CryptoWinRT[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

CryptoWinRT.dll
Size

272KB
MD5

31d3f3de5b2005a5578b0de56c6a5b74
SHA1

5ab0435cb962934453b353f4f58a69c136692d04
SHA256

6d4ae4553f14850805ca42a4fecfd4843573dfc24d56e9b31d12d733419dff9f
SHA512

0217e71326ec7f61ec1b481e6244d1e3c224acf203ad0cb8a2a10c5b55f5a33caffc0e0f059b451188ed93ce05c192e2af444c3c9ce891e56ece1d07a57b6c57
SSDEEP

3072:wSznyuUncGojkdSoVzIlg3/DkBPsRFyQHowZ6kh+4t8zHYuVoie8adPeBY:LHUncGFIe/DkBP4cwg6LYNmyY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CryptoWinRT.dll

Files

CryptoWinRT.dll
.dll windows:10 windows x86 arch:x86

2412206a6b0871cc4cad583729ce7adb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CryptoWinRT.pdb

Imports

msvcrt

_amsg_exit
memcmp
memcpy
_initterm
??1type_info@@UAE@XZ
_except_handler4_common
_XcptFilter
free
_callnewh
_lock
malloc
_purecall
realloc
toupper
__CxxFrameHandler3
_unlock
__dllonexit
_onexit
memmove
memset

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleFileNameW
FreeLibrary
GetModuleHandleExW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation
EventActivityIdControl
EventProviderEnabled

rpcrt4

CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
CStdStubBuffer_Disconnect
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
NdrStubCall2
CStdStubBuffer_QueryInterface
NdrStubForwardingFunction
CStdStubBuffer_Invoke
CStdStubBuffer_DebugServerRelease
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrOleAllocate
NdrDllGetClassObject
CStdStubBuffer_Connect
UuidCreate
NdrCStdStubBuffer2_Release
CStdStubBuffer_CountRefs

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserSize
WindowsCreateStringReference
WindowsDuplicateString
HSTRING_UserFree
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString
WindowsDeleteStringBuffer
HSTRING_UserUnmarshal
WindowsPromoteStringBuffer
HSTRING_UserMarshal
WindowsPreallocateStringBuffer

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient14
ObjectStublessClient11
CStdStubBuffer2_CountRefs
CStdStubBuffer2_Connect
ObjectStublessClient16
ObjectStublessClient22
ObjectStublessClient3
ObjectStublessClient12
ObjectStublessClient10
ObjectStublessClient15
ObjectStublessClient23
CStdStubBuffer2_Disconnect
ObjectStublessClient7
ObjectStublessClient13
ObjectStublessClient24
CStdStubBuffer2_QueryInterface
ObjectStublessClient19
ObjectStublessClient21
NdrProxyForwardingFunction3
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient18
ObjectStublessClient17
ObjectStublessClient20

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
SetThreadStackGuarantee
OpenProcessToken
OpenThreadToken
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetSystemInfo

api-ms-win-core-com-l1-1-0

CoGetApartmentType
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoCreateInstance
CoWaitForMultipleHandles
CoTaskMemFree

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateErrorW
GetRestrictedErrorInfo
RoOriginateError
RoTransformError

api-ms-win-core-synch-l1-1-0

SetEvent
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
CreateEventExW
WaitForSingleObject

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize

api-ms-win-core-handle-l1-1-0

CloseHandle

bcrypt

BCryptDecrypt
BCryptGetProperty
BCryptSignHash
BCryptEncrypt
BCryptImportKeyPair
BCryptFinalizeKeyPair
BCryptCreateHash
BCryptGenerateKeyPair
BCryptHash
BCryptOpenAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptKeyDerivation
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptDestroyKey
BCryptFinishHash
BCryptExportKey
BCryptGenRandom
BCryptVerifySignature

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-rtlsupport-l1-2-0

RtlCompareMemory

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-rtcore-ntuser-window-l1-1-0

GetDesktopWindow

ntdll

RtlImageNtHeader
RtlAllocateHeap
memmove_s
_vsnwprintf
RtlNtStatusToDosError
sprintf_s
memcpy_s
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
LdrDisableThreadCalloutsForDll
RtlFreeHeap
EtwGetTraceLoggerHandle
wcsncmp
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
EtwTraceMessage

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualQuery
VirtualProtect

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2412206a6b0871cc4cad583729ce7adb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-eventing-provider-l1-1-0

rpcrt4

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-handle-l1-1-0

bcrypt

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-winrt-robuffer-l1-1-0

api-ms-win-rtcore-ntuser-window-l1-1-0

ntdll

api-ms-win-core-memory-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 237KB - Virtual size: 237KB

.data Size: 512B - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 152B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 237KB - Virtual size: 237KB

.data
Size: 512B - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 152B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 23KB - Virtual size: 23KB