TtlsAuth[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

TtlsAuth.dll
Size

159KB
MD5

f93d30909387d60cae4207835a9810fc
SHA1

d0e9bcfbd2a82fa4d9f7ceb452a84ed4da3978af
SHA256

767a81c4fd6d7f84a81a1029c3fbc182642a5e2b0c6e396601e5ef0f110c4b86
SHA512

57b733e2b10279ea30805bcb93c4f0f16f765a3c771d609627b90919b633bba9dc7fb954dca2fb7d88927cdaf8780e85e055fb0960a41d61f5d3febb468d0e71
SSDEEP

3072:756drad5jk6wGAEfdsUiRCW4JjvT77zKFDk8gW3Ik2xl/Vo/:7561abj+uFl6CWETdk2x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TtlsAuth.dll

Files

TtlsAuth.dll
.dll regsvr32 windows:6 windows x86 arch:x86

5fad7655719c8c02bd54d1fd00d2777f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

TtlsAuth.pdb

Imports

msvcrt

abort
__crtCompareStringW
memcmp
___lc_collate_cp_func
__pctype_func
__crtLCMapStringW
memcpy
setlocale
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
strcat_s
strcpy_s
strnlen
strncat_s
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
strchr
_wcsicmp
swprintf_s
_purecall
memmove
??_V@YAXPAX@Z
?what@exception@@UBEPBDXZ
_except_handler4_common
realloc
_errno
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
??1type_info@@UAE@XZ
_initterm
_amsg_exit
_XcptFilter
_callnewh
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_CxxThrowException
wcschr
sscanf_s
strstr
atol
calloc
memset
wcscat_s
malloc
free
wcsncpy_s
wcscpy_s
memcpy_s
??3@YAXPAX@Z

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceEnableFlags
UnregisterTraceGuids
GetTraceLoggerHandle
TraceMessage
RegisterTraceGuidsW

api-ms-win-core-errorhandling-l1-1-1

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-security-base-l1-2-0

RevertToSelf
ImpersonateLoggedOnUser
CheckTokenMembership
GetTokenInformation

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWrite
EventUnregister

oleaut32

VarUI4FromStr

api-ms-win-core-com-l1-1-1

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoImpersonateClient
CoRevertToSelf
StringFromGUID2
CoCreateInstance

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
GetModuleFileNameW
LoadStringW
GetModuleHandleW
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceExW
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-synch-l1-2-0

EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
Sleep
DeleteCriticalSection
WaitForSingleObject

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetComputerNameExW
GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThreadToken
GetCurrentThread
GetCurrentProcess
CreateThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

eappprxy

EapHostPeerFreeEapError
EapHostPeerEndSession
EapHostPeerInitialize
EapHostPeerFreeRuntimeMemory
EapHostPeerBeginSession
EapHostPeerSetResponseAttributes
EapHostPeerGetIdentity
EapHostPeerGetUIContext
EapHostPeerGetResult
EapHostPeerGetSendPacket
EapHostPeerUninitialize
EapHostPeerGetResponseAttributes
EapHostPeerProcessReceivedPacket
EapHostPeerSetUIContext

ntdll

RtlCreateUnicodeStringFromAsciiz
RtlNtStatusToDosError
WinSqmSetDWORD
RtlInitString
RtlFreeUnicodeString

sspicli

SetContextAttributesW
QueryContextAttributesW
LsaLookupAuthenticationPackage
AcquireCredentialsHandleW
LsaRegisterLogonProcess
InitializeSecurityContextW
GetUserNameExW
FreeContextBuffer
EncryptMessage
DecryptMessage
LsaCallAuthenticationPackage
DeleteSecurityContext
LsaDeregisterLogonProcess
LsaFreeReturnBuffer

crypt32

CryptUnprotectData
CertGetCertificateChain
CertVerifySubjectCertificateContext
CertGetEnhancedKeyUsage
CertGetNameStringW
CertCompareCertificateName
CertVerifyCertificateChainPolicy
CertGetCertificateContextProperty
CertVerifyTimeValidity
CryptProtectData

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-security-credentials-l1-1-0

CredUnprotectW
CredIsProtectedW
CredWriteA

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

samlib

SamiEncryptPasswords

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EapPeerFreeErrorMemory
EapPeerFreeMemory
EapPeerGetInfo

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fad7655719c8c02bd54d1fd00d2777f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-security-base-l1-2-0

api-ms-win-eventing-provider-l1-1-0

oleaut32

api-ms-win-core-com-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

eappprxy

ntdll

sspicli

crypt32

api-ms-win-core-timezone-l1-1-0

api-ms-win-security-credentials-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-delayload-l1-1-1

samlib

Exports

Exports

Sections

.text Size: 139KB - Virtual size: 139KB

.data Size: 512B - Virtual size: 2KB

.idata Size: 7KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 84B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 139KB - Virtual size: 139KB

.data
Size: 512B - Virtual size: 2KB

.idata
Size: 7KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 84B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 7KB