authfwcfg[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

authfwcfg.dll
Size

364KB
MD5

c4aab8fd782896e0c2422333ec164feb
SHA1

7969785d934c18ac9dbf17e2bbfbf6978896607d
SHA256

8c8a0c5b93549c6f942c66ed5b1d3b77a279e6544fb75766b318dd185cf84699
SHA512

0cc8dda86d21ac60069229fa48a7552a70583b833367b513ebfe80d0f4d8714f9eb05852b15a019e65e6dfe9fa55f6a3de47d622ff3b1360e626b1024135e550
SSDEEP

6144:AvF/VddhnbC0RF5cP0L38YHeChnjGsk/ZEAtAMOO9HGsO7IJGJQn2++o:AvF/XmucP0RvGOO9HGsLQJ42+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
authfwcfg.dll

Files

authfwcfg.dll
.dll windows:10 windows x86 arch:x86

a796a1b746a9874af9a786f7e71d6eea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

authfwcfg.pdb

Imports

msvcrt

wcstok_s
??3@YAXPAX@Z
wcscpy_s
_wcsicmp
_purecall
_vsnwprintf
?what@exception@@UBEPBDXZ
_except_handler4_common
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_initterm
_amsg_exit
_XcptFilter
isdigit
isalnum
abort
_wsetlocale
__crtLCMapStringW
_wcsdup
memchr
tolower
isspace
__uncaught_exception
_unlock
_lock
setlocale
calloc
__pctype_func
memset
_ismbblead
___lc_codepage_func
___lc_handle_func
_errno
___mb_cur_max_func
memmove
memcpy
_CxxThrowException
??0exception@@QAE@ABQBDH@Z
_callnewh
localeconv
ldexp
_wcsnicmp
??_V@YAXPAX@Z
_itow_s
iswdigit
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
free
malloc
_vsnprintf
__CxxFrameHandler3

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadStringW

bcrypt

BCryptGetFipsAlgorithmMode

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoUninitialize
CoCreateGuid
StringFromGUID2

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
FreeSid
CheckTokenMembership

ntdll

RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
WinSqmAddToStream

ws2_32

htonl

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

netsh.exe

RegisterContext
RegisterHelper
PrintMessageFromModule
PrintError
PrintMessage
MatchTagsInCmdLine
MatchToken

fwpolicyiomgr

FwCopyPortsContents

firewallapi

FWFreeCryptoSet
FWRestoreGPODefaults
FWRestoreDefaults
FWExportPolicy
FWImportPolicy
FWClosePolicyStore
FwBstrToPorts
FWFreeFirewallRule
FWFreeConnectionSecurityRule
FWEnumPhase2SAs
FWEnumPhase1SAs
FWFreeAuthenticationSets
FWCopyAuthenticationSet
FWEnumAuthenticationSets
FWFreeCryptoSets
FWCopyCryptoSet
FWFreeConnectionSecurityRules
FWCopyConnectionSecurityRule
FWEnumConnectionSecurityRules
FWFreeFirewallRules
FWCopyFirewallRule
FWEnumFirewallRules
FWGetGlobalConfig
FWOpenPolicyStore
FWStatusMessageFromStatusCode
FWDeletePhase2SAs
FWDeletePhase1SAs
FWFreePhase2SAs
FWFreePhase1SAs
FWDeleteFirewallRule
FWAddFirewallRule
FWVerifyFirewallRule
FWEnumMainModeRules
FWSetMainModeRule
FWDeleteMainModeRule
FWFreeMainModeRules
FWAddMainModeRule
FWVerifyMainModeRule
FwGetAddressesAsString
FWSetCryptoSet
FwCopyWFAddressesContents
FWSetConnectionSecurityRule
FWEnumCryptoSets
FWDeleteCryptoSet
FWDeleteAuthenticationSet
FWDeleteConnectionSecurityRule
FWAddConnectionSecurityRule
FWAddAuthenticationSet
FWAddCryptoSet
FWFreeAuthenticationSet
FwFreeAddresses
FWVerifyConnectionSecurityRule
FWVerifyAuthenticationSet
FwStringToAddresses
FWFreeProducts
FWEnumProducts
FwIsRemoteManagementEnabled
FWGetConfig
FWSetConfig
FWVerifyCryptoSet
FWSetGlobalConfig
FWSetFirewallRule

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetResourceString
InitHelperDll

Sections

.text
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a796a1b746a9874af9a786f7e71d6eea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

bcrypt

api-ms-win-core-com-l1-1-0

oleaut32

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

ntdll

ws2_32

api-ms-win-core-synch-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

netsh.exe

fwpolicyiomgr

firewallapi

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 329KB - Virtual size: 328KB

.data Size: 2KB - Virtual size: 3KB

.idata Size: 6KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 48B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 329KB - Virtual size: 328KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 6KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 48B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 23KB