TtlsExt[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TtlsExt.dll
Size

13KB
MD5

39bd41bba27cf8b7e949724232233fe0
SHA1

5e14062bff42144b32dea710b972141952fa4af9
SHA256

00e0a9c5457a062abbf3d67456521cf61953927e6903cb12f9b8e3b8cbd66556
SHA512

f99b832b7aebd169cccefcf6ed198665d242a6f13ba334dff26e28ba2e9eb3f5117d22fc87338e220b8ff9f8b227fe54f2f916ded373190d815aa17c4e230081
SSDEEP

384:lHyAxnL0fqVGYLqWll57tr0FxnAJ2WrXWOJ:4A4EPvtaxnS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TtlsExt.dll

Files

TtlsExt.dll
.dll windows:6 windows x86 arch:x86

dffbe5eb039de3a252e2197fc370b74a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ttlsext.pdb

Imports

msvcrt

_callnewh
memmove
_XcptFilter
_amsg_exit
free
_initterm
??0exception@@QAE@XZ
malloc
??1type_info@@UAE@XZ
__CxxFrameHandler3
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
memcpy
_except_handler4_common
_onexit
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??3@YAXPAX@Z
__dllonexit
_unlock
_lock
memset

ntdll

RtlInitString
RtlNtStatusToDosError

sspicli

LsaConnectUntrusted
LsaLookupAuthenticationPackage

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadLibraryExW
FreeLibrary
DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

credui

CredUnPackAuthenticationBufferW
CredUIPromptForWindowsCredentialsW
CredPackAuthenticationBufferW

Exports

Exports

TtlsExt_FreeMemoryExt
TtlsExt_GetConfigCacheOnlyCertValidation
TtlsExt_GetConfigForceNotDomainJoined
TtlsExt_GetContextData
TtlsExt_GetUserCredentials
TtlsExt_InvokeServerAuthentication
TtlsExt_ShowHelp

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dffbe5eb039de3a252e2197fc370b74a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

sspicli

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-heap-obsolete-l1-1-0

credui

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1004B

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 584B

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1004B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 584B