certenc[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

certenc.dll
Size

42KB
MD5

9480d91c81b514ab05cdb9e60a407f7e
SHA1

3cec9597daa9f11debabeb6ab007eb02edaebde8
SHA256

a47573d9166009693b31f9ce60896a9bd02e9d7ffa981eb1d89fa43dfccbcf80
SHA512

52b32bcb5bdf2e0c697f1817315626820b5345f8e9f164e6be728fb7bb667d69587e1ebe24ab8bfe837cdd5d2f27bada907e99e16c131d6738ccfbff5b732e73
SSDEEP

768:IQfqWbIvsWtL3MEAw8OkhRhb8GyIWIDYtkl+taWVN:BfhbIz4IeEVV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
certenc.dll

Files

certenc.dll
.dll regsvr32 windows:6 windows x86 arch:x86

2e5ff610f89c181d28932e375451a8a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

certenc.pdb

Imports

msvcrt

_except_handler4_common
_amsg_exit
_initterm
_XcptFilter
??2@YAPAXI@Z
??3@YAXPAX@Z
free
malloc
memset
_purecall
_vsnwprintf
memcpy
isdigit
strchr
atoi

atl

ord15
ord18
ord21
ord16
ord32
ord22

api-ms-win-core-libraryloader-l1-1-0

GetProcAddress
LoadLibraryExA
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleW
GetModuleFileNameW
LoadStringW

advapi32

RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

oleaut32

LoadRegTypeLi
SysStringByteLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
SysAllocStringByteLen
CreateErrorInfo
SetErrorInfo
SysFreeString

kernel32

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
lstrcmpiW
DelayLoadFailureHook
InterlockedCompareExchange
InterlockedExchange
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrlenW
DeleteCriticalSection
FormatMessageW
GetSystemDirectoryW
LoadLibraryW
GetSystemTime
SetLastError
FileTimeToSystemTime
SystemTimeToFileTime
MultiByteToWideChar
GetACP
LocalAlloc
LocalFree
GetLastError
WideCharToMultiByte

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e5ff610f89c181d28932e375451a8a7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

api-ms-win-core-libraryloader-l1-1-0

advapi32

oleaut32

kernel32

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 29KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 29KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 3KB - Virtual size: 2KB