TlsBrand[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

TlsBrand.dll
Size

134KB
MD5

35731f30c1f45f56251bdf861b935aec
SHA1

5d73a7f4fc0acb56f1c197ca1e85a85552eba9e8
SHA256

81a565a75541c8fcc294afb970f3c8d1cc4e9a517a1936962d86b4ca07c568b0
SHA512

eb5ea6de8b204bf1c9643e22c944cd72af5911335a3d82a25e5b3460edbc75f39b0f4f96d7f2290d1fbc856bbe3162935fc86557466b1ef9045861511537d699
SSDEEP

3072:Mp7y6w9fhho4qbfmOk3oaBYnNHyTOl7TjuEgPqijVRcWDiphN/zZETFQ9:Mp7y6w9fhho4qbfmKHyiHwqijhmprZE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TlsBrand.dll

Files

TlsBrand.dll
.dll windows:10 windows x86 arch:x86

32456375f37b4d4faadb6d0a1c3c62cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

TlsBrand.pdb

Imports

msvcrt

free
_onexit
_except_handler4_common
memcpy_s
_wcsicmp
?what@exception@@UBEPBDXZ
malloc
_callnewh
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
wcsstr
wcschr
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler3
memmove_s
_XcptFilter
_amsg_exit
_vsnwprintf
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
swscanf_s
_lock
_unlock
__dllonexit
wcstol
_purecall
wcstok
memset

winbrand

BrandingFormatString

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadStringW
GetModuleHandleExA

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalFree

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantInit

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeEx

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-file-l1-1-0

GetTempFileNameW
DeleteFileW
CreateFileW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

user32

GetSystemMetrics
UnregisterClassA

kernel32

LoadResource
FindResourceExW
LockResource
WriteFile
SizeofResource

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpConnect
WinHttpSetTimeouts
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpQueryOption
WinHttpReceiveResponse
WinHttpOpen

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapDestroy
HeapSize
HeapFree
HeapReAlloc
GetProcessHeap

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection

Exports

Exports

??0ICALDetails@@QAE@ABV0@@Z
??0ICALDetails@@QAE@XZ
??0ICALStringDetails@@QAE@ABV0@@Z
??0ICALStringDetails@@QAE@XZ
??0IRDSProductDetails@@QAE@ABV0@@Z
??0IRDSProductDetails@@QAE@XZ
??0IW2K3ADPUCALDetails@@QAE@ABV0@@Z
??0IW2K3ADPUCALDetails@@QAE@XZ
??0IWMICALDetails@@QAE@ABV0@@Z
??0IWMICALDetails@@QAE@XZ
??1ICALDetails@@UAE@XZ
??1ICALStringDetails@@UAE@XZ
??1IRDSProductDetails@@UAE@XZ
??1IW2K3ADPUCALDetails@@UAE@XZ
??1IWMICALDetails@@UAE@XZ
??4ICALDetails@@QAEAAV0@ABV0@@Z
??4ICALStringDetails@@QAEAAV0@ABV0@@Z
??4IRDSProductDetails@@QAEAAV0@ABV0@@Z
??4IW2K3ADPUCALDetails@@QAEAAV0@ABV0@@Z
??4IWMICALDetails@@QAEAAV0@ABV0@@Z
??_7ICALDetails@@6B@
??_7ICALStringDetails@@6B@
??_7IRDSProductDetails@@6B@
??_7IW2K3ADPUCALDetails@@6B@
??_7IWMICALDetails@@6B@
?GetAccessRights@IRDSProductDetails@@UAEJPAGPAK1@Z
?GetProductFromAccessRights@IRDSProductDetails@@UAEJKKPAPAG@Z
?IsTestHookValid@IRDSProductDetails@@UAEHPAK@Z
CALDetailsCreator
CALStringDetailsCreator
CRetailCALCreator
CWMICALDetailsCreator
CleanupRDLSConfig
GetRdlsSupportedFeatureMask
LicBrandFormatString
LoadRDLSConfig
RDSProductDetailsCreator
UpdateRDLSConfig
W2K3ADPUCALDetailsCreator
_GetCALVersion@4
_GetCALVersionStrings@8
_GetConversionVersionStrings@12
_RDSGetCALVersionString@12
_RDSGetCurrentVersion@0
_RDSGetOSVersionString@12
_RDSGetProductAccessRights@12

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32456375f37b4d4faadb6d0a1c3c62cc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

winbrand

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l2-1-0

oleaut32

api-ms-win-core-registry-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

user32

kernel32

winhttp

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

Exports

Exports

Sections

.text Size: 117KB - Virtual size: 116KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 117KB - Virtual size: 116KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 7KB