cryptbase[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

cryptbase.dll
Size

35KB
MD5

a979a92828b8d7b9f99ce17f8cb03e18
SHA1

edd03ca986ccfc58315df8d4e8a2182a9f79e5dc
SHA256

72ac046fff8b969e29067370f3b21afa0d0b8e4e987aef605f2665329255a157
SHA512

5ed9a32036ccff0e1436f45a16898d702c8f11004765d3d36974667a86d3de0a2005f58680dfa11d2b5d07ac0dd0f61ae8f743e0017b9e3a247b6050b152a3ce
SSDEEP

768:rMqWNU+KERpWbSDHCHFAHHbOk3mczPoatgVcIOxWAw:rMqqU+ZS2bZsauVcIOE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cryptbase.dll

Files

cryptbase.dll
.dll windows:6 windows x86 arch:x86

d2e9fbe1281894943d404810f65e96db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cryptbase.pdb

Imports

ntdll

RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlAllocateHeap
RtlCopyUnicodeString
NtQueryInformationToken
NtOpenThreadToken
memset
NtDeviceIoControlFile
RtlCompareMemory
NtWaitForSingleObject
NtFsControlFile
RtlFreeHeap
NtOpenFile
RtlInitUnicodeString
RtlAppendUnicodeStringToString
NtClose
RtlInitAnsiString
RtlInitializeCriticalSection
memcpy

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-interlocked-l1-1-0

InterlockedCompareExchange
InterlockedIncrement

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-libraryloader-l1-1-0

LoadLibraryExA
FreeLibrary
GetProcAddress

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

SystemFunction001
SystemFunction002
SystemFunction003
SystemFunction004
SystemFunction005
SystemFunction028
SystemFunction029
SystemFunction034
SystemFunction036
SystemFunction040
SystemFunction041

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2e9fbe1281894943d404810f65e96db

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 30KB

.data Size: 1024B - Virtual size: 944B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 1024B - Virtual size: 944B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB