CryptoWinRT[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

CryptoWinRT.dll
Size

150KB
MD5

72053fc9fa3f37db22cc186cc0750806
SHA1

7359da74890bd49a4f4b5143022eba2be5a1cf1e
SHA256

dc50d72b24cea487d36a24209ec2617d8f09c3acc87f00278004cec019970da8
SHA512

fc55e0cd4b4d9e7a249ddfae2c1ec349af80e22bfd230c61b8c1104e5949fc9e0097c449aac92fa3f0e29be1189a85cf75b2c999fae02dcc9fbfd978d3a84bcd
SSDEEP

1536:WtRezP0Yg9FNCA2nzrDnAL7fOJTwPcGUWB1TX2Pfn0Zv:WtRezP0tB2nzrDAeGrB1TX23nwv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CryptoWinRT.dll

Files

CryptoWinRT.dll
.dll windows:6 windows x86 arch:x86

c05812e2ebd0e801a38de7618618351a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CryptoWinRT.pdb

Imports

msvcrt

memcpy
memcmp
__CxxFrameHandler3
??2@YAPAXI@Z
??3@YAXPAX@Z
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_initterm
malloc
free
_amsg_exit
_purecall
_XcptFilter
memset

bcrypt

BCryptGenerateSymmetricKey
BCryptImportKeyPair
BCryptDestroyKey
BCryptSignHash
BCryptGetProperty
BCryptDestroyHash
BCryptHashData
BCryptFinishHash
BCryptCreateHash
BCryptKeyDerivation
BCryptExportKey
BCryptSetProperty
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptDecrypt
BCryptCloseAlgorithmProvider
BCryptVerifySignature
BCryptGenerateKeyPair
BCryptEncrypt
BCryptFinalizeKeyPair

ncrypt

NCryptOpenStorageProvider
NCryptSetProperty
NCryptFinalizeKey
NCryptFreeObject
NCryptImportKey
NCryptExportKey
NCryptCreateProtectionDescriptor
NCryptProtectSecret
NCryptStreamClose
NCryptEncrypt
NCryptVerifySignature
NCryptSignHash
NCryptDecrypt
NCryptGetProperty
NCryptStreamOpenToUnprotect
NCryptUnprotectSecret
NCryptStreamOpenToProtect
NCryptStreamUpdate
NCryptCloseProtectionDescriptor

ntdll

LdrDisableThreadCalloutsForDll
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwTraceMessage
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwGetTraceLoggerHandle
RtlFreeHeap
RtlAllocateHeap
RtlImageNtHeader
wcsncmp
RtlNtStatusToDosError
RtlCompareMemory

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameW
GetModuleHandleExW

rpcrt4

IUnknown_QueryInterface_Proxy
NdrDllGetClassObject
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrOleFree
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
NdrStubForwardingFunction
NdrOleAllocate
CStdStubBuffer_IsIIDSupported
IUnknown_AddRef_Proxy
NdrStubCall2
CStdStubBuffer_Invoke
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
CStdStubBuffer_Connect

api-ms-win-core-winrt-string-l1-1-0

WindowsPreallocateStringBuffer
WindowsIsStringEmpty
WindowsDeleteStringBuffer
WindowsStringHasEmbeddedNull
WindowsPromoteStringBuffer
WindowsDuplicateString
WindowsCreateStringReference
WindowsCreateString
WindowsDeleteString
HSTRING_UserSize
HSTRING_UserFree
WindowsGetStringRawBuffer
HSTRING_UserMarshal
HSTRING_UserUnmarshal

api-ms-win-core-synch-l1-2-0

InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
Sleep
InitOnceExecuteOnce
SetEvent
WaitForSingleObject
CreateEventExW
AcquireSRWLockShared

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
GetCurrentProcess
SetThreadStackGuarantee
TerminateProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
GetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-com-l1-1-1

CoTaskMemAlloc
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoGetApartmentType
CoWaitForMultipleHandles
CoTaskMemFree

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-1

RoOriginateErrorW
RoTransformError
RoReportFailedDelegate
GetRestrictedErrorInfo
RoGetMatchingRestrictedErrorInfo
SetRestrictedErrorInfo
IsErrorPropagationEnabled
RoOriginateError

crypt32

CertFreeCertificateContext
CryptExportPublicKeyInfoFromBCryptKeyHandle
CryptEncodeObjectEx
CryptDecodeObjectEx
CryptImportPublicKeyInfoEx2
CryptAcquireCertificatePrivateKey

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-core-memory-l1-1-2

VirtualQuery
VirtualAlloc
VirtualProtect

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

combase

ord18
ord19
ord13
ord21
ord20
ord23
ord2
ord17
ord22
ord16
ord33
ord15
ord34
ord8
ord9
ord5
ord12
ord10
ord32
ord6
ord14
ord7
ord11

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 631B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

minATL
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c05812e2ebd0e801a38de7618618351a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

bcrypt

ncrypt

ntdll

api-ms-win-core-libraryloader-l1-2-0

rpcrt4

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

crypt32

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-threadpool-legacy-l1-1-0

combase

api-ms-win-core-winrt-robuffer-l1-1-0

Exports

Exports

Sections

.text Size: 118KB - Virtual size: 118KB

.orpc Size: 1024B - Virtual size: 631B

.data Size: 2KB - Virtual size: 3KB

.idata Size: 6KB - Virtual size: 6KB

minATL Size: 512B - Virtual size: 72B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 118KB - Virtual size: 118KB

.orpc
Size: 1024B - Virtual size: 631B

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 6KB - Virtual size: 6KB

minATL
Size: 512B - Virtual size: 72B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 18KB