authfwcfg[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

authfwcfg.dll
Size

326KB
MD5

7b3a07bb31ad831c4f66b08ecead2209
SHA1

0f91c07591a1bc97cdc9df2949f8b7536eaec232
SHA256

e1c0d1eaaa4be1bd84eb5adfa5856d7697e94978583d959d5b147fc202d031ef
SHA512

4915977aa43d3c39d3905278d42d753bef7e8a766b70a2cf535e7f88389b843d2fef90194bb247676bda5cb6c5f63039127590f682f8b51a4eb1819cbab96770
SSDEEP

6144:lz3MnfgmR2+CeMwNpkPxt50lkMZXUF8nL:lz3H9EpgtSlkMxo8L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
authfwcfg.dll

Files

authfwcfg.dll
.dll windows:6 windows x86 arch:x86

f90a85f4c4ea44de82298ebbe2b81171

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

authfwcfg.pdb

Imports

msvcrt

??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
__CxxFrameHandler3
_CxxThrowException
_wcsicmp
??0exception@@QAE@XZ
memcpy
wcscpy_s
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
?what@exception@@UBEPBDXZ
_amsg_exit
_initterm
memcpy_s
isalnum
isdigit
abort
isspace
tolower
setlocale
__mb_cur_max
__crtLCMapStringW
__crtGetStringTypeW
___mb_cur_max_func
_errno
___lc_handle_func
___lc_codepage_func
__pctype_func
_callnewh
??0exception@@QAE@ABQBD@Z
_XcptFilter
memmove_s
??1type_info@@UAE@XZ
wcstoul
wcstok_s
_vsnwprintf
free
_vsnprintf
malloc
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
localeconv
_wcsnicmp
iswdigit
_strtoui64
_strtoi64
memchr
_itow
memset

ntdll

EtwTraceMessage
WinSqmAddToStream
RtlIpv4StringToAddressW
RtlIpv6StringToAddressW
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW

kernel32

GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
OutputDebugStringA
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
Sleep
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
WideCharToMultiByte
GetVersionExW
GetComputerNameExW
GetDateFormatW
GetTimeFormatW
CompareStringW
ExpandEnvironmentStringsW
SetLastError
GetProcessHeap
HeapAlloc
HeapFree
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryExW
GetLastError

advapi32

TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetTraceEnableFlags

netsh.exe

PrintMessageFromModule
PrintError
PrintMessage
MatchTagsInCmdLine
RegisterContext
MatchToken
RegisterHelper

user32

LoadStringW

ole32

CoInitializeEx
StringFromGUID2
CoCreateGuid
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

bcrypt

BCryptGetFipsAlgorithmMode

ws2_32

htonl

firewallapi

FWFreeAuthenticationSet
FwFreeAddresses
FWExportPolicy
FWImportPolicy
FWSetConfig
FWClosePolicyStore
FWSetFirewallRule
FWVerifyConnectionSecurityRule
FWVerifyAuthenticationSet
FwPortsToBstr
FwBstrToPorts
FWEnumConnectionSecurityRules
FWCopyConnectionSecurityRule
FWFreeConnectionSecurityRules
FWEnumFirewallRules
FWCopyFirewallRule
FWFreeFirewallRules
FWEnumAuthenticationSets
FWFreeAuthenticationSets
FWCopyAuthenticationSet
FWFreeCryptoSets
FWCopyCryptoSet
FwStringToAddresses
FWFreeConnectionSecurityRule
FWEnumPhase2SAs
FWEnumPhase1SAs
FWGetGlobalConfig
FWOpenPolicyStore
FWStatusMessageFromStatusCode
FWDeletePhase1SAs
FWDeletePhase2SAs
FWFreePhase1SAs
FWFreePhase2SAs
FWVerifyFirewallRule
FWDeleteFirewallRule
FWAddFirewallRule
FWSetMainModeRule
FWVerifyMainModeRule
FWDeleteMainModeRule
FWEnumMainModeRules
FWFreeMainModeRules
FWSetCryptoSet
FwCopyPortsContents
FwCopyWFAddressesContents
FWSetConnectionSecurityRule
FwGetAddressesAsString
FWRestoreGPODefaults
FWAddMainModeRule
FWSetGlobalConfig
FwIsRemoteManagementEnabled
FWFreeCryptoSet
FWGetConfig
FwAlloc
FWEnumProducts
FWFreeProducts
FWVerifyCryptoSet
FWDeleteConnectionSecurityRule
FwFree
FWRestoreDefaults
FWAddConnectionSecurityRule
FWAddAuthenticationSet
FWAddCryptoSet
FWEnumCryptoSets
FWDeleteCryptoSet
FWFreeFirewallRule
FWDeleteAuthenticationSet

winipsec

ord22
ord61

shlwapi

ord487

Exports

Exports

GetResourceString
InitHelperDll

Sections

.text
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f90a85f4c4ea44de82298ebbe2b81171

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

netsh.exe

user32

ole32

oleaut32

bcrypt

ws2_32

firewallapi

winipsec

shlwapi

Exports

Exports

Sections

.text Size: 300KB - Virtual size: 299KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 300KB - Virtual size: 299KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 21KB - Virtual size: 21KB