TtlsCfg[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

TtlsCfg.dll
Size

160KB
MD5

a9b7b16f2cd82e9bc4f6a9202e052bef
SHA1

48d007ccfc9a4fda27df5a31c53f544dac327e3c
SHA256

521d8875f07dfaeafb780eb95388d29cb7e874ed1d34bb37253a9c68cc0ad9b2
SHA512

55e693a91cff1a0997cbd3706c59588c5dde5f98b32e6dd152cbc3a2f32978b8bd193a29b3bef66c0de01a0343f731afbf4b66b348d6e730a0895907512dde58
SSDEEP

3072:Rn+7Crr4MFSkp7Jg0oG9XLtPhwvXF7NAvUoNYpoaSWVexaBeP5JW8t/u:B+CH4YSkpzNLwvRNAcWUmWVI15Yau

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TtlsCfg.dll

Files

TtlsCfg.dll
.dll windows:10 windows x86 arch:x86

f343b2687897fd91ab7c41a730ba0373

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

TtlsCfg.pdb

Imports

msvcrt

isalnum
_free_locale
_get_current_locale
__crtLCMapStringW
__crtCompareStringW
_wcsdup
realloc
abort
memchr
tolower
isspace
memset
isdigit
___mb_cur_max_func
calloc
___lc_codepage_func
___lc_handle_func
??1type_info@@UAE@XZ
??0exception@@QAE@ABQBDH@Z
__uncaught_exception
memmove
memcpy
_CxxThrowException
setlocale
_unlock
_lock
_callnewh
___lc_collate_cp_func
__CxxFrameHandler3
_ismbblead
_except_handler4_common
strchr
_snwprintf_s
_onexit
__dllonexit
_initterm
malloc
_errno
wcscspn
_amsg_exit
wcscpy_s
memcpy_s
ldexp
sprintf_s
free
localeconv
??0exception@@QAE@ABV0@@Z
__pctype_func
_XcptFilter
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_purecall
strcspn
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??_V@YAXPAX@Z
??3@YAXPAX@Z

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
TraceMessage

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadStringW

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount

eappcfg

EapHostPeerGetMethodProperties
EapHostPeerFreeErrorMemory
EapHostPeerFreeMemory
EapHostPeerQueryUIBlobFromInteractiveUIInputFields
EapHostPeerQueryInteractiveUIInputFields
EapHostPeerQueryUserBlobFromCredentialInputFields
EapHostPeerQueryCredentialInputFields
EapHostPeerConfigBlob2Xml
EapHostPeerInvokeInteractiveUI
EapHostPeerInvokeIdentityUI
EapHostPeerCredentialsXml2Blob
EapHostPeerConfigXml2Blob

eappprxy

EapHostPeerGetEncryptedPassword
EapHostPeerInitialize

api-ms-win-core-heap-l2-1-0

LocalFree

sspicli

GetUserNameExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-com-l1-1-0

CoCreateInstance

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

EapPeerConfigBlob2Xml
EapPeerConfigXml2Blob
EapPeerCreateMethodConfiguration
EapPeerCredentialsXml2Blob
EapPeerFreeErrorMemory
EapPeerFreeMemory
EapPeerGetConfigBlobAndUserBlob
EapPeerGetIdentityPageGuid
EapPeerGetMethodProperties
EapPeerGetNextPageGuid
EapPeerInvokeConfigUI
EapPeerInvokeIdentityUI
EapPeerInvokeInteractiveUI
EapPeerQueryCredentialInputFields
EapPeerQueryInteractiveUIInputFields
EapPeerQueryUIBlobFromInteractiveUIInputFields
EapPeerQueryUserBlobFromCredentialInputFields

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f343b2687897fd91ab7c41a730ba0373

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

eappcfg

eappprxy

api-ms-win-core-heap-l2-1-0

sspicli

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 141KB - Virtual size: 141KB

.data Size: 2KB - Virtual size: 3KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 52B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 141KB - Virtual size: 141KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 52B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 7KB - Virtual size: 6KB