appmgmts[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

appmgmts.dll
Size

183KB
MD5

1a8ea3500576dd4b43e9318f10709e0e
SHA1

a69f060adb4e630ff80d21ebd0264a171e9910e7
SHA256

85f8581c319de241b223366f08a5f9301858da9da1a0caa10ed387a2b99ec216
SHA512

6a0e5e4b9bb3aa3d1aa6bbc3d5c5d83421b53de8283209b6499ca15a3796a1774160d75b054c2dae08299f71b967196685cb56e4f07efb4fc58a944671c7d6dd
SSDEEP

3072:GovdOI7076HfC3jCuQHnRwERZsMMFBtjJGtvPpd8t+ESsU3RS:FlOI4GHGj+RwEc/FjgvhdZf3R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
appmgmts.dll

Files

appmgmts.dll
.dll windows:6 windows x64 arch:x64

716912e5bba3edbf2e0aec05be6831e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

appmgmts.pdb

Imports

msvcrt

_unlock
__dllonexit
_onexit
memcpy
_lock
__C_specific_handler
_initterm
__CxxFrameHandler3
malloc
free
_amsg_exit
_XcptFilter
swscanf
_wcsicmp
wcstoul
_wcsnicmp
_wcslwr
wcsncmp
wcsrchr
_purecall
wcschr
_vsnwprintf
memset

ntdll

RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlInitUnicodeString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAdjustPrivilege
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlUnicodeStringToInteger

kernel32

SetEvent
GetSystemDefaultLangID
DisableThreadLibraryCalls
lstrlenW
CreateFileW
SetEndOfFile
WriteFile
InitializeCriticalSection
DeleteCriticalSection
GetSystemInfo
GetComputerNameW
GetFileAttributesW
CreateDirectoryW
ResetEvent
FindNextFileW
GetSystemDirectoryW
CompareStringW
MoveFileExW
LoadLibraryW
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
FreeLibraryAndExitThread
ReadFileEx
WaitForSingleObjectEx
GetCurrentProcess
GetModuleHandleExW
SetFilePointer
OutputDebugStringW
FormatMessageW
MoveFileW
GetLocalTime
GetFileAttributesExW
GetCurrentThreadId
GetCurrentProcessId
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetFullPathNameW
RemoveDirectoryW
GetVersionExW
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetFileSize
ReadFile
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetTickCount
DebugBreak
CopyFileW
GetSystemTime
lstrcmpW
FindClose
FindFirstFileW
FileTimeToSystemTime
CompareFileTime
WaitForSingleObject
WaitForMultipleObjects
CreateThread
CreateEventW
DeleteFileW
LocalFree
LocalAlloc
lstrcmpiW
CloseHandle
GetLastError
GetCurrentThread
InitializeCriticalSectionAndSpinCount
SetFileAttributesW

userenv

GetAppliedGPOListW
ForceSyncFgPolicy
RsopSetPolicySettingStatus
RsopAccessCheckByType
EnterCriticalPolicySection
LeaveCriticalPolicySection
RsopResetPolicySettingStatus
FreeGPOListW

advapi32

ImpersonateLoggedOnUser
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegDeleteValueW
RegQueryInfoKeyW
RegDeleteKeyExW
RegEnumKeyExW
EqualSid
SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW
CloseEventLog
ReportEventW
OpenEventLogW
CopySid
GetTokenInformation
OpenProcessToken
ConvertSidToStringSidW
ConvertStringSidToSidW
CheckTokenMembership
DuplicateTokenEx
RegSetValueExW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegisterServiceCtrlHandlerW
RevertToSelf
RegOpenCurrentUser
OpenThreadToken
SetServiceStatus
DuplicateToken
GetUserNameW
AddAccessAllowedAce
GetAce
SetFileSecurityW
DeleteAce
RegEnumKeyW
FreeSid

rpcrt4

NdrServerCall2
UuidFromStringW
RpcServerInterfaceGroupCreateW
NdrServerCallAll
RpcServerInterfaceGroupClose
RpcRaiseException
RpcStringFreeW
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcImpersonateClient
UuidCreate
RpcServerInterfaceGroupActivate

adsldpc

BuildADsPathFromParent
ADSISetSearchPreference
ADSICloseDSObject
ADsEncodeBinaryData
ADSIGetObjectAttributes
ADSICloseSearchHandle
ADSISetObjectAttributes
ADSIGetFirstRow
ADSIGetNextRow
ADSIFreeColumn
ADSICreateDSObject
ADSIDeleteDSObject
ADSIGetColumn
ADSIOpenDSObject
FreeADsMem
BuildADsParentPath
ADSIExecuteSearch

oleaut32

SysStringLen
SysFreeString
SysAllocString
VariantInit
SafeArrayPutElement
SafeArrayCreate
VariantClear

ole32

CoUninitialize
CoInitializeEx

Exports

Exports

CsCreateClassStore
CsEnumApps
CsGetAppCategories
CsGetClassAccess
CsGetClassStore
CsGetClassStorePath
CsRegisterAppCategory
CsServerGetClassStore
CsSetOptions
CsUnregisterAppCategory
DllCanUnloadNow
DllGetClassObject
GenerateGroupPolicy
IID_IClassAdmin
ProcessGroupPolicyObjectsEx
ReleaseAppCategoryInfoList
ReleasePackageDetail
ReleasePackageInfo
ServiceMain

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

716912e5bba3edbf2e0aec05be6831e7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

userenv

advapi32

rpcrt4

adsldpc

oleaut32

ole32

Exports

Exports

Sections

.text Size: 166KB - Virtual size: 166KB

.data Size: 1KB - Virtual size: 4KB

.pdata Size: 4KB - Virtual size: 4KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 756B

.text
Size: 166KB - Virtual size: 166KB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 4KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 756B