cryptbase[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

cryptbase.dll
Size

640KB
MD5

1181997ebbf37e3e7913d8cc80625159
SHA1

01e0a5232d9d7d94f43856d97b33e98ec2484aa3
SHA256

f02daf8647810f0fb03854b5e4621d9cb1bc2b844e15604b8b3a8d15973a1a41
SHA512

16b310953136c3ec36cffa6f339006f541b5b16d8bdb4f1400ca10723dfd7c22fde8f151e4fd93ea13ecc7cce3dc57955a4be84cef8f45e713809e4a3bfd7dee
SSDEEP

12288:dUCwrrgP2TImoHFZSgQ87v9/SqACmluTfpOSeLvzTJNcOW:2Jrg+TImWFHQ856lCtwbLvzrv

Score

1^/10

Malware Config

Signatures

Files

cryptbase.dll
.dll windows x64

4db0555c33b82c8c1fbf0af834d81337

Code Sign

33:00:00:02:5d:74:2a:12:5a:15:1b:70:74:00:00:00:00:02:5d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

31/01/2020, 19:26

Not After

22/01/2021, 19:26

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:92:bb:dd:44:5b:39:cd:83:4e:d9:fa:c1:b6:5a:75:31:28:68:7c:e5:30:43:47:0a:cf:c2:12:81:c8:c1:5b
Signer

Actual PE Digest

ea:92:bb:dd:44:5b:39:cd:83:4e:d9:fa:c1:b6:5a:75:31:28:68:7c:e5:30:43:47:0a:cf:c2:12:81:c8:c1:5b

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapAlloc
GetProcessHeap
DisableThreadLibraryCalls
GetModuleFileNameW
HeapFree
RtlCompareMemory
GetCurrentThreadId
GetLastError
WriteConsoleW
CreateFileW
HeapReAlloc
HeapSize
SetStdHandle
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
ExitProcess
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
FlushFileBuffers
WriteFile
GetConsoleOutputCP
SetFilePointerEx
GetStringTypeW

Exports

Exports

SystemFunction001
SystemFunction002
SystemFunction003
SystemFunction004
SystemFunction005
SystemFunction028
SystemFunction029
SystemFunction034
SystemFunction036
SystemFunction040
SystemFunction041

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 445KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4db0555c33b82c8c1fbf0af834d81337

Code Sign

33:00:00:02:5d:74:2a:12:5a:15:1b:70:74:00:00:00:00:02:5dCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

ea:92:bb:dd:44:5b:39:cd:83:4e:d9:fa:c1:b6:5a:75:31:28:68:7c:e5:30:43:47:0a:cf:c2:12:81:c8:c1:5bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 103KB - Virtual size: 103KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 445KB - Virtual size: 450KB

.pdata Size: 6KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.rdata2 Size: 1024B - Virtual size: 4KB

33:00:00:02:5d:74:2a:12:5a:15:1b:70:74:00:00:00:00:02:5d
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

ea:92:bb:dd:44:5b:39:cd:83:4e:d9:fa:c1:b6:5a:75:31:28:68:7c:e5:30:43:47:0a:cf:c2:12:81:c8:c1:5b
Signer

.text
Size: 103KB - Virtual size: 103KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 445KB - Virtual size: 450KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.rdata2
Size: 1024B - Virtual size: 4KB