mongocrypt[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

mongocrypt.dll
Size

368KB
MD5

d78e218406cfb2d2a6d1e0837e511a85
SHA1

2c76cc49b341680ce91056a5182e5912d5e638eb
SHA256

862fbeb351b39478ac91338834880e90031f5ca440c7ef13704733794d77be1f
SHA512

3b8660db647ccfebd2a9eb021d7c040c113d44e4504db53e88f99fb67865a6d793cbbe356c6016e675d261176b5465bf55fcb47dfb292edc928d5981a1aed9cf
SSDEEP

6144:j0z06vZ3msxQqx9Ys8yfMhvpeHP9VC48ueMnSxIhxbZBfIkJ93:56BRE7u9flBtJB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mongocrypt.dll

Files

mongocrypt.dll
.dll windows:6 windows x64 arch:x64

e01fe10f050d8b79fbe457b2183c7d7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\data\mci\f68b5ec0b35256d4bc19ab464a7208cf\libmongocrypt\cmake-build\RelWithDebInfo\mongocrypt.pdb

Imports

bcrypt

BCryptGetProperty
BCryptSignHash
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptImportKey
BCryptDecrypt
BCryptEncrypt
BCryptSetProperty
BCryptOpenAlgorithmProvider

ws2_32

gethostname

crypt32

CryptDecodeObjectEx

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentProcessId
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcess
GetModuleHandleW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitOnceExecuteOnce

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memmove
memcpy
memcmp
memset
strstr
strchr

api-ms-win-crt-stdio-l1-1-0

_sopen_s
__stdio_common_vfprintf
_read
_close
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vsnprintf_s
__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_register_onexit_function
_execute_onexit_table
_initialize_narrow_environment
_cexit
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_crt_at_quick_exit
terminate
_errno
strerror_s
abort

api-ms-win-crt-string-l1-1-0

strncpy_s
isspace
tolower
isalnum
isdigit
isupper
isalpha
isxdigit
strspn
strncmp
_stricmp
_strdup
_strnicmp
strncpy
strcmp

api-ms-win-crt-heap-l1-1-0

realloc
calloc
free
malloc

api-ms-win-crt-time-l1-1-0

strftime
_gmtime64_s
_time64

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
strtod

api-ms-win-crt-utility-l1-1-0

rand
srand

Exports

Exports

mongocrypt_binary_data
mongocrypt_binary_destroy
mongocrypt_binary_len
mongocrypt_binary_new
mongocrypt_binary_new_from_data
mongocrypt_ctx_datakey_init
mongocrypt_ctx_decrypt_init
mongocrypt_ctx_destroy
mongocrypt_ctx_encrypt_init
mongocrypt_ctx_explicit_decrypt_init
mongocrypt_ctx_explicit_encrypt_init
mongocrypt_ctx_finalize
mongocrypt_ctx_kms_done
mongocrypt_ctx_mongo_done
mongocrypt_ctx_mongo_feed
mongocrypt_ctx_mongo_op
mongocrypt_ctx_new
mongocrypt_ctx_next_kms_ctx
mongocrypt_ctx_setopt_algorithm
mongocrypt_ctx_setopt_key_alt_name
mongocrypt_ctx_setopt_key_encryption_key
mongocrypt_ctx_setopt_key_id
mongocrypt_ctx_setopt_masterkey_aws
mongocrypt_ctx_setopt_masterkey_aws_endpoint
mongocrypt_ctx_setopt_masterkey_local
mongocrypt_ctx_state
mongocrypt_ctx_status
mongocrypt_destroy
mongocrypt_init
mongocrypt_kms_ctx_bytes_needed
mongocrypt_kms_ctx_endpoint
mongocrypt_kms_ctx_feed
mongocrypt_kms_ctx_message
mongocrypt_kms_ctx_status
mongocrypt_new
mongocrypt_setopt_crypto_hook_sign_rsaes_pkcs1_v1_5
mongocrypt_setopt_crypto_hooks
mongocrypt_setopt_kms_provider_aws
mongocrypt_setopt_kms_provider_local
mongocrypt_setopt_kms_providers
mongocrypt_setopt_log_handler
mongocrypt_setopt_schema_map
mongocrypt_status
mongocrypt_status_code
mongocrypt_status_destroy
mongocrypt_status_message
mongocrypt_status_new
mongocrypt_status_ok
mongocrypt_status_set
mongocrypt_status_type
mongocrypt_version

Sections

.text
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e01fe10f050d8b79fbe457b2183c7d7a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcrypt

ws2_32

crypt32

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 250KB - Virtual size: 250KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 15KB - Virtual size: 48KB

.pdata Size: 13KB - Virtual size: 12KB

.idata Size: 6KB - Virtual size: 6KB

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 250KB - Virtual size: 250KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 15KB - Virtual size: 48KB

.pdata
Size: 13KB - Virtual size: 12KB

.idata
Size: 6KB - Virtual size: 6KB

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB