cryptext[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

cryptext.dll
Size

59KB
MD5

1199b17ef43de8d783ff54e77e843683
SHA1

cef3db00cf1d68d9ecca17cd97d716cdd586496a
SHA256

a65ee4474126531d356c56e6ee30b03abf9c77f4add52384953800c29c58e5ec
SHA512

97dbc74987fff557637abdb38eb0a05626221c125e94f67e41b3853b143b67f183aa1957ffa81b66387566a917209e4ffb0d6d8f387f73259173b0ddb777332b
SSDEEP

768:VRIp2kSHa+YvaY6NO2IFdQ8zKgK8CWXC/R5kP:VRIQHa+yaY6NOtzzxK8CWXC/rkP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cryptext.dll

Files

cryptext.dll
.dll regsvr32 windows:10 windows x86 arch:x86

ad030230589719e166dba9d25ed15ac4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cryptext.pdb

Imports

msvcrt

memcpy
_except_handler4_common
_amsg_exit
_XcptFilter
_callnewh
malloc
free
realloc
_wtol
_wcsicmp
_vsnwprintf
_initterm
memset

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA
LoadResource
SizeofResource
LoadStringW
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW
GetProcAddress

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW
LoadLibraryA

api-ms-win-core-file-l1-1-0

GetFileSize
CreateFileW
GetFileAttributesW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteKeyExW
RegDeleteValueW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

HeapDestroy

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
Sleep
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

CreateFileMappingA

api-ms-win-core-string-obsolete-l1-1-0

lstrcpyW
lstrcpynW
lstrcmpiW

cryptui

CryptUIFreeViewSignaturesPagesW
CryptUIWizImport
CryptUIGetViewSignaturesPagesW
CryptUIWizImportInternal
CryptUIDlgViewCRLW
CryptUIDlgViewCertificateW
CryptUIDlgViewCTLA

user32

MessageBoxW
GetActiveWindow
SetMenuItemInfoW
SetMenuDefaultItem
InsertMenuW
GetMenuDefaultItem

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CryptExtAddCER
CryptExtAddCERMachineOnlyAndHwndW
CryptExtAddCERW
CryptExtAddCRL
CryptExtAddCRLW
CryptExtAddCTL
CryptExtAddCTLW
CryptExtAddP7R
CryptExtAddP7RW
CryptExtAddPFX
CryptExtAddPFXMachineOnlyAndHwndW
CryptExtAddPFXW
CryptExtAddSPC
CryptExtAddSPCW
CryptExtOpenCAT
CryptExtOpenCATW
CryptExtOpenCER
CryptExtOpenCERW
CryptExtOpenCRL
CryptExtOpenCRLW
CryptExtOpenCTL
CryptExtOpenCTLW
CryptExtOpenP7R
CryptExtOpenP7RW
CryptExtOpenPFX
CryptExtOpenPFXW
CryptExtOpenPKCS7
CryptExtOpenPKCS7W
CryptExtOpenSTR
CryptExtOpenSTRW
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
I_InvokeCommand

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad030230589719e166dba9d25ed15ac4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

cryptui

user32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 42KB

.data Size: 2KB - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 124B

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 43KB - Virtual size: 42KB

.data
Size: 2KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 124B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 3KB - Virtual size: 2KB