CryptoWinRT[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

CryptoWinRT.dll
Size

281KB
MD5

7a5508100b6c66e90aeba459015be29d
SHA1

09c73056ab785cb0bfa0d8560841d49a13918e43
SHA256

3402e5cba65a17cbcf70ce5863123da48eb981277cb784e890ae0a6201f38348
SHA512

8ae92e2128e98d84b1604a2ca8b9c12d4975c24d15a1f7d388d437a598ec3e7d136d286983a37a1e22bee31b6b65b656410cc564b05afb8cd0c8935b4c051b4a
SSDEEP

3072:E+JnDGijkdSowTq77QWjOtQpGIF9SEmb+8YIGx6GeXD/OCd6XHZl:7nDGiC8WjOkGQm46GCC1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CryptoWinRT.dll

Files

CryptoWinRT.dll
.dll windows:10 windows x86 arch:x86

344a2958dfe66e5a0f4d7164305c21b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CryptoWinRT.pdb

Imports

msvcrt

_onexit
memcpy
memcmp
_unlock
_lock
_except_handler4_common
??1type_info@@UAE@XZ
_initterm
_amsg_exit
_XcptFilter
free
malloc
_callnewh
__dllonexit
__CxxFrameHandler3
realloc
_purecall
memset

api-ms-win-core-errorhandling-l1-1-1

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-com-l1-1-1

CoWaitForMultipleHandles
CoCreateGuid
CoCreateInstance
CoGetApartmentType
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoTaskMemFree

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExW
GetModuleFileNameW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventActivityIdControl
EventRegister

rpcrt4

CStdStubBuffer_DebugServerQueryInterface
NdrStubCall2
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleFree
NdrStubForwardingFunction
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_Invoke
CStdStubBuffer_CountRefs
NdrCStdStubBuffer_Release
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
CStdStubBuffer_AddRef
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllGetClassObject

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserMarshal
WindowsIsStringEmpty
WindowsCreateString
HSTRING_UserUnmarshal
WindowsDuplicateString
WindowsDeleteString
HSTRING_UserSize
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsPreallocateStringBuffer
WindowsStringHasEmbeddedNull
WindowsPromoteStringBuffer
HSTRING_UserFree
WindowsDeleteStringBuffer

api-ms-win-core-com-midlproxystub-l1-1-0

CStdStubBuffer2_CountRefs
ObjectStublessClient11
ObjectStublessClient14
ObjectStublessClient22
ObjectStublessClient3
ObjectStublessClient18
ObjectStublessClient20
ObjectStublessClient15
ObjectStublessClient23
ObjectStublessClient12
ObjectStublessClient7
ObjectStublessClient13
ObjectStublessClient24
CStdStubBuffer2_QueryInterface
ObjectStublessClient19
CStdStubBuffer2_Connect
NdrProxyForwardingFunction3
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient21
ObjectStublessClient17
ObjectStublessClient10
ObjectStublessClient16
CStdStubBuffer2_Disconnect

api-ms-win-core-synch-l1-2-0

WaitForSingleObject
ReleaseSRWLockShared
InitializeSRWLock
InitOnceExecuteOnce
CreateEventExW
Sleep
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockShared

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
SetThreadStackGuarantee
GetCurrentThread
TerminateProcess
OpenProcessToken
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-1

GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoTransformError
RoGetMatchingRestrictedErrorInfo
RoOriginateError
RoReportFailedDelegate
IsErrorPropagationEnabled
RoOriginateErrorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-handle-l1-1-0

CloseHandle

bcrypt

BCryptSetProperty
BCryptDecrypt
BCryptHash
BCryptGenerateSymmetricKey
BCryptExportKey
BCryptKeyDerivation
BCryptDestroyKey
BCryptCreateHash
BCryptHashData
BCryptVerifySignature
BCryptDestroyHash
BCryptFinalizeKeyPair
BCryptGenerateKeyPair
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptGetProperty
BCryptSignHash
BCryptEncrypt
BCryptOpenAlgorithmProvider
BCryptGenRandom

api-ms-win-security-base-l1-2-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-rtlsupport-l1-2-0

RtlCompareMemory

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-rtcore-ntuser-window-l1-1-0

GetDesktopWindow

ntdll

RtlFreeHeap
RtlImageNtHeader
RtlAllocateHeap
memmove_s
_vsnwprintf
RtlNtStatusToDosError
sprintf_s
memcpy_s
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
LdrDisableThreadCalloutsForDll
EtwTraceMessage
EtwGetTraceLoggerHandle
wcsncmp
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW

api-ms-win-core-memory-l1-1-2

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

344a2958dfe66e5a0f4d7164305c21b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-eventing-provider-l1-1-0

rpcrt4

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-handle-l1-1-0

bcrypt

api-ms-win-security-base-l1-2-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-winrt-robuffer-l1-1-0

api-ms-win-rtcore-ntuser-window-l1-1-0

ntdll

api-ms-win-core-memory-l1-1-2

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 246KB - Virtual size: 245KB

.data Size: 512B - Virtual size: 2KB

.idata Size: 7KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 152B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 246KB - Virtual size: 245KB

.data
Size: 512B - Virtual size: 2KB

.idata
Size: 7KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 152B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 24KB