dsprop[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dsprop.dll
Size

168KB
MD5

2d4f4eaeba3edf8edc13fc888f2a7f6e
SHA1

56c3773daf4485ba09a34611783c312d082a6b9a
SHA256

de3df196c24fef0a8e30f23cf65c1159dea306b03e10a717871531afa6b3c41a
SHA512

96304643901e4b293fe5d532fab662169cabe4b7b7ba2fc77b424ff700216522b0c849104758ad02c20cde174fe04040bf49280e646ec6fbca0635408ac508be
SSDEEP

3072:KnE4r93ELPUpws93/MufLx5ko/Ox8w2TDggqGmRZ:KbGPOk8LHFxB3q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dsprop.dll

Files

dsprop.dll
.dll regsvr32 windows:6 windows x64 arch:x64

99d4d8d6bd026738590104cbf5fd8c42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dsprop.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
_onexit
??0exception@@QEAA@AEBQEBDH@Z
malloc
_purecall
memmove
iswspace
??1type_info@@UEAA@XZ
memset
memcpy
vswprintf_s
iswdigit
??0exception@@QEAA@AEBV0@@Z
__CxxFrameHandler3
_vsnwprintf
_wtoi
wcspbrk
realloc
_wtol
wcsrchr
_endthreadex
_itow_s
_beginthreadex
free
wcschr
_wcsicmp
rand
time
srand
wcscat_s
swprintf_s
wcscpy_s
wcscmp

atl

ord30

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

kernel32

GetProcAddress
LoadLibraryExW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
LocalFree
EnterCriticalSection
LeaveCriticalSection
GetLastError
FormatMessageW
GetModuleHandleW
lstrlenW
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalAlloc
GlobalFree
LocalAlloc
CloseHandle
WaitForSingleObject
GetModuleFileNameW
LoadLibraryW
SetEvent
FreeLibraryAndExitThread
GetCurrentProcessId
CreateEventW
GlobalLock
GlobalUnlock
GetGeoInfoW
Sleep
EnumSystemGeoID
lstrlenA
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
QueryPerformanceCounter

advapi32

RegQueryValueExW
EqualSid
GetLengthSid
GetSidSubAuthorityCount
GetSidLengthRequired
RegCloseKey
IsValidSid
LsaOpenPolicy
LsaLookupSids
LsaFreeMemory
LsaClose
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW

user32

MessageBoxW
MessageBeep
RegisterWindowMessageW
SendMessageW
GetParent
EnableWindow
GetDlgItem
SendDlgItemMessageW
SetDlgItemTextW
GetDC
ReleaseDC
GetWindowLongPtrW
GetDesktopWindow
SetWindowTextW
InvalidateRect
CallWindowProcW
BeginPaint
EndPaint
IsWindow
SetForegroundWindow
LoadStringW
DispatchMessageW
GetClassNameW
GetWindowTextW
GetWindowThreadProcessId
EnumWindows
PostMessageW
DefWindowProcW
SetWindowPos
DestroyWindow
PostQuitMessage
RegisterClassW
FindWindowW
GetClientRect
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
EndDialog
ShowWindow
LoadCursorW
SetCursor
RegisterClipboardFormatW
DestroyIcon
LoadIconW
IsDlgButtonChecked
GetDlgItemTextW
CheckDlgButton
DrawIcon
SetFocus
GetMessageW
CreateWindowExW
CreateDialogParamW
DialogBoxParamW
SetWindowLongPtrW

gdi32

DeleteObject
GetTextExtentPoint32W
CreatePalette
GetStockObject
SelectPalette
RealizePalette
SetDIBitsToDevice

ntdsapi

DsCrackNamesW
DsUnBindW
DsFreeNameResultW
DsBindW

shell32

ShellExecuteW
ord259
ord258

ole32

CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoGetInterfaceAndReleaseStream
ReleaseStgMedium
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysFreeString
SafeArrayUnaccessData
SafeArrayAccessData
VariantInit
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear

activeds

ord9
ord15
ord13
ord20

dsuiext

ord257
ord540
ord542

netutils

NetApiBufferFree

logoncli

DsGetDcNameW

iphlpapi

ParseNetworkString

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

Exports

Exports

ADsPropCheckIfWritable
ADsPropCreateNotifyObj
ADsPropGetInitInfo
ADsPropSendErrorMessage
ADsPropSetHwnd
ADsPropSetHwndWithTitle
ADsPropShowErrorDialog
BringSheetToForeground
CheckADsError
CrackName
DSPROP_GetGCSearchOnDomain
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ErrMsg
ErrMsgParam
FindSheet
IsSheetAlreadyUp
MsgBox
PostADsPropSheet
ReportError
Smart_PADS_ATTR_INFO__Empty

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99d4d8d6bd026738590104cbf5fd8c42

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

ntdll

kernel32

advapi32

user32

gdi32

ntdsapi

shell32

ole32

oleaut32

activeds

dsuiext

netutils

logoncli

iphlpapi

dsrole

Exports

Exports

Sections

.text Size: 118KB - Virtual size: 117KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 4KB - Virtual size: 3KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 1024B - Virtual size: 604B

.text
Size: 118KB - Virtual size: 117KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 3KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 1024B - Virtual size: 604B