cngprovider[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

cngprovider.dll
Size

54KB
MD5

0bdeea152e821dac2254b7f227ba4d72
SHA1

2a4c31ab6007502725d8b02ad895744b528e7627
SHA256

f424ed78241bed69dd62b025ddd98949ecfa0aadcfbcf5105487fc8ff8b07241
SHA512

332533b1ef34b8d3664ab5ede4a47caf51be3c4dfdc7eefb5199c88b25af26fd1c02da6585ab53ea2a856edf4f996787c8ae94b38ce91fc79c534120ebc25961
SSDEEP

1536:TK/PEBsIWqjJHsdv4qpm7r62ajSi0pMUIQKBjMlqPbW4nQ:WPWZCvExaxUnKpzW4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cngprovider.dll

Files

cngprovider.dll
.dll regsvr32 windows:10 windows x86 arch:x86

4a43b62be4d9d28cc1c7dba8af18688e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cngprovider.pdb

Imports

msvcrt

_onexit
_lsearch_s
__dllonexit
memcmp
memset
memcpy
_unlock
_lock
realloc
_errno
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
_callnewh
bsearch_s
qsort_s
_lfind_s
wcscat_s
wcscpy_s
wcsncpy_s
_wcsicmp
malloc
free
_purecall
memcpy_s

oleaut32

UnRegisterTypeLi
VarUI4FromStr
RegisterTypeLi
SysAllocString
LoadTypeLi
SysFreeString
SysStringLen

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
LoadResource
SizeofResource
FindResourceExW
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteValueW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
RegisterTraceGuidsW
TraceMessage

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken
GetCurrentThread
OpenThreadToken

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

ncrypt

NCryptEnumKeys
NCryptFreeObject
NCryptDeleteKey
NCryptImportKey
NCryptExportKey
NCryptFreeBuffer
NCryptOpenStorageProvider
NCryptOpenKey
NCryptGetProperty

api-ms-win-core-file-l1-1-0

SetFileAttributesW
FindFirstFileW
DeleteFileW
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetFileSize
CreateFileW
FindNextFileW
CompareFileTime
CreateDirectoryW
GetFileTime
ReadFile
FindClose
WriteFile

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertFindExtension
CertAddSerializedElementToStore
CryptHashCertificate

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

userenv

GetUserProfileDirectoryW

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

advapi32

CryptCreateHash
CryptDestroyHash
CryptHashData
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam

kernel32

lstrcmpiW

ntdll

EtwTraceMessage

user32

UnregisterClassA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a43b62be4d9d28cc1c7dba8af18688e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-handle-l1-1-0

ncrypt

api-ms-win-core-file-l1-1-0

crypt32

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-debug-l1-1-0

userenv

dsrole

advapi32

kernel32

ntdll

user32

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 35KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 2KB - Virtual size: 2KB