dot3msm[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dot3msm.dll
Size

112KB
MD5

0ce0812f2bdfed908fb1066ad4b868c7
SHA1

d9d3cbe2db3637421258f1683de3e20fc3b34308
SHA256

076e1695329c60a1f63f71b114d96d4e0d456ca58aa26a5a3b7812cd0f899982
SHA512

9d1e42e6b4c64ce9e20274bcc6ee30200c67a45c49f471f62e69c2897104cf609087e944b31b58f28d4f22202f2cfaba7db64677d10c6ee66d0da199d5d27809
SSDEEP

1536:SS49RGg1DRFFZujiDUV0ivopS3A8HCVXa1ZTYH+fzTwtZmZs7iyHZ:SUg1HFZuUUMpfVXa1ZTYH+fzTwWi7i6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dot3msm.dll

Files

dot3msm.dll
.dll windows:6 windows x86 arch:x86

c785dc48bffe9c1db2f325f17f0e67fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dot3msm.pdb

Imports

msvcrt

towupper
_snwprintf_s
memmove
_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
memcpy
wcscpy_s
memset

ntdll

EtwEventEnabled
EtwEventUnregister
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
RtlNtStatusToDosError
RtlInitUnicodeString
EtwEventWrite
EtwTraceMessage
NtOpenFile

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleExW
LoadStringW
GetProcAddress
LoadLibraryExA
FreeLibrary

authz

AuthziLogAuditEvent
AuthziInitializeAuditEvent
AuthziInitializeAuditParams
AuthziFreeAuditEventType
AuthzFreeAuditEvent
AuthziInitializeAuditEventType

kernel32

DeleteTimerQueueTimer
SetLastError
DeleteTimerQueueEx
CreateTimerQueue
ChangeTimerQueueTimer
LeaveCriticalSection
ReadFile
WriteFile
CreateFileA
DeviceIoControl
CreateTimerQueueTimer
HeapAlloc
GetProcessHeap
HeapFree
GetTickCount64
DuplicateHandle
EnterCriticalSection
DelayLoadFailureHook
InterlockedDecrement
InterlockedIncrement
Sleep
CloseHandle
CreateEventW
WaitForSingleObject
SetEvent
GetLastError
QueueUserWorkItem
LocalFree
InitializeCriticalSection
InterlockedCompareExchange
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeleteCriticalSection
BindIoCompletionCallback

Exports

Exports

DllMain
Dot3MsmConnect
Dot3MsmCreateDefaultProfile
Dot3MsmDeInit
Dot3MsmDeInitAdapter
Dot3MsmDisconnect
Dot3MsmFreeMemory
Dot3MsmFreeProfile
Dot3MsmIndicateSessionChange
Dot3MsmInit
Dot3MsmInitAdapter
Dot3MsmQueryMediaState
Dot3MsmQueryPendingUIRequest
Dot3MsmQueryState
Dot3MsmReAuthenticate
Dot3MsmSetRuntimeState
Dot3MsmUIResponse
Dot3MsmValidateProfile
Dot3ReasonCodeMsmToString
Dot3SetPortAuthenticationState

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c785dc48bffe9c1db2f325f17f0e67fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-1-0

authz

kernel32

Exports

Exports

Sections

.text Size: 103KB - Virtual size: 102KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 103KB - Virtual size: 102KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB