crypt32.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
crypt32.dll
Resource
win7-20240508-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
crypt32.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
crypt32.dll
-
Size
1.1MB
-
MD5
b612aed51f8678a8a089f8b2160918d9
-
SHA1
606806b8591e0bd3b66f8ce16bb375fb0763eb7c
-
SHA256
08849acbaf6c13f7d08f4b286ecc4ca3b6f589d0c69706806ccf0f8073705435
-
SHA512
fea574750d2e5e4811a5978d33c025822e0b9e80a3e471aac40dfb78618a13393f733880e88d8362e4681af848db09334df72f57334f89505c01d443b5c5b093
-
SSDEEP
24576:sABO6qLD8ae7ZgHoHXCdMm5MdZf/xYa6JALytv:byLgVrHyKm5MdhOJAU
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource crypt32.dll
Files
-
crypt32.dll.dll windows:6 windows x86 arch:x86
6059384b975a630acfad9e5de35629f6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
iswalpha
_vsnwprintf
memset
_vsnprintf
wcscpy_s
memcpy
strncmp
isupper
isdigit
isxdigit
bsearch
qsort
_ltoa
strtoul
_ltow
memmove
atol
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
qsort_s
iswalnum
iswspace
toupper
_ultow
_ultoa
_wcsicmp
wcsrchr
_itow
wcschr
wcsstr
wcstoul
api-ms-win-core-localregistry-l1-1-0
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegSetValueExW
RegDeleteValueW
RegSetKeySecurity
RegGetKeySecurity
RegLoadMUIStringW
RegEnumKeyExA
RegSetValueExA
RegNotifyChangeKeyValue
RegDeleteKeyExW
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExW
RegQueryInfoKeyW
RegCreateKeyExW
api-ms-win-core-processthreads-l1-1-0
OpenThreadToken
GetCurrentThread
GetCurrentProcess
OpenProcessToken
ExitThread
CreateThread
GetCurrentThreadId
TlsFree
TlsAlloc
TerminateProcess
GetCurrentProcessId
TlsGetValue
TlsSetValue
SetThreadToken
api-ms-win-security-base-l1-1-0
GetLengthSid
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RevertToSelf
ImpersonateSelf
GetSecurityDescriptorSacl
EqualSid
GetAce
GetSecurityDescriptorDacl
MakeSelfRelativeSD
SetSecurityDescriptorDacl
MakeAbsoluteSD
AddAccessAllowedAce
InitializeAcl
AdjustTokenPrivileges
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
GetFileSecurityW
SetFileSecurityW
CopySid
ntdll
ShipAssert
NtQueryObject
RtlPrefixUnicodeString
RtlInitUnicodeString
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
RtlFreeUnicodeString
RtlCreateUnicodeStringFromAsciiz
EtwEventUnregister
EvtIntReportEventAndSourceAsync
EtwEventRegister
EtwEventWriteFull
NtQueryInformationFile
RtlNtStatusToDosError
RtlFreeHeap
RtlFreeSid
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlAllocateAndInitializeSid
NtCreateKey
NtCreateKeyTransacted
RtlOpenCurrentUser
NtOpenKey
NtOpenKeyTransacted
RtlAppendUnicodeToString
RtlCopyUnicodeString
RtlFormatCurrentUserKeyPath
RtlAllocateHeap
RtlImageNtHeader
kernelbase
CompareStringA
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
msasn1
ASN1BERDecGeneralizedTime
ASN1BEREncBool
ASN1BERDecBool
ASN1BERDecZeroCharString
ASN1ztcharstring_free
ASN1BEREncNull
ASN1BERDecNull
ASN1BERDecU16Val
ASN1BEREncRemoveZeroBits
ASN1BERDecBitString
ASN1bitstring_free
ASN1BEREncObjectIdentifier2
ASN1BERDecObjectIdentifier2
ASN1BERDecOctetString
ASN1octetstring_free
ASN1BERDecOpenType
ASN1open_free
ASN1objectidentifier2_cmp
ASN1_Encode
ASN1_Decode
ASN1_SetEncoderOption
ASN1DEREncEndBlk
ASN1BERDecOpenType2
ASN1BEREncOpenType
ASN1utf8string_free
ASN1charstring_free
ASN1char32string_free
ASN1char16string_free
ASN1BERDecMultibyteString
ASN1BERDecCharString
ASN1BERDecUTF8String
ASN1DecSetError
ASN1BERDecChar16String
ASN1BERDecChar32String
ASN1DEREncUTF8String
ASN1DEREncGeneralizedTime
ASN1DEREncMultibyteString
ASN1DEREncChar32String
ASN1DEREncChar16String
ASN1EncSetError
ASN1BERDecExplicitTag
ASN1BERDecNotEndOfContents
ASN1BERDecPeekTag
ASN1DecRealloc
ASN1BERDecEndOfContents
ASN1BEREncExplicitTag
ASN1BEREncEndOfContents
ASN1BERDecUTCTime
ASN1DEREncUTCTime
ASN1BERDecU32Val
ASN1BEREncU32
ASN1BERDecOctetString2
ASN1DEREncOctetString
ASN1intx_free
ASN1BERDecSXVal
ASN1BEREncSX
ASN1BERDecS32Val
ASN1BEREncS32
ASN1BERDecBitString2
ASN1DEREncBitString
ASN1BEREoid_free
ASN1BERDecEoid
ASN1BEREncEoid
ASN1_CloseModule
ASN1_CreateModule
ASN1BERDotVal2Eoid
ASN1Free
ASN1_CreateDecoder
ASN1_CreateEncoder
ASN1_CloseEncoder
ASN1_CloseDecoder
ASN1_FreeDecoded
ASN1_FreeEncoded
ASN1DEREncBeginBlk
ASN1DEREncNewBlkElement
ASN1DEREncCharString
ASN1DEREncFlushBlkElement
ASN1BEREoid2DotVal
kernel32
lstrlenA
lstrcmpA
InitializeCriticalSection
GetTempFileNameW
GetTempPathW
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceA
QueryFullProcessImageNameW
QueryPerformanceCounter
QueryPerformanceFrequency
GetCommandLineA
IdnToUnicode
IdnToAscii
CreateDirectoryW
GetFileAttributesW
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
LocalSize
GetModuleHandleW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetVersion
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RegKrnGetGlobalState
GetDateFormatA
GetTimeFormatA
GetLocalTime
UnmapViewOfFile
GetTempPathA
GetTempFileNameA
CreateFileA
CreateFileMappingA
MapViewOfFile
FormatMessageW
GetUserDefaultLCID
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
lstrlenW
ExpandEnvironmentStringsW
InterlockedExchange
GetModuleFileNameW
LoadLibraryExW
FindFirstFileW
FindClose
Sleep
IsWow64Process
GetWindowsDirectoryW
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
RegisterWaitForSingleObject
FreeLibraryAndExitThread
WaitForMultipleObjectsEx
FindNextFileW
GetVersionExA
GetComputerNameW
SetFileAttributesW
DeleteFileW
GetSystemTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetFileAttributesExW
GetFileSize
SetEndOfFile
WaitForSingleObject
WaitForSingleObjectEx
DuplicateHandle
CompareStringW
CreateEventA
CompareFileTime
InterlockedDecrement
SetEvent
SetFilePointer
ReadFile
WriteFile
InterlockedIncrement
OutputDebugStringA
GetACP
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
LoadLibraryExA
InterlockedCompareExchange
DelayLoadFailureHook
LoadLibraryA
GetLastError
GetProcAddress
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeLibrary
GetEnvironmentVariableA
LocalFree
UnregisterWaitEx
EnterCriticalSection
LocalAlloc
LocalReAlloc
SetLastError
RegisterWaitForSingleObjectEx
LeaveCriticalSection
Exports
Exports
CertAddCRLContextToStore
CertAddCRLLinkToStore
CertAddCTLContextToStore
CertAddCTLLinkToStore
CertAddCertificateContextToStore
CertAddCertificateLinkToStore
CertAddEncodedCRLToStore
CertAddEncodedCTLToStore
CertAddEncodedCertificateToStore
CertAddEncodedCertificateToSystemStoreA
CertAddEncodedCertificateToSystemStoreW
CertAddEnhancedKeyUsageIdentifier
CertAddRefServerOcspResponse
CertAddRefServerOcspResponseContext
CertAddSerializedElementToStore
CertAddStoreToCollection
CertAlgIdToOID
CertCloseServerOcspResponse
CertCloseStore
CertCompareCertificate
CertCompareCertificateName
CertCompareIntegerBlob
CertComparePublicKeyInfo
CertControlStore
CertCreateCRLContext
CertCreateCTLContext
CertCreateCTLEntryFromCertificateContextProperties
CertCreateCertificateChainEngine
CertCreateCertificateContext
CertCreateContext
CertCreateSelfSignCertificate
CertDeleteCRLFromStore
CertDeleteCTLFromStore
CertDeleteCertificateFromStore
CertDuplicateCRLContext
CertDuplicateCTLContext
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertDuplicateStore
CertEnumCRLContextProperties
CertEnumCRLsInStore
CertEnumCTLContextProperties
CertEnumCTLsInStore
CertEnumCertificateContextProperties
CertEnumCertificatesInStore
CertEnumPhysicalStore
CertEnumSubjectInSortedCTL
CertEnumSystemStore
CertEnumSystemStoreLocation
CertFindAttribute
CertFindCRLInStore
CertFindCTLInStore
CertFindCertificateInCRL
CertFindCertificateInStore
CertFindChainInStore
CertFindExtension
CertFindRDNAttr
CertFindSubjectInCTL
CertFindSubjectInSortedCTL
CertFreeCRLContext
CertFreeCTLContext
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateChainList
CertFreeCertificateContext
CertFreeServerOcspResponseContext
CertGetCRLContextProperty
CertGetCRLFromStore
CertGetCTLContextProperty
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertGetIssuerCertificateFromStore
CertGetNameStringA
CertGetNameStringW
CertGetPublicKeyLength
CertGetServerOcspResponseContext
CertGetStoreProperty
CertGetSubjectCertificateFromStore
CertGetValidUsages
CertIsRDNAttrsInCertificateName
CertIsStrongHashToSign
CertIsValidCRLForCertificate
CertNameToStrA
CertNameToStrW
CertOIDToAlgId
CertOpenServerOcspResponse
CertOpenStore
CertOpenSystemStoreA
CertOpenSystemStoreW
CertRDNValueToStrA
CertRDNValueToStrW
CertRegisterPhysicalStore
CertRegisterSystemStore
CertRemoveEnhancedKeyUsageIdentifier
CertRemoveStoreFromCollection
CertResyncCertificateChainEngine
CertRetrieveLogoOrBiometricInfo
CertSaveStore
CertSelectCertificateChains
CertSerializeCRLStoreElement
CertSerializeCTLStoreElement
CertSerializeCertificateStoreElement
CertSetCRLContextProperty
CertSetCTLContextProperty
CertSetCertificateContextPropertiesFromCTLEntry
CertSetCertificateContextProperty
CertSetEnhancedKeyUsage
CertSetStoreProperty
CertStrToNameA
CertStrToNameW
CertUnregisterPhysicalStore
CertUnregisterSystemStore
CertVerifyCRLRevocation
CertVerifyCRLTimeValidity
CertVerifyCTLUsage
CertVerifyCertificateChainPolicy
CertVerifyRevocation
CertVerifySubjectCertificateContext
CertVerifyTimeValidity
CertVerifyValidityNesting
CreateFileU
CryptAcquireCertificatePrivateKey
CryptAcquireContextU
CryptBinaryToStringA
CryptBinaryToStringW
CryptCloseAsyncHandle
CryptCreateAsyncHandle
CryptCreateKeyIdentifierFromCSP
CryptDecodeMessage
CryptDecodeObject
CryptDecodeObjectEx
CryptDecryptAndVerifyMessageSignature
CryptDecryptMessage
CryptEncodeObject
CryptEncodeObjectEx
CryptEncryptMessage
CryptEnumKeyIdentifierProperties
CryptEnumOIDFunction
CryptEnumOIDInfo
CryptEnumProvidersU
CryptExportPKCS8
CryptExportPublicKeyInfo
CryptExportPublicKeyInfoEx
CryptExportPublicKeyInfoFromBCryptKeyHandle
CryptFindCertificateKeyProvInfo
CryptFindLocalizedName
CryptFindOIDInfo
CryptFormatObject
CryptFreeOIDFunctionAddress
CryptGetAsyncParam
CryptGetDefaultOIDDllList
CryptGetDefaultOIDFunctionAddress
CryptGetKeyIdentifierProperty
CryptGetMessageCertificates
CryptGetMessageSignerCount
CryptGetOIDFunctionAddress
CryptGetOIDFunctionValue
CryptHashCertificate
CryptHashCertificate2
CryptHashMessage
CryptHashPublicKeyInfo
CryptHashToBeSigned
CryptImportPKCS8
CryptImportPublicKeyInfo
CryptImportPublicKeyInfoEx
CryptImportPublicKeyInfoEx2
CryptInitOIDFunctionSet
CryptInstallDefaultContext
CryptInstallOIDFunctionAddress
CryptLoadSip
CryptMemAlloc
CryptMemFree
CryptMemRealloc
CryptMsgCalculateEncodedLength
CryptMsgClose
CryptMsgControl
CryptMsgCountersign
CryptMsgCountersignEncoded
CryptMsgDuplicate
CryptMsgEncodeAndSignCTL
CryptMsgGetAndVerifySigner
CryptMsgGetParam
CryptMsgOpenToDecode
CryptMsgOpenToEncode
CryptMsgSignCTL
CryptMsgUpdate
CryptMsgVerifyCountersignatureEncoded
CryptMsgVerifyCountersignatureEncodedEx
CryptProtectData
CryptProtectMemory
CryptQueryObject
CryptRegisterDefaultOIDFunction
CryptRegisterOIDFunction
CryptRegisterOIDInfo
CryptRetrieveTimeStamp
CryptSIPAddProvider
CryptSIPCreateIndirectData
CryptSIPGetCaps
CryptSIPGetSignedDataMsg
CryptSIPLoad
CryptSIPPutSignedDataMsg
CryptSIPRemoveProvider
CryptSIPRemoveSignedDataMsg
CryptSIPRetrieveSubjectGuid
CryptSIPRetrieveSubjectGuidForCatalogFile
CryptSIPVerifyIndirectData
CryptSetAsyncParam
CryptSetKeyIdentifierProperty
CryptSetOIDFunctionValue
CryptSetProviderU
CryptSignAndEncodeCertificate
CryptSignAndEncryptMessage
CryptSignCertificate
CryptSignHashU
CryptSignMessage
CryptSignMessageWithKey
CryptStringToBinaryA
CryptStringToBinaryW
CryptUninstallDefaultContext
CryptUnprotectData
CryptUnprotectMemory
CryptUnregisterDefaultOIDFunction
CryptUnregisterOIDFunction
CryptUnregisterOIDInfo
CryptUpdateProtectedState
CryptVerifyCertificateSignature
CryptVerifyCertificateSignatureEx
CryptVerifyDetachedMessageHash
CryptVerifyDetachedMessageSignature
CryptVerifyMessageHash
CryptVerifyMessageSignature
CryptVerifyMessageSignatureWithKey
CryptVerifySignatureU
CryptVerifyTimeStampSignature
I_CertDiagControl
I_CertProtectFunction
I_CertSrvProtectFunction
I_CertSyncStore
I_CertUpdateStore
I_CryptAddRefLruEntry
I_CryptAddSmartCardCertToStore
I_CryptAllocTls
I_CryptCreateLruCache
I_CryptCreateLruEntry
I_CryptDetachTls
I_CryptDisableLruOfEntries
I_CryptEnableLruOfEntries
I_CryptEnumMatchingLruEntries
I_CryptFindLruEntry
I_CryptFindLruEntryData
I_CryptFindSmartCardCertInStore
I_CryptFlushLruCache
I_CryptFreeLruCache
I_CryptFreeTls
I_CryptGetAsn1Decoder
I_CryptGetAsn1Encoder
I_CryptGetDefaultCryptProv
I_CryptGetDefaultCryptProvForEncrypt
I_CryptGetFileVersion
I_CryptGetLruEntryData
I_CryptGetLruEntryIdentifier
I_CryptGetOssGlobal
I_CryptGetTls
I_CryptInsertLruEntry
I_CryptInstallAsn1Module
I_CryptInstallOssGlobal
I_CryptReadTrustedPublisherDWORDValueFromRegistry
I_CryptRegisterSmartCardStore
I_CryptReleaseLruEntry
I_CryptRemoveLruEntry
I_CryptSetTls
I_CryptTouchLruEntry
I_CryptUninstallAsn1Module
I_CryptUninstallOssGlobal
I_CryptUnregisterSmartCardStore
I_CryptWalkAllLruCacheEntries
PFXExportCertStore
PFXExportCertStore2
PFXExportCertStoreEx
PFXImportCertStore
PFXIsPFXBlob
PFXVerifyPassword
RegCreateHKCUKeyExU
RegCreateKeyExU
RegDeleteValueU
RegEnumValueU
RegOpenHKCUKeyExU
RegOpenKeyExU
RegQueryInfoKeyU
RegQueryValueExU
RegSetValueExU
Sections
.text Size: 737KB - Virtual size: 736KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 380KB - Virtual size: 379KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ