dot3cfg[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dot3cfg.dll
Size

80KB
MD5

b06b2fec249f48c4e7f628b689859ac7
SHA1

233793f6612f4786c57b36f7b9efc010f9a8bc33
SHA256

dc73bf7c723841fe179fc91c05afcc8d633c839329c04da3e9df5dcdc06a0f77
SHA512

13be91ab4d9f5cc577a945f4a24e9c642e13b83e98cd5d9a94fa80f5bae6aa79f13eb184bcf543b746110ec36e0150a06d9c481935c99bc6b59d3eba87b9ffe8
SSDEEP

1536:ATQlRGg1DRFFZujiPuZmmU2kTl/3wGmggiz9I4bg5u60zmreOiIkvFbzjjH:otg1HFZuhU2AgGmggiz9Iig5u60zmreR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dot3cfg.dll

Files

dot3cfg.dll
.dll windows:6 windows x86 arch:x86

440f651c4464a067742864a37a257112

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dot3cfg.pdb

Imports

msvcrt

_unlock
??1type_info@@UAE@XZ
_amsg_exit
_lock
_onexit
memset
_except_handler4_common
__CxxFrameHandler3
__dllonexit
_initterm
_XcptFilter
_callnewh
_CxxThrowException
_wtoi
_wcsicmp
wcscpy_s
_vsnwprintf
wcsstr
toupper
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
malloc
free
memcpy

kernel32

lstrcmpW
DeviceIoControl
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
SetLastError
GetSystemWindowsDirectoryW
FreeLibrary
DisableThreadLibraryCalls
HeapFree
GetProcessHeap
GetFileAttributesW
HeapAlloc
LocalFree
FormatMessageW
CloseHandle
GetExitCodeProcess
WaitForSingleObject
GetLastError
CreateProcessW
CreateDirectoryW
ExpandEnvironmentStringsW
InterlockedExchange
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId

netsh.exe

PrintError
PrintMessage
MatchTagsInCmdLine
MatchEnumTag
PrintMessageFromModule
RegisterHelper
RegisterContext

user32

LoadStringW

rpcrt4

UuidToStringW
RpcStringFreeW

ole32

CoUninitialize
CoCreateInstance
CLSIDFromString
CoInitializeEx

oleaut32

VariantClear
SysStringLen
SysFreeString
VariantChangeType
SysAllocString
VariantInit

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW

iphlpapi

GetAdaptersAddresses

dot3api

Dot3OpenHandle
Dot3SetProfileEapXmlUserData
Dot3SetAutoConfigParameter
Dot3QueryAutoConfigParameter
Dot3CloseHandle
Dot3EnumInterfaces
Dot3ReasonCodeToString
Dot3SetProfile
Dot3GetCurrentProfile
Dot3FreeMemory
Dot3DeleteProfile
Dot3SetInterface
Dot3ReConnect
Dot3GetInterfaceState
Dot3GetProfileEapUserDataInfo

onex

OneXFreeMemory
OneXDeInitialize
OneXCreateDefaultProfile
OneXInitialize

eappcfg

EapHostPeerConfigXml2Blob
EapHostPeerConfigBlob2Xml
EapHostPeerFreeErrorMemory
EapHostPeerGetMethods
EapHostPeerFreeMemory

ntdll

NtOpenFile
RtlNtStatusToDosError
EtwTraceMessage

Exports

Exports

GetResourceString
InitHelperDll

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

440f651c4464a067742864a37a257112

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

netsh.exe

user32

rpcrt4

ole32

oleaut32

advapi32

iphlpapi

dot3api

onex

eappcfg

ntdll

Exports

Exports

Sections

.text Size: 74KB - Virtual size: 74KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 74KB - Virtual size: 74KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB