mongocrypt[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

mongocrypt.dll
Size

325KB
MD5

11cb732be8d78c70842a1f4747d231cc
SHA1

3d2bf9e14eb2c576c3058cfbf180c9add85f4087
SHA256

43c7647b2e0125677e674cb70493e3abc65aea4f25f304cc915f5b630b7bfb4e
SHA512

0b5448a66583f1b147e6ac34bb52469f05d5834acf5fc3bf5e6ed590a47880216942c5cde9d77c94c6a8f4bd415333d34650778f30d4dda9cd1eb45cc1f2379b
SSDEEP

6144:1IGXRdsDAXCAe7S5AMIZcupkefdHlvWnH5m/vBmENlA:BnV1EHloMHBXNG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mongocrypt.dll

Files

mongocrypt.dll
.dll windows:6 windows x64 arch:x64

e29a58695bc9df893a54941fbebf7640

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\build\libmongocrypt\cmake-build\RelWithDebInfo\mongocrypt.pdb

Imports

bcrypt

BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptImportKey
BCryptDecrypt
BCryptEncrypt
BCryptSetProperty
BCryptOpenAlgorithmProvider

ws2_32

gethostname

kernel32

GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentProcessId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitOnceExecuteOnce
GetSystemTimeAsFileTime
GetTickCount64

vcruntime140

__current_exception_context
memcmp
memcpy
memset
strchr
strstr
memmove
__C_specific_handler
__std_type_info_destroy_list
__current_exception

api-ms-win-crt-stdio-l1-1-0

_close
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vsnprintf_s
_read
_sopen_s
__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

terminate
abort
_initialize_onexit_table
_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_crt_atexit
_crt_at_quick_exit
_register_onexit_function
_cexit
_errno
strerror_s

api-ms-win-crt-string-l1-1-0

strncpy
strncpy_s
isspace
isdigit
isupper
isalpha
tolower
strspn
strcmp
isxdigit
_stricmp
_strnicmp
isalnum
strncmp
_strdup

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free
realloc

api-ms-win-crt-time-l1-1-0

_gmtime64_s
strftime
_time64

api-ms-win-crt-convert-l1-1-0

strtol
strtoul
strtod

api-ms-win-crt-utility-l1-1-0

srand
rand

Exports

Exports

mongocrypt_binary_data
mongocrypt_binary_destroy
mongocrypt_binary_len
mongocrypt_binary_new
mongocrypt_binary_new_from_data
mongocrypt_ctx_datakey_init
mongocrypt_ctx_decrypt_init
mongocrypt_ctx_destroy
mongocrypt_ctx_encrypt_init
mongocrypt_ctx_explicit_decrypt_init
mongocrypt_ctx_explicit_encrypt_init
mongocrypt_ctx_finalize
mongocrypt_ctx_kms_done
mongocrypt_ctx_mongo_done
mongocrypt_ctx_mongo_feed
mongocrypt_ctx_mongo_op
mongocrypt_ctx_new
mongocrypt_ctx_next_kms_ctx
mongocrypt_ctx_setopt_algorithm
mongocrypt_ctx_setopt_key_alt_name
mongocrypt_ctx_setopt_key_id
mongocrypt_ctx_setopt_masterkey_aws
mongocrypt_ctx_setopt_masterkey_aws_endpoint
mongocrypt_ctx_setopt_masterkey_local
mongocrypt_ctx_state
mongocrypt_ctx_status
mongocrypt_destroy
mongocrypt_init
mongocrypt_kms_ctx_bytes_needed
mongocrypt_kms_ctx_endpoint
mongocrypt_kms_ctx_feed
mongocrypt_kms_ctx_message
mongocrypt_kms_ctx_status
mongocrypt_new
mongocrypt_setopt_crypto_hooks
mongocrypt_setopt_kms_provider_aws
mongocrypt_setopt_kms_provider_local
mongocrypt_setopt_log_handler
mongocrypt_setopt_schema_map
mongocrypt_status
mongocrypt_status_code
mongocrypt_status_destroy
mongocrypt_status_message
mongocrypt_status_new
mongocrypt_status_ok
mongocrypt_status_set
mongocrypt_status_type
mongocrypt_version

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e29a58695bc9df893a54941fbebf7640

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcrypt

ws2_32

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 220KB - Virtual size: 219KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 15KB - Virtual size: 48KB

.pdata Size: 12KB - Virtual size: 11KB

.idata Size: 6KB - Virtual size: 6KB

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 220KB - Virtual size: 219KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 15KB - Virtual size: 48KB

.pdata
Size: 12KB - Virtual size: 11KB

.idata
Size: 6KB - Virtual size: 6KB

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB