PCPKsp[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PCPKsp.dll
Size

643KB
MD5

637514d690b88b564e54d34b48816a20
SHA1

563eb04446cdac896eaef2fb97e8282db7dfadcd
SHA256

df2dfb2cfbb061586e3ef8e4937f295f16b796bcd06c522961ca27e4a949488f
SHA512

d6014fe8233c992a486297871f7bfdb8e0b38d695cceb4fc0c11972e9b7b8c6729d6e209f808ef6a77cf6632eaf0ef4843902062c284645790e04e630c006386
SSDEEP

12288:arA+HuLX12gxbsrdipJpPP8hyNigaERvr0SS46:B+MQebUdipTOyNiroXS46

Score

1^/10

Malware Config

Signatures

Files

PCPKsp.dll
.dll windows:10 windows x86 arch:x86

b9ae4b4a4dd90bd7ff79a9d2948f31b5

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:bb:27:9c:23:aa:25:47:c0:e8:ba:b7:fe:04:b8:2c:2f:1c:e0:02:07:90:30:cc:1c:93:fa:81:6a:f5:2f:d0
Signer

Actual PE Digest

32:bb:27:9c:23:aa:25:47:c0:e8:ba:b7:fe:04:b8:2c:2f:1c:e0:02:07:90:30:cc:1c:93:fa:81:6a:f5:2f:d0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PCPKsp.pdb

Imports

msvcrt

__dllonexit
_initterm
malloc
free
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
_unlock
??0exception@@QAE@ABQBD@Z
wcsncmp
_purecall
strncmp
_onexit
?terminate@@YAXXZ
rand
??1type_info@@UAE@XZ
time
srand
_except_handler4_common
memcmp
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
__CxxFrameHandler3
??1exception@@UAE@XZ
memcpy_s
_vsnwprintf
_lock
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
LoadStringW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
CreateMutexExW
InitializeCriticalSection
LeaveCriticalSection
CreateSemaphoreExW
ReleaseMutex
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
GetCurrentThreadId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
RegisterTraceGuidsW
TraceMessage
UnregisterTraceGuids
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegGetValueW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumValueW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

bcrypt

BCryptDestroyHash
BCryptFinishHash
BCryptHash
BCryptHashData
BCryptEncrypt
BCryptVerifySignature
BCryptCreateHash
BCryptDecrypt
BCryptGenerateKeyPair
BCryptGenerateSymmetricKey
BCryptKeyDerivation
BCryptGenRandom
BCryptDeriveKey
BCryptDestroySecret
BCryptSecretAgreement
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptImportKeyPair
BCryptOpenAlgorithmProvider
BCryptFinalizeKeyPair
BCryptExportKey
BCryptUnregisterProvider
BCryptGetProperty
BCryptSetProperty
BCryptRegisterProvider

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

rpcrt4

UuidCreate

api-ms-win-core-file-l1-1-0

CompareFileTime
CreateDirectoryW
WriteFile
FlushFileBuffers
DeleteFileW
CreateFileW
GetFileAttributesExW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetFileTime
GetFileSize
ReadFile

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
GetTokenInformation
GetSecurityDescriptorSacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
DuplicateToken
AccessCheck
GetSecurityDescriptorLength
MapGenericMask

crypt32

CertEnumCertificatesInStore
CryptProtectData
CertCloseStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertSetCertificateContextProperty
CertCreateCertificateContext
CertOpenStore
CertCreateContext
CryptUnprotectData

ncrypt

NCryptGetProperty
NCryptOpenStorageProvider
NCryptImportKey
NCryptSetProperty
NCryptFinalizeKey
NCryptSignHash
NCryptFreeObject
NCryptDeleteKey
NCryptExportKey

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetNamedSecurityInfoW

api-ms-win-core-kernel32-legacy-l1-1-0

CreateFileTransactedW

api-ms-win-core-kernel32-legacy-l1-1-3

DeleteFileTransactedW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

ntdll

RtlGetPersistedStateLocation
NtCreateTransaction
NtRollbackTransaction
NtCommitTransaction
RtlNtStatusToDosError

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllInstall
DllMain
DllUnregisterServer
GetKeyStorageInterface

Sections

.text
Size: 591KB - Virtual size: 591KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9ae4b4a4dd90bd7ff79a9d2948f31b5

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

32:bb:27:9c:23:aa:25:47:c0:e8:ba:b7:fe:04:b8:2c:2f:1c:e0:02:07:90:30:cc:1c:93:fa:81:6a:f5:2f:d0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

bcrypt

api-ms-win-core-com-l1-1-0

api-ms-win-core-heap-l2-1-0

rpcrt4

api-ms-win-core-file-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-security-base-l1-1-0

crypt32

ncrypt

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-3

api-ms-win-core-registry-l2-1-0

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 591KB - Virtual size: 591KB

.data Size: 1024B - Virtual size: 1KB

.idata Size: 7KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 52B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 27KB - Virtual size: 26KB

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

32:bb:27:9c:23:aa:25:47:c0:e8:ba:b7:fe:04:b8:2c:2f:1c:e0:02:07:90:30:cc:1c:93:fa:81:6a:f5:2f:d0
Signer

.text
Size: 591KB - Virtual size: 591KB

.data
Size: 1024B - Virtual size: 1KB

.idata
Size: 7KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 52B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 27KB - Virtual size: 26KB