cngprovider[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

cngprovider.dll
Size

54KB
MD5

ded6733f5ec75968f19e2f3d1af7ecdf
SHA1

cab25cc720c29f07ce251f8a1f74e4e1f277572b
SHA256

cc7afe5c5f295efdc65aff2dc15c8d8de109eca47fc3a16e73a9e54f35ecc5b6
SHA512

128ad41c83c1a1f3435f381eee61a4bd3bc0a941211815ff07bfda13b90eefa1c54e4a0d7beba7a354e55e342b305a261a79be27a2539137809228a112eef88c
SSDEEP

1536:5VivEBsIWqjJnMdvYK/br6RaGSi0oseIIJBjPlqPPY4:ivW5ivHGa3eDJpiY4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cngprovider.dll

Files

cngprovider.dll
.dll regsvr32 windows:10 windows x86 arch:x86

4a43b62be4d9d28cc1c7dba8af18688e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cngprovider.pdb

Imports

msvcrt

_onexit
_lsearch_s
__dllonexit
memcmp
memset
memcpy
_unlock
_lock
realloc
_errno
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
_callnewh
bsearch_s
qsort_s
_lfind_s
wcscat_s
wcscpy_s
wcsncpy_s
_wcsicmp
malloc
free
_purecall
memcpy_s

oleaut32

UnRegisterTypeLi
VarUI4FromStr
RegisterTypeLi
SysAllocString
LoadTypeLi
SysFreeString
SysStringLen

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
LoadResource
SizeofResource
FindResourceExW
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteValueW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
RegisterTraceGuidsW
TraceMessage

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken
GetCurrentThread
OpenThreadToken

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

ncrypt

NCryptEnumKeys
NCryptFreeObject
NCryptDeleteKey
NCryptImportKey
NCryptExportKey
NCryptFreeBuffer
NCryptOpenStorageProvider
NCryptOpenKey
NCryptGetProperty

api-ms-win-core-file-l1-1-0

SetFileAttributesW
FindFirstFileW
DeleteFileW
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetFileSize
CreateFileW
FindNextFileW
CompareFileTime
CreateDirectoryW
GetFileTime
ReadFile
FindClose
WriteFile

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertFindExtension
CertAddSerializedElementToStore
CryptHashCertificate

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

userenv

GetUserProfileDirectoryW

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

advapi32

CryptCreateHash
CryptDestroyHash
CryptHashData
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam

kernel32

lstrcmpiW

ntdll

EtwTraceMessage

user32

UnregisterClassA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a43b62be4d9d28cc1c7dba8af18688e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-handle-l1-1-0

ncrypt

api-ms-win-core-file-l1-1-0

crypt32

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-debug-l1-1-0

userenv

dsrole

advapi32

kernel32

ntdll

user32

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 35KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 2KB - Virtual size: 2KB