dot3api[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dot3api.dll
Size

89KB
MD5

04b88428a872390d235be52d38a9d4ef
SHA1

429716cc3d32c6fa1563901d88cf905dfe7f433f
SHA256

f6954d514b67547738eb012456342d65289b0b18a0304bbad5bdaa3436181c77
SHA512

2ba653fb17b48e90a1193389f6761d1e54bab68fec51cda8d19ce7b83cd469af4068d81be55e851eab86f2990cf81b353228bc90fd2c387b2fa6d1928037a74f
SSDEEP

1536:i/fRGg1DRFFZujifVZLmiT8XPD9q+3m7axJ0QMJqX:iAg1HFZuOZL5T8/D127axJ0jJqX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dot3api.dll

Files

dot3api.dll
.dll windows:6 windows x86 arch:x86

e8af0479115973e3431500ca0f190ee6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dot3api.pdb

Imports

msvcrt

_XcptFilter
memcpy
memmove_s
memcpy_s
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
_except_handler4_common
_amsg_exit
_initterm
memset
??0exception@@QAE@ABV0@@Z
malloc
_callnewh
free
_beginthreadex
_endthreadex
??0exception@@QAE@XZ
__CxxFrameHandler3
_CxxThrowException

atl

ord32
ord21
ord16

ntdll

EtwTraceMessage
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
CreateThread

rpcrt4

RpcAsyncCancelCall
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcBindingSetOption
RpcMgmtInqServerPrincNameW
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
RpcSsDestroyClientContext
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
RpcExceptionFilter
NdrAsyncClientCall
NdrClientCall2

eappcfg

EapHostPeerCredentialsXml2Blob
EapHostPeerFreeErrorMemory
EapHostPeerConfigXml2Blob
EapHostPeerFreeMemory

kernel32

InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
lstrcmpW
SetLastError
GetSystemWindowsDirectoryW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
GetTickCount
HeapAlloc
WaitForMultipleObjects
InterlockedCompareExchange
LoadLibraryExA
Sleep
CreateEventW
InitializeCriticalSection
GetLastError
WaitForSingleObject
WaitForSingleObjectEx
EnterCriticalSection
LeaveCriticalSection
SetEvent
CloseHandle
DeleteCriticalSection
RaiseException
HeapFree
DelayLoadFailureHook
GetProcAddress
FreeLibrary
GetProcessHeap

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

Exports

Exports

Dot3CancelPlap
Dot3CloseHandle
Dot3DeinitPlapParams
Dot3DeleteProfile
Dot3DoPlap
Dot3EnumInterfaces
Dot3FreeMemory
Dot3GetCurrentProfile
Dot3GetInterfaceState
Dot3GetProfile
Dot3GetProfileEapUserDataInfo
Dot3InitPlapParams
Dot3OpenHandle
Dot3QueryAutoConfigParameter
Dot3QueryPlapCredentials
Dot3QueryUIRequest
Dot3ReConnect
Dot3ReasonCodeToString
Dot3RegisterNotification
Dot3SetAutoConfigParameter
Dot3SetInterface
Dot3SetProfile
Dot3SetProfileEapUserData
Dot3SetProfileEapXmlUserData
Dot3UIResponse
QueryNetconStatus

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8af0479115973e3431500ca0f190ee6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

ntdll

api-ms-win-core-processthreads-l1-1-0

rpcrt4

eappcfg

kernel32

api-ms-win-security-base-l1-1-0

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 80KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 80KB - Virtual size: 80KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB