TtlsCfg[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

TtlsCfg.dll
Size

164KB
MD5

51b0a4a44a7bf8c37e0500f81716ae6a
SHA1

302416469fb30a5dd957c8a33837ededd54ecbb7
SHA256

b872fce6be34f4aa4e3c31eef2721a07c89927394c889f668684b8affafa3855
SHA512

367079ac8b9590036237bfbdc19b3258be173aee361d0d345925635385079f5239345668d2fb882900ffb95dec63ec2422f71b7b162563716cba80c4ce4cdf4e
SSDEEP

3072:v+hXRgi6qsqtkYTmOslskqvfI9RTTIDjK9DT90YG3t335rxZjRC:vcXRt6qsqKYrkqvfQR/IDjK93GN35t2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TtlsCfg.dll

Files

TtlsCfg.dll
.dll windows:10 windows x86 arch:x86

d7c670621dbafd1cf01d2799ead28c77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

TtlsCfg.pdb

Imports

msvcrt

_initterm
_amsg_exit
_callnewh
__crtLCMapStringW
__crtCompareStringW
_wcsdup
memcpy
_XcptFilter
realloc
abort
memchr
tolower
isspace
__dllonexit
___lc_collate_cp_func
_errno
memset
_ismbblead
___mb_cur_max_func
wcscspn
wcscpy_s
memcpy_s
calloc
___lc_codepage_func
___lc_handle_func
__pctype_func
_onexit
??1type_info@@UAE@XZ
_lock
_unlock
setlocale
_CxxThrowException
__CxxFrameHandler3
_get_current_locale
_free_locale
_except_handler4_common
strchr
_snwprintf_s
ldexp
sprintf_s
free
isdigit
localeconv
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_purecall
malloc
strcspn
memmove
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
__uncaught_exception
isalnum
??_V@YAXPAX@Z
??3@YAXPAX@Z

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableLevel
TraceMessage
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadStringW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
Sleep

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-2-1

GetComputerNameExW
GetTickCount
GetSystemTimeAsFileTime

eappcfg

EapHostPeerQueryInteractiveUIInputFields
EapHostPeerQueryUserBlobFromCredentialInputFields
EapHostPeerQueryCredentialInputFields
EapHostPeerGetMethodProperties
EapHostPeerInvokeInteractiveUI
EapHostPeerInvokeIdentityUI
EapHostPeerCredentialsXml2Blob
EapHostPeerConfigXml2Blob
EapHostPeerFreeMemory
EapHostPeerFreeErrorMemory
EapHostPeerConfigBlob2Xml
EapHostPeerQueryUIBlobFromInteractiveUIInputFields

api-ms-win-security-credentials-l1-1-0

CredProtectW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

sspicli

GetUserNameExW

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-com-l1-1-1

CoCreateInstance

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

EapPeerConfigBlob2Xml
EapPeerConfigXml2Blob
EapPeerCreateMethodConfiguration
EapPeerCredentialsXml2Blob
EapPeerFreeErrorMemory
EapPeerFreeMemory
EapPeerGetConfigBlobAndUserBlob
EapPeerGetIdentityPageGuid
EapPeerGetMethodProperties
EapPeerGetNextPageGuid
EapPeerInvokeConfigUI
EapPeerInvokeIdentityUI
EapPeerInvokeInteractiveUI
EapPeerQueryCredentialInputFields
EapPeerQueryInteractiveUIInputFields
EapPeerQueryUIBlobFromInteractiveUIInputFields
EapPeerQueryUserBlobFromCredentialInputFields

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7c670621dbafd1cf01d2799ead28c77

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

eappcfg

api-ms-win-security-credentials-l1-1-0

api-ms-win-core-heap-l2-1-0

sspicli

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 146KB - Virtual size: 145KB

.data Size: 2KB - Virtual size: 3KB

.idata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 52B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 146KB - Virtual size: 145KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 52B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 7KB - Virtual size: 6KB