mongocrypt[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

mongocrypt.dll
Size

4.3MB
MD5

cabd9114c732ffcd56448fc9324bff1a
SHA1

bcf3482d5630f35fb32d228385b12d018ddff5ea
SHA256

b1bd8dff9688fe96e102593160ee8925fb4cebd50806f44db3983c50ba99c3ec
SHA512

6112e333e00620d70c11af25efdc772afa837429b9d34ffe62f3869f7049d60a61ad62f0074b1f22fc88c807e2390537624d549c115191906e57b3fcf5dddd57
SSDEEP

98304:gzr1krfO+a78ZZ81A6lGGKrb8c2vXa4gcF:gzr1krfOF83EFJpC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mongocrypt.dll

Files

mongocrypt.dll
.dll windows:6 windows x64 arch:x64

d372b9fc93c96a13c769b1ac6c49679a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\data\mci\11feac3557aefbc6f53637fc2cbbe1c9\libmongocrypt\cmake-build\mongocrypt.pdb

Imports

bcrypt

BCryptGetProperty
BCryptSignHash
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptImportKey
BCryptDecrypt
BCryptEncrypt
BCryptSetProperty
BCryptOpenAlgorithmProvider

ws2_32

gethostname

crypt32

CryptDecodeObjectEx

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentProcessId
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcess
GetModuleHandleW
InitOnceExecuteOnce
GetLastError
SetLastError
GetModuleFileNameW
WideCharToMultiByte
GetCurrentDirectoryW
LocalFree
FormatMessageW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
MultiByteToWideChar

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
strchr
memcpy
memset
memcmp
memmove
strstr

api-ms-win-crt-runtime-l1-1-0

abort
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_errno
_initialize_onexit_table
_seh_filter_dll
_initialize_narrow_environment
_configure_narrow_argv
_initterm_e
_initterm
_clearfp
_statusfp
strerror_s
terminate

api-ms-win-crt-math-l1-1-0

asinh
atan
atan2
log1p
cbrt
cos
sin
cosh
asin
erfc
exp
pow
exp2
expm1
hypot
lgamma
log
log10
sinh
tan
tanh
tgamma
acos
sqrt
log2f
acosh
_dclass
erf
ceil
trunc
log2

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsnprintf_s
__stdio_common_vsprintf
_close
_read
_sopen_s

api-ms-win-crt-string-l1-1-0

isalnum
isxdigit
strncpy_s
_strdup
strncpy
strncmp
strcmp
isspace
_stricmp
tolower
iswctype
isdigit
_strnicmp
isupper
isalpha
strspn

api-ms-win-crt-heap-l1-1-0

malloc
free
realloc
calloc

api-ms-win-crt-time-l1-1-0

_time64
strftime
_gmtime64_s

api-ms-win-crt-convert-l1-1-0

strtol
strtod
strtoul

api-ms-win-crt-utility-l1-1-0

rand
srand

Exports

Exports

mongocrypt_binary_data
mongocrypt_binary_destroy
mongocrypt_binary_len
mongocrypt_binary_new
mongocrypt_binary_new_from_data
mongocrypt_crypt_shared_lib_version
mongocrypt_crypt_shared_lib_version_string
mongocrypt_ctx_datakey_init
mongocrypt_ctx_decrypt_init
mongocrypt_ctx_destroy
mongocrypt_ctx_encrypt_init
mongocrypt_ctx_explicit_decrypt_init
mongocrypt_ctx_explicit_encrypt_expression_init
mongocrypt_ctx_explicit_encrypt_init
mongocrypt_ctx_finalize
mongocrypt_ctx_kms_done
mongocrypt_ctx_mongo_done
mongocrypt_ctx_mongo_feed
mongocrypt_ctx_mongo_op
mongocrypt_ctx_new
mongocrypt_ctx_next_kms_ctx
mongocrypt_ctx_provide_kms_providers
mongocrypt_ctx_rewrap_many_datakey_init
mongocrypt_ctx_setopt_algorithm
mongocrypt_ctx_setopt_algorithm_range
mongocrypt_ctx_setopt_contention_factor
mongocrypt_ctx_setopt_index_key_id
mongocrypt_ctx_setopt_key_alt_name
mongocrypt_ctx_setopt_key_encryption_key
mongocrypt_ctx_setopt_key_id
mongocrypt_ctx_setopt_key_material
mongocrypt_ctx_setopt_masterkey_aws
mongocrypt_ctx_setopt_masterkey_aws_endpoint
mongocrypt_ctx_setopt_masterkey_local
mongocrypt_ctx_setopt_query_type
mongocrypt_ctx_state
mongocrypt_ctx_status
mongocrypt_destroy
mongocrypt_init
mongocrypt_kms_ctx_bytes_needed
mongocrypt_kms_ctx_endpoint
mongocrypt_kms_ctx_feed
mongocrypt_kms_ctx_get_kms_provider
mongocrypt_kms_ctx_message
mongocrypt_kms_ctx_status
mongocrypt_new
mongocrypt_setopt_aes_256_ctr
mongocrypt_setopt_aes_256_ecb
mongocrypt_setopt_append_crypt_shared_lib_search_path
mongocrypt_setopt_bypass_query_analysis
mongocrypt_setopt_crypto_hook_sign_rsaes_pkcs1_v1_5
mongocrypt_setopt_crypto_hooks
mongocrypt_setopt_encrypted_field_config_map
mongocrypt_setopt_kms_provider_aws
mongocrypt_setopt_kms_provider_local
mongocrypt_setopt_kms_providers
mongocrypt_setopt_log_handler
mongocrypt_setopt_schema_map
mongocrypt_setopt_set_crypt_shared_lib_path_override
mongocrypt_setopt_use_need_kms_credentials_state
mongocrypt_status
mongocrypt_status_code
mongocrypt_status_destroy
mongocrypt_status_message
mongocrypt_status_new
mongocrypt_status_ok
mongocrypt_status_set
mongocrypt_status_type
mongocrypt_version

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d372b9fc93c96a13c769b1ac6c49679a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcrypt

ws2_32

crypt32

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 1.1MB - Virtual size: 1.2MB

.pdata Size: 53KB - Virtual size: 52KB

.idata Size: 8KB - Virtual size: 8KB

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 1.1MB - Virtual size: 1.2MB

.pdata
Size: 53KB - Virtual size: 52KB

.idata
Size: 8KB - Virtual size: 8KB

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB