dot3msm[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dot3msm.dll
Size

101KB
MD5

067a4bb25fd48a9e026ac0f35530ab69
SHA1

b5a1772502305b51ff86ac6c1a9d2f114dcbd9ca
SHA256

b112f985fbe8dae0bc5c8b904b2195119df8b0f9108c7dec793ecdcda7374e54
SHA512

4402735b025b392afbbf6010615981c073179d42bcbb5a4d9af317ce2918dd1f1223838ee6f4f80042b9c2bc31082795bf9aa0eb058a23dfefcf69404b3861a0
SSDEEP

1536:0rbcqkKFoiWYU/aNhPR+mTksZuv6MwLPr5BZShTxNd:0rBHodub2sYdwH5BZA9/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dot3msm.dll

Files

dot3msm.dll
.dll windows:6 windows x64 arch:x64

e4e8d725540c794925fb7752c8feb618

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dot3msm.pdb

Imports

msvcrt

towupper
_snwprintf_s
memmove
memcpy
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
wcscpy_s
memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwEventEnabled
EtwEventUnregister
EtwEventRegister
EtwUnregisterTraceGuids
RtlNtStatusToDosError
RtlInitUnicodeString
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwEventWrite
NtOpenFile
EtwTraceMessage

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FreeLibrary
GetModuleHandleExW

authz

AuthziFreeAuditEventType
AuthziInitializeAuditEvent
AuthziInitializeAuditParams
AuthzFreeAuditEvent
AuthziLogAuditEvent
AuthziInitializeAuditEventType

kernel32

GetTickCount64
HeapFree
HeapAlloc
GetProcessHeap
ChangeTimerQueueTimer
SetLastError
ResolveDelayLoadedAPI
DelayLoadFailureHook
CreateTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
ReadFile
WriteFile
BindIoCompletionCallback
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DuplicateHandle
CreateFileA
DeleteTimerQueueTimer
GetCurrentProcess
Sleep
CreateEventW
CloseHandle
WaitForSingleObject
SetEvent
QueueUserWorkItem
GetLastError
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTickCount
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DeviceIoControl

Exports

Exports

DllMain
Dot3MsmConnect
Dot3MsmCreateDefaultProfile
Dot3MsmDeInit
Dot3MsmDeInitAdapter
Dot3MsmDisconnect
Dot3MsmFreeMemory
Dot3MsmFreeProfile
Dot3MsmIndicateSessionChange
Dot3MsmInit
Dot3MsmInitAdapter
Dot3MsmQueryMediaState
Dot3MsmQueryPendingUIRequest
Dot3MsmQueryState
Dot3MsmReAuthenticate
Dot3MsmSetRuntimeState
Dot3MsmUIResponse
Dot3MsmValidateProfile
Dot3ReasonCodeMsmToString
Dot3SetPortAuthenticationState

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4e8d725540c794925fb7752c8feb618

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-2-0

authz

kernel32

Exports

Exports

Sections

.text Size: 91KB - Virtual size: 91KB

.data Size: 512B - Virtual size: 5KB

.pdata Size: 3KB - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 264B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 192B

.text
Size: 91KB - Virtual size: 91KB

.data
Size: 512B - Virtual size: 5KB

.pdata
Size: 3KB - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 264B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 192B