PCPKsp[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

PCPKsp.dll
Size

52KB
MD5

463873126358017a07ce8976451759ef
SHA1

c3343ab824824090b30680a3ae4776dd17d74947
SHA256

48af9f4898c0828622ba993fa4326846d3e7dc527b07510f5447303b42424b90
SHA512

594835c0adc49b5dd5ec1d759a88e5e279dc761469366b12442b5ff207ee4efe1e56f32764c35d55f50bed7e3ac95f5c7458d231216e4dcbb6781f85cee8ffb3
SSDEEP

768:kCMWUVj1iW8aCi6a+RqJ64hX5vh1fWvoYNr/R6INio4/gSd0Nu:kCM7NoWBCi6PoJDhUwE/R6I4Tgw0Nu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PCPKsp.dll

Files

PCPKsp.dll
.dll windows:6 windows x86 arch:x86

3e442e9b1d8741e0b8dca4c71d49c589

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PCPKsp.pdb

Imports

ntdll

NtRollbackTransaction
NtCommitTransaction
NtCreateTransaction
RtlUnhandledExceptionFilter
_vsnwprintf
NtTerminateProcess
memcpy
memset

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegGetValueW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
DisableThreadLibraryCalls
GetProcAddress
LoadStringW

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-1

GetLastError

api-ms-win-core-com-l1-1-1

CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-synch-l1-2-0

LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection

bcrypt

BCryptExportKey
BCryptFinalizeKeyPair
BCryptRegisterProvider
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptDestroyKey
BCryptUnregisterProvider
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptGenerateKeyPair
BCryptFinishHash
BCryptHashData
BCryptCreateHash

api-ms-win-core-processthreads-l1-1-2

OpenProcessToken
OpenThreadToken
GetCurrentProcess
GetCurrentThread

api-ms-win-core-file-l1-2-1

DeleteFileW
WriteFile
FindFirstFileW
FindNextFileW
GetFileSize
FindClose
CreateFileW
GetFileAttributesW
CreateDirectoryW
GetFileAttributesExW
ReadFile
GetFileTime

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-2-0

GetSecurityDescriptorSacl
GetSecurityDescriptorGroup
AccessCheck
MapGenericMask
DuplicateToken
GetSecurityDescriptorLength
GetTokenInformation
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner

api-ms-win-core-handle-l1-1-0

CloseHandle

crypt32

CryptProtectData
CryptUnprotectData
CertOpenStore
CertCreateCertificateContext
CertSetCertificateContextProperty
CertAddCertificateContextToStore
CertFreeCertificateContext
CertCloseStore

ncrypt

NCryptDeleteKey
NCryptGetProperty
NCryptExportKey
NCryptOpenStorageProvider
NCryptImportKey
NCryptFinalizeKey
NCryptSetProperty
NCryptFreeObject

api-ms-win-core-sysinfo-l1-2-1

GetSystemDirectoryW

userenv

GetAppContainerRegistryLocation

api-ms-win-core-registry-l2-1-0

RegSetKeyValueW

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW
GetNamedSecurityInfoW

api-ms-win-core-kernel32-legacy-l1-1-1

LoadLibraryW
CreateFileTransactedW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath

Exports

Exports

DllInstall
DllMain
DllUnregisterServer
GetAsymmetricEncryptionInterface
GetKeyStorageInterface
GetRngInterface

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e442e9b1d8741e0b8dca4c71d49c589

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

api-ms-win-core-registry-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-synch-l1-2-0

bcrypt

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-file-l1-2-1

api-ms-win-security-sddl-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-handle-l1-1-0

crypt32

ncrypt

api-ms-win-core-sysinfo-l1-2-1

userenv

api-ms-win-core-registry-l2-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-shell-shellfolders-l1-1-0

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 43KB

.data Size: 512B - Virtual size: 948B

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 43KB - Virtual size: 43KB

.data
Size: 512B - Virtual size: 948B

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB