216
ord73
ord13
ord208
ord210
ord36
ord190
ord157
ord155
ord165
ord188
ord161
ord69
ord65
ord113
ord111
ord85
ord10
ord40
ord179
ord147
ord26
ord27
ord127
ord167
ord140
ord97
ord142
ord77
ord224
ord79
ord133
ord18
ord203
ord194
ord206
ord134
ord135
ord138
ord191
ord116
ord100
ord173
ord319
ord321
ord91
ord29
ord53
ord16
ord12
ord120
ord145
ord41
kernel32
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetCurrentProcessId
CompareFileTime
lstrlenW
ExpandEnvironmentStringsW
DeleteFileW
WriteFile
CreateFileW
ReadFile
GetFileSize
CreateDirectoryW
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetTickCount
MultiByteToWideChar
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
CompareStringOrdinal
CloseHandle
GetCurrentProcess
GetCurrentThread
GetProcAddress
SetLastError
GetLastError
LoadLibraryW
GetSystemDirectoryW
ResolveDelayLoadedAPI
DelayLoadFailureHook
RaiseException
GetSystemTimeAsFileTime
LeaveCriticalSection
LocalFree
LocalAlloc
GetCurrentThreadId
EnterCriticalSection
Exports
Exports
??0CLexer@@QEAA@XZ
??1CLexer@@QEAA@XZ
?GetNextToken@CLexer@@QEAAJPEAGPEAK@Z
?InitializePath@CLexer@@QEAAJPEAG@Z
?SetAtDisabler@CLexer@@QEAAXH@Z
?SetExclaimnationDisabler@CLexer@@QEAAXH@Z
?SetFSlashDisabler@CLexer@@QEAAXH@Z
ADSIAbandonSearch
ADSICloseDSObject
ADSICloseSearchHandle
ADSICreateDSObject
ADSIDeleteDSObject
ADSIExecuteSearch
ADSIFreeColumn
ADSIGetColumn
ADSIGetFirstRow
ADSIGetNextColumnName
ADSIGetNextRow
ADSIGetObjectAttributes
ADSIGetPreviousRow
ADSIModifyRdn
ADSIOpenDSObject
ADSIPrint
ADSISetObjectAttributes
ADSISetSearchPreference
ADsAbandonSearch
ADsCloseSearchHandle
ADsCreateAttributeDefinition
ADsCreateClassDefinition
ADsCreateDSObject
ADsCreateDSObjectExt
ADsDecodeBinaryData
ADsDeleteAttributeDefinition
ADsDeleteClassDefinition
ADsDeleteDSObject
ADsEncodeBinaryData
ADsEnumAttributes
ADsEnumClasses
ADsExecuteSearch
ADsFreeColumn
ADsGetColumn
ADsGetFirstRow
ADsGetLastError
ADsGetNextColumnName
ADsGetNextRow
ADsGetObjectAttributes
ADsGetPreviousRow
ADsHelperGetCurrentRowMessage
ADsObject
ADsSetLastError
ADsSetObjectAttributes
ADsSetSearchPreference
ADsWriteAttributeDefinition
ADsWriteClassDefinition
AdsTypeFreeAdsObjects
AdsTypeToLdapTypeCopyConstruct
AdsTypeToLdapTypeCopyDNWithBinary
AdsTypeToLdapTypeCopyDNWithString
AdsTypeToLdapTypeCopyGeneralizedTime
AdsTypeToLdapTypeCopyTime
AllocADsMem
AllocADsStr
BerBvFree
BerEncodingQuotaControl
BuildADsParentPath
BuildADsParentPathFromObjectInfo
BuildADsParentPathFromObjectInfo2
BuildADsPathFromLDAPPath
BuildADsPathFromLDAPPath2
BuildADsPathFromParent
BuildLDAPPathFromADsPath
BuildLDAPPathFromADsPath2
ChangeSeparator
Component
ConvertSidToString
ConvertSidToU2Trustee
ConvertU2TrusteeToSid
FindEntryInSearchTable
FindSearchTableIndex
FreeADsMem
FreeADsStr
FreeObjectInfo
GetDefaultServer
GetDisplayName
GetDomainDNSNameForDomain
GetLDAPTypeName
GetServerAndPort
GetSyntaxOfAttribute
InitObjectInfo
IsGCNamespace
LdapAddExtS
LdapAddS
LdapAttributeFree
LdapCacheAddRef
LdapCloseObject
LdapCompareExt
LdapControlFree
LdapControlsFree
LdapCountEntries
LdapCrackUserDNtoNTLMUser2
LdapCreatePageControl
LdapDeleteExtS
LdapDeleteS
LdapFirstAttribute
LdapFirstEntry
LdapGetDn
LdapGetNextPageS
LdapGetSchemaObjectCount
LdapGetSubSchemaSubEntryPath
LdapGetSyntaxIdOfAttribute
LdapGetSyntaxOfAttributeOnServer
LdapGetValues
LdapGetValuesLen
LdapInitializeSearchPreferences
LdapIsClassNameValidOnServer
LdapMakeSchemaCacheObsolete
LdapMemFree
LdapModDnS
LdapModifyExtS
LdapModifyS
LdapMsgFree
LdapNextAttribute
LdapNextEntry
LdapOpenObject
LdapOpenObject2
LdapParsePageControl
LdapParseResult
LdapReadAttribute
LdapReadAttribute2
LdapReadAttributeFast
LdapRenameExtS
LdapResult
LdapSearch
LdapSearchAbandonPage
LdapSearchExtS
LdapSearchInitPage
LdapSearchS
LdapSearchST
LdapTypeBinaryToString
LdapTypeCopyConstruct
LdapTypeFreeLdapModList
LdapTypeFreeLdapModObject
LdapTypeFreeLdapObjects
LdapTypeToAdsTypeCopyConstruct
LdapTypeToAdsTypeDNWithBinary
LdapTypeToAdsTypeDNWithString
LdapTypeToAdsTypeGeneralizedTime
LdapTypeToAdsTypeUTCTime
LdapValueFree
LdapValueFreeLen
LdapcKeepHandleAround
LdapcSetStickyServer
MapADSTypeToLDAPType
MapLDAPTypeToADSType
PathName
ReadPagingSupportedAttr
ReadSecurityDescriptorControlType
ReadServerSupportsIsADAMControl
ReadServerSupportsIsADControl
ReallocADsMem
ReallocADsStr
SchemaAddRef
SchemaClose
SchemaGetClassInfo
SchemaGetClassInfoByIndex
SchemaGetObjectCount
SchemaGetPropertyInfo
SchemaGetPropertyInfoByIndex
SchemaGetStringsFromStringTable
SchemaGetSyntaxOfAttribute
SchemaIsClassAContainer
SchemaOpen
SortAndRemoveDuplicateOIDs
UnMarshallLDAPToLDAPSynID
intcmp
Sections
.text Size: 221KB - Virtual size: 220KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 280B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 688B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ