dot3cfg[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dot3cfg.dll
Size

69KB
MD5

5e953d2095824baf22e4ec677122413a
SHA1

310e0551350f5bc45f095ec4de6a49b5c309c808
SHA256

b4e429c4347383c3a1328ffbd0ffb97230f40b98c5847a3d7eeb638bd73b1af3
SHA512

c6f89bad3643e9b4016f983ac95343b43ae3edd11a60e791c767a93d6e87718dd38c5989d1dc993e30c95d9799c3e63b38cfaa731e961de1fb4dba5e8bc4340b
SSDEEP

768:Yb9oAwmFOP043FKT1WDFL1gdnzK/dBro/obTeX+czshcPDPECVPUDBmNbxLvKH7w:YZrOM+gcDsnLAvQwhgrsD1Nu7u1wDH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dot3cfg.dll

Files

dot3cfg.dll
.dll windows:6 windows x64 arch:x64

b592fa931e3a0e7815a0d0c8ee8b1132

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dot3cfg.pdb

Imports

msvcrt

_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
__C_specific_handler
memset
_initterm
_amsg_exit
_XcptFilter
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
toupper
__CxxFrameHandler3
_callnewh
_vsnwprintf
wcsstr
malloc
free
wcscpy_s
_wtoi
_wcsicmp

ntdll

NtOpenFile
EtwTraceMessage
RtlLookupFunctionEntry
RtlNtStatusToDosError
RtlCaptureContext
RtlVirtualUnwind

kernel32

GetSystemWindowsDirectoryW
lstrcmpW
SetLastError
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
DeviceIoControl
FreeLibrary
DisableThreadLibraryCalls
HeapFree
GetProcessHeap
GetFileAttributesW
HeapAlloc
CreateProcessW
WaitForSingleObject
FormatMessageW
GetExitCodeProcess
GetLastError
CloseHandle
LocalFree
CreateDirectoryW
ExpandEnvironmentStringsW
Sleep
QueryPerformanceCounter

netsh.exe

RegisterHelper
PrintMessageFromModule
MatchEnumTag
MatchTagsInCmdLine
PrintError
PrintMessage
RegisterContext

user32

LoadStringW

rpcrt4

RpcStringFreeW
UuidToStringW

ole32

CoInitializeEx
CoUninitialize
CLSIDFromString
CoCreateInstance

oleaut32

VariantChangeType
SysStringLen
SysFreeString
VariantClear
SysAllocString

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW

iphlpapi

GetAdaptersAddresses

dot3api

Dot3QueryAutoConfigParameter
Dot3SetProfileEapXmlUserData
Dot3OpenHandle
Dot3SetAutoConfigParameter
Dot3GetProfileEapUserDataInfo
Dot3ReasonCodeToString
Dot3FreeMemory
Dot3SetProfile
Dot3SetInterface
Dot3EnumInterfaces
Dot3GetCurrentProfile
Dot3GetInterfaceState
Dot3ReConnect
Dot3DeleteProfile
Dot3CloseHandle

onex

OneXDeInitialize
OneXInitialize
OneXFreeMemory
OneXCreateDefaultProfile

eappcfg

EapHostPeerConfigBlob2Xml
EapHostPeerConfigXml2Blob
EapHostPeerFreeErrorMemory
EapHostPeerFreeMemory
EapHostPeerGetMethods

Exports

Exports

GetResourceString
InitHelperDll

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b592fa931e3a0e7815a0d0c8ee8b1132

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

netsh.exe

user32

rpcrt4

ole32

oleaut32

advapi32

iphlpapi

dot3api

onex

eappcfg

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 58KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 180B

.text
Size: 58KB - Virtual size: 58KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 180B