CertEnroll[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

CertEnroll.dll
Size

2.5MB
MD5

9d2b100882c4225550374967544779b2
SHA1

054e481d2d8cb119ab218d46eb2f26e1c760152c
SHA256

72f276944e243c8307e49e942ef561171842a1b7b0492d08d4a2ff1a71e322d8
SHA512

fd4d6ce591724d12c35a521817825c2e306986178dc76ac4f19c59af8c42fa9fac4fa72e3f768967ea99b3e8eab8b89cd5d9aef492e50570257ddb828432ac09
SSDEEP

49152:gUjVXIgI0MgI0MgI06qrmvb0JssSQCsoDcUTELihJDZmNAtvQpZ3:gornJssvLyZhJDZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CertEnroll.dll

Files

CertEnroll.dll
.dll regsvr32 windows:10 windows x86 arch:x86

d3e074ce415d99ffb3030d6df3a9923b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CertEnroll.pdb

Imports

msvcrt

_onexit
_errno
realloc
__dllonexit
_except_handler4_common
_unlock
_lock
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
memcmp
_ftol2_sse
_CIpow
__iob_func
memset
calloc
wcsrchr
qsort
wcsstr
srand
wcschr
_stricmp
rand
_wcsnicmp
_itow
_wtoi
iswdigit
?what@exception@@UBEPBDXZ
_wcsicmp
_purecall
wcscat_s
wcscpy_s
malloc
wcsncpy_s
??0exception@@QAE@ABQBD@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
strcspn
fprintf
wcscspn
fflush
fclose
fopen
_wgetenv
fseek
ftell
fwrite
iswalpha
strchr
getenv
_vsnprintf
iswxdigit
iswspace
wcsncmp
isdigit
atoi
strncmp
fputws
ferror
_wfopen_s
fwprintf
memmove
vfwprintf
towlower
iswupper
iswlower
towupper
_strnicmp
bsearch
_vsnwprintf
free
memcpy_s
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
memmove_s
__CxxFrameHandler3
memcpy

certca

ord869
ord436
ord449
ord601
ord462
ord809
ord458
ord602
ord707
ord824
ord838
ord420
ord414
ord413
ord843
ord416
ord456
ord844
ord430
ord468
ord438
ord703
ord442
ord434
ord444
ord450
ord487
ord847
ord412
ord453
ord452
ord846
ord455
ord457
ord460
ord467
ord446
ord842
ord802
ord705
ord823
ord704
ord820
ord445
ord404
ord405
ord486
ord801
ord819
ord841
ord813
ord808
ord479
ord840
ord839
ord435
ord440
ord845
ord485
ord454

api-ms-win-core-synch-l1-2-0

InitializeSRWLock
SetEvent
InitOnceExecuteOnce
CreateEventExW
EnterCriticalSection
WaitForSingleObject
CreateEventW
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSection
LeaveCriticalSection
Sleep

api-ms-win-core-errorhandling-l1-1-1

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetProcAddress
LoadLibraryExW
LockResource
GetModuleHandleW
GetModuleFileNameA
FreeLibrary
LoadResource
GetModuleHandleExW
GetModuleFileNameW
SizeofResource
DisableThreadLibraryCalls
FindResourceExW

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegDeleteValueW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenCurrentUser
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegEnumKeyExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
LocalReAlloc

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-string-l2-1-0

CharLowerW
CharNextW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
FoldStringW
MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-sysinfo-l1-2-1

GetLocalTime
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount
GetVersionExW
GetSystemTime

api-ms-win-core-handle-l1-1-0

CloseHandle

crypt32

CertAddCertificateContextToStore
CryptImportPublicKeyInfo
CertFindExtension
CryptFindOIDInfo
CryptStringToBinaryW
CertCloseStore
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateContextProperty
CertFindCertificateInStore
CertOpenStore
CryptDecodeObject
CertGetCRLContextProperty
CryptSignCertificate
CryptExportPublicKeyInfoEx
CryptMsgOpenToDecode
CryptEncodeObjectEx
CertSetCertificateContextProperty
CryptProtectData
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertEnumCertificatesInStore
CertRegisterPhysicalStore
CertFindCTLInStore
CertDuplicateCertificateContext
CryptHashCertificate
CertDeleteCertificateFromStore
CryptImportPublicKeyInfoEx2
CertSelectCertificateChains
CertFreeCertificateChainList
CertAddSerializedElementToStore
CertControlStore
CryptProtectMemory
CryptUnprotectMemory
CertFreeCRLContext
CertCreateCRLContext
CertSerializeCertificateStoreElement
PFXImportCertStore
CertGetSubjectCertificateFromStore
CryptMsgControl
CryptMsgGetParam
CryptMsgUpdate
CryptMsgOpenToEncode
CryptHashPublicKeyInfo
CertEnumCertificateContextProperties
CryptHashCertificate2
CryptSignMessage
CertGetPublicKeyLength
CryptVerifyCertificateSignatureEx
CryptRegisterOIDInfo
CryptEnumOIDInfo
CryptDecryptMessage
CertDuplicateStore
CryptVerifyTimeStampSignature
CryptAcquireCertificatePrivateKey
PFXExportCertStoreEx
CertAddEncodedCertificateToStore
CertAddCertificateLinkToStore
CertComparePublicKeyInfo
CryptFormatObject
CryptMsgGetAndVerifySigner
CertFindAttribute
CryptQueryObject
CertGetIssuerCertificateFromStore
PFXIsPFXBlob
CryptMsgClose
CertGetNameStringW
CryptEncryptMessage
CertSaveStore
CertStrToNameW
CryptVerifyCertificateSignature
CertCreateCertificateContext
CryptDecodeObjectEx
CryptVerifyMessageSignature
CryptMsgCalculateEncodedLength
CryptMsgDuplicate
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertNameToStrW
CryptBinaryToStringW
CertVerifySubjectCertificateContext
CryptMemFree

api-ms-win-core-file-l1-2-1

SetEndOfFile
GetFullPathNameW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetFileType
GetFileSize
GetFileTime
CompareFileTime
WriteFile
CreateFileW
SetFilePointer
GetTempFileNameW
GetTempPathW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

api-ms-win-core-localization-l1-2-1

FormatMessageW
IdnToUnicode
GetLocaleInfoW
IdnToAscii
GetACP

api-ms-win-core-processenvironment-l1-2-0

GetCommandLineW
GetStdHandle
GetEnvironmentVariableW
ExpandEnvironmentStringsW
SearchPathW

api-ms-win-security-base-l1-2-0

RevertToSelf
IsValidSecurityDescriptor
CopySid
GetLengthSid
GetSecurityDescriptorLength
FreeSid
AllocateAndInitializeSid
EqualSid
SetSecurityDescriptorControl
ImpersonateLoggedOnUser
CreateWellKnownSid
DuplicateTokenEx
GetTokenInformation

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-processthreads-l1-1-2

OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
OpenProcess
TerminateProcess
GetCurrentProcess
CreateThread
GetProcessId

rpcrt4

NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
NdrStubForwardingFunction
NdrStubCall2
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
RpcStringFreeW
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrClientCall4
RpcBindingFree
RpcEpResolveBinding
UuidCreate
RpcExceptionFilter
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW

api-ms-win-core-com-midlproxystub-l1-1-0

CStdStubBuffer2_Connect
ObjectStublessClient14
CStdStubBuffer2_CountRefs
NdrProxyForwardingFunction3
ObjectStublessClient21
ObjectStublessClient11
ObjectStublessClient16
ObjectStublessClient10
ObjectStublessClient17
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient6
NdrProxyForwardingFunction5
NdrProxyForwardingFunction4
ObjectStublessClient19
CStdStubBuffer2_QueryInterface
ObjectStublessClient13
ObjectStublessClient12
ObjectStublessClient7
CStdStubBuffer2_Disconnect
ObjectStublessClient22
ObjectStublessClient23
ObjectStublessClient15
ObjectStublessClient20
ObjectStublessClient18
ObjectStublessClient3

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-1

OutputDebugStringW
OutputDebugStringA

api-ms-win-core-heap-l1-2-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-datetime-l1-1-1

GetDateFormatW
GetTimeFormatW
GetDateFormatA
GetTimeFormatA

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-memory-l1-1-2

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-libraryloader-l1-2-2

FindResourceW

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-threadpool-l1-2-0

FreeLibraryWhenCallbackReturns
TrySubmitThreadpoolCallback
CallbackMayRunLong

api-ms-win-core-url-l1-1-0

UrlGetPartW

api-ms-win-security-activedirectoryclient-l1-1-0

DsUnBindW

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW
lstrlenW

api-ms-win-core-localization-obsolete-l1-3-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage

ntdll

RtlCheckTokenCapability
RtlCapabilityCheck
RtlCheckTokenMembershipEx
RtlCheckTokenMembership
RtlSubAuthoritySid
RtlInitializeSid
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlEqualSid
NtQueryInformationToken
WinSqmIncrementDWORD
WinSqmSetString
RtlInitUnicodeString
EtwTraceMessage
EtwEventWriteFull
EtwEventUnregister
EtwEventRegister

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
ImportPFXToProvider
ImportPFXToProviderFreeData
LogCertArchive
LogCertCopy
LogCertDelete
LogCertExpire
LogCertExport
LogCertImport
LogCertInstall
LogCertReplace

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3e074ce415d99ffb3030d6df3a9923b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

certca

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-handle-l1-1-0

crypt32

api-ms-win-core-file-l1-2-1

api-ms-win-core-localization-l1-2-1

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-processthreads-l1-1-2

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-console-l1-1-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-localization-l1-2-2

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-url-l1-1-0

api-ms-win-security-activedirectoryclient-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-localization-obsolete-l1-3-0

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.data Size: 13KB - Virtual size: 18KB

.idata Size: 14KB - Virtual size: 13KB

.didat Size: 1KB - Virtual size: 1KB

.rsrc Size: 214KB - Virtual size: 214KB

.reloc Size: 148KB - Virtual size: 147KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 13KB - Virtual size: 18KB

.idata
Size: 14KB - Virtual size: 13KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 214KB - Virtual size: 214KB

.reloc
Size: 148KB - Virtual size: 147KB