TlsBrand[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

TlsBrand.dll
Size

110KB
MD5

fbc0bccff8c3c1ee9f8ae58a574a13f7
SHA1

99237e126670dad95895d030ef03bd134749106a
SHA256

c58883e2eb67a81872646a0319945c480d5b49af6fa4c358855e216997993609
SHA512

d987cbf07133811e965a205a64d069012a447a1885633561bf955b34e08322fe5d02fa8dcd3612c20590084ab5e543f0b3571e7d5ad07180871994b9fa03a271
SSDEEP

3072:krCDZw9bhNorxfmUtlYK74xVa+G4OcqlONiuR1VDsqDH:krCDZw9bhNo9fztlYKkGYpD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TlsBrand.dll

Files

TlsBrand.dll
.dll windows:6 windows x86 arch:x86

b7c3dc5d4a0c6f5a4a215464bfeb46bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

TlsBrand.pdb

Imports

msvcrt

_lock
_unlock
?terminate@@YAXXZ
_initterm
_amsg_exit
__dllonexit
memmove_s
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
_onexit
malloc
_except_handler4_common
??1type_info@@UAE@XZ
free
_vsnwprintf
memcpy_s
swscanf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
wcschr
wcstok
?what@exception@@UBEPBDXZ
_purecall
_wcsicmp
memset

winbrand

BrandingFormatString

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceEnableLevel

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
FreeLibrary
LoadStringW
GetProcAddress

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount
GetVersion

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc
GlobalFree

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Exports

Exports

??0ICALDetails@@QAE@ABV0@@Z
??0ICALDetails@@QAE@XZ
??0ICALStringDetails@@QAE@ABV0@@Z
??0ICALStringDetails@@QAE@XZ
??0IRDSProductDetails@@QAE@ABV0@@Z
??0IRDSProductDetails@@QAE@XZ
??0IW2K3ADPUCALDetails@@QAE@ABV0@@Z
??0IW2K3ADPUCALDetails@@QAE@XZ
??0IWMICALDetails@@QAE@ABV0@@Z
??0IWMICALDetails@@QAE@XZ
??1ICALDetails@@UAE@XZ
??1ICALStringDetails@@UAE@XZ
??1IRDSProductDetails@@UAE@XZ
??1IW2K3ADPUCALDetails@@UAE@XZ
??1IWMICALDetails@@UAE@XZ
??4ICALDetails@@QAEAAV0@ABV0@@Z
??4ICALStringDetails@@QAEAAV0@ABV0@@Z
??4IRDSProductDetails@@QAEAAV0@ABV0@@Z
??4IW2K3ADPUCALDetails@@QAEAAV0@ABV0@@Z
??4IWMICALDetails@@QAEAAV0@ABV0@@Z
??_7ICALDetails@@6B@
??_7ICALStringDetails@@6B@
??_7IRDSProductDetails@@6B@
??_7IW2K3ADPUCALDetails@@6B@
??_7IWMICALDetails@@6B@
?CALDetailsCreator@@YGPAVICALDetails@@XZ
?CALStringDetailsCreator@@YGPAVICALStringDetails@@XZ
?CRetailCALCreator@@YGPAVIRetailCAL@@XZ
?CWMICALDetailsCreator@@YGPAVIWMICALDetails@@XZ
?DoesCALSupportsRDS@ICALDetails@@UAEJPAGPAH@Z
?GetAccessRights@IRDSProductDetails@@UAEJPAGPAK1@Z
?GetAllOSVersionStr@ICALStringDetails@@UAEJPAPAPAGPAK@Z
?GetCALAccessRights@ICALDetails@@UAEJPAGPAK@Z
?GetCALCHID@ICALDetails@@UAEJPAGK0PAPAG@Z
?GetCALDesc@ICALStringDetails@@UAEJPAGPAPAG@Z
?GetCALDetails@ICALDetails@@UAEJPAGPAPAG1PAK21@Z
?GetCALImportDesc@ICALStringDetails@@UAEJPAGPAPAG@Z
?GetCALStr@ICALStringDetails@@UAEJPAGPAPAG1@Z
?GetCALStrLongVer@ICALStringDetails@@UAEJPAGPAPAG@Z
?GetCALStrShortVer@ICALStringDetails@@UAEJPAGPAPAG@Z
?GetCALVersion@ICALDetails@@UAEKK@Z
?GetCALVersionStr@ICALStringDetails@@UAEJKPAPAG@Z
?GetCALsForLSVersion@ICALDetails@@UAEJKPAPAPAGPAK@Z
?GetCALsForSupportFlags@ICALDetails@@UAEJKPAPAPAGPAK@Z
?GetCHIDForCALStr@ICALStringDetails@@UAEJPAG0PAPAG@Z
?GetLSCALVersion@IRDSProductDetails@@UAEJPAK@Z
?GetLSMPC@ICALDetails@@UAEJPAPAG@Z
?GetOSVersion@ICALStringDetails@@UAEJPAGPAK@Z
?GetOSVersionStr@ICALStringDetails@@UAEJKPAPAG@Z
?GetProductFromAccessRights@IRDSProductDetails@@UAEJKKPAPAG@Z
?GetSupportedCAL@ICALDetails@@UAEJKKKPAPAPAGPAK@Z
?GetSupportedCALs@ICALDetails@@UAEJPAPAPAGPAK@Z
?GetSupportedFeatures@ICALDetails@@UAEJPAK@Z
?GetValidCALTypes@ICALDetails@@UAEJKKKKPAGPAPAPAGPAK@Z
?GetW2k3ADPUCALDetails@IW2K3ADPUCALDetails@@UAEJKPAKPAPAG0@Z
?GetW2k3ADPUCALVersion@IW2K3ADPUCALDetails@@UAEJKPAGPAK@Z
?GetWMICALVersion@IWMICALDetails@@UAEJKPAK@Z
?GetWMIProdutType@IWMICALDetails@@UAEJKPAPAG0@Z
?GetWmiCalVersionID@IWMICALDetails@@UAEJKPAK@Z
?GetWmiProductID@IWMICALDetails@@UAEJPAG0PAK@Z
?RDSProductDetailsCreator@@YGPAVIRDSProductDetails@@XZ
?W2K3ADPUCALDetailsCreator@@YGPAVIW2K3ADPUCALDetails@@XZ
LicBrandFormatString
_GetCALVersion@4
_RDSGetCALVersionString@12
_RDSGetOSVersionString@12
_RDSGetProductAccessRights@12

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7c3dc5d4a0c6f5a4a215464bfeb46bb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

winbrand

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-registry-l1-1-0

Exports

Exports

Sections

.text Size: 91KB - Virtual size: 91KB

.data Size: 3KB - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 91KB - Virtual size: 91KB

.data
Size: 3KB - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 9KB