activeds[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

activeds.dll
Size

272KB
MD5

235a9cb1d7e11bd58a95e0f6a74f77aa
SHA1

98de72d9c7f3f0a6716f07d5c9db2862338d3add
SHA256

e9a6a3c3f8fcead8f11a7b0e351022219178197ad0dc84ef3f91e9e34d478a26
SHA512

27f31db7b2741d0dc853f121bbcbf99f59ccf4a2d8edf025fed2beb36ecff5cc5d8f67bd9ae5fc94ac689c6d7a8de363c0e4ea531f10fc14d397aeecd33a72f0
SSDEEP

6144:Fgfo82azrkv1wza/jCrRXfSE6oo9Fx/U+e4Q:H8BzrIwza/sRXfko0x/vJQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
activeds.dll

Files

activeds.dll
.dll windows:6 windows x64 arch:x64

b8c24130f111f72dadb65e3c15eb2681

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

activeds.pdb

Imports

adsldpc

FreeADsStr
ReallocADsMem
ADsSetLastError
ADsGetLastError
GetDomainDNSNameForDomain
AllocADsStr
ConvertU2TrusteeToSid
ConvertSidToU2Trustee
ConvertSidToString
LdapCrackUserDNtoNTLMUser2
AllocADsMem
GetServerAndPort
FreeADsMem

msvcrt

_snwprintf_s
memset
memcpy
memcmp
__CxxFrameHandler3
wcscpy_s
_wcsicmp
_wcsnicmp
wcschr
?terminate@@YAXXZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
swscanf_s
wcscmp
memcpy_s
malloc
free
swprintf_s
wcsncpy_s
iswspace
wcscat_s
wcstok

ntdll

RtlFirstFreeAce
RtlNtStatusToDosError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-synch-l1-2-0

EnterCriticalSection
DeleteCriticalSection
Sleep
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-registry-l1-1-0

RegGetKeySecurity
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegSetKeySecurity

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
OpenThreadToken
GetCurrentThread
OpenProcessToken
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-1

RaiseException
SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-2-0

IsValidSid
GetLengthSid
CreateWellKnownSid
MakeSelfRelativeSD
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetSecurityDescriptorControl
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
AddAce
GetAclInformation
AdjustTokenPrivileges
InitializeAcl
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetFileSecurityW
ImpersonateSelf
RevertToSelf
ImpersonateLoggedOnUser
GetSidIdentifierAuthority
SetSecurityDescriptorSacl
GetAce

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-sysinfo-l1-2-1

GetSystemDirectoryW
GetTickCount
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-localization-l1-2-1

GetUserDefaultLCID
FormatMessageW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

kernel32

LoadLibraryW

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

ADsBuildEnumerator
ADsBuildVarArrayInt
ADsBuildVarArrayStr
ADsDecodeBinaryData
ADsEncodeBinaryData
ADsEnumerateNext
ADsFreeEnumerator
ADsGetLastError
ADsGetObject
ADsOpenObject
ADsSetLastError
AdsFreeAdsValues
AdsTypeToPropVariant
AdsTypeToPropVariant2
AllocADsMem
AllocADsStr
BinarySDToSecurityDescriptor
ConvertSecDescriptorToVariant
ConvertSecurityDescriptorToSecDes
ConvertTrusteeToSid
DllCanUnloadNow
DllGetClassObject
FreeADsMem
FreeADsStr
PropVariantToAdsType
PropVariantToAdsType2
ReallocADsMem
ReallocADsStr
SecurityDescriptorToBinarySD

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8c24130f111f72dadb65e3c15eb2681

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

adsldpc

msvcrt

ntdll

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-localization-l1-2-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

kernel32

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 228KB - Virtual size: 227KB

.data Size: 25KB - Virtual size: 25KB

.pdata Size: 8KB - Virtual size: 8KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 472B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 228KB - Virtual size: 227KB

.data
Size: 25KB - Virtual size: 25KB

.pdata
Size: 8KB - Virtual size: 8KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 472B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB