CertPKICmdlet[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

CertPKICmdlet.dll
Size

49KB
MD5

4025155fe8d98d215bf507e5ad11394c
SHA1

00962d0514ff79bd745904549a7bd99cf4c7893e
SHA256

b736fb17e3e13ac8441da7b569de36c23d50a4344dd846c1e35874750a7ce8f5
SHA512

7bc305a3d6d82ca795536740b11b701d14f8386469679c5d3300cff2c9abd408b937a1eb76d34f470d800807f144381fa88d3489c9b58ffd432cb8fbff9f3eb9
SSDEEP

1536:riXH/Dw0Zo1wPWw8nFVfPXHylSlsphe3BPf:riXbfKYJ8nFVHXHylSlsphYB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CertPKICmdlet.dll

Files

CertPKICmdlet.dll
.dll windows:10 windows x86 arch:x86

c6c713abdcc8b36f10b485cb156988cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CertPKICmdlet.pdb

Imports

msvcrt

_swab
strcspn
fwrite
iswxdigit
iswdigit
memcpy_s
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
ftell
fseek
??0exception@@QAE@XZ
_callnewh
getenv
_errno
wcscspn
_CxxThrowException
fclose
memmove_s
_XcptFilter
_amsg_exit
_initterm
fflush
fprintf
??1type_info@@UAE@XZ
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
__CxxFrameHandler3
_vsnprintf
free
__iob_func
_except_handler4_common
fopen
malloc
memcpy
strchr
_vsnwprintf
_wgetenv
memset

crypt32

CertNameToStrW
CertGetCertificateContextProperty
PFXIsPFXBlob
CertOpenStore
PFXImportCertStore
CertEnumCertificatesInStore
CryptFindCertificateKeyProvInfo
CryptBinaryToStringW
CryptStringToBinaryA
CertFreeCertificateContext
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CertCloseStore
CryptAcquireCertificatePrivateKey
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertCreateCertificateChainEngine
CertFindCertificateInStore
CertSaveStore
CertSetCertificateContextProperty
CryptQueryObject
CertDeleteCertificateFromStore
PFXExportCertStoreEx

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-localization-l1-2-0

GetACP
FormatMessageW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetLocalTime
GetSystemTime
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetComputerNameExW

api-ms-win-core-file-l1-1-0

GetFileSize
DeleteFileW
GetTempFileNameW
GetFileAttributesW
GetFullPathNameW
WriteFile
SetFileAttributesW
FileTimeToLocalFileTime
ReadFile
CreateFileW
GetFileType

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetStdHandle

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
GetModuleHandleW
LoadStringW
DisableThreadLibraryCalls

api-ms-win-core-com-l1-1-0

CoCreateInstance

oleaut32

SysStringByteLen
SysAllocString
SysAllocStringByteLen
SysFreeString

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

sspicli

GetUserNameExW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-security-base-l1-1-0

IsValidSid

ncrypt

NCryptOpenStorageProvider
NCryptOpenKey
NCryptFreeObject
NCryptCreateProtectionDescriptor
NCryptCloseProtectionDescriptor
NCryptGetProperty

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyKey
CryptGetKeyParam
CryptReleaseContext
CryptAcquireContextW
CryptGetUserKey

api-ms-win-core-misc-l1-1-0

lstrcmpiW

ntdll

NtQuerySystemInformationEx
WinSqmIncrementDWORD

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllMain
ExportCertificate
ExportPFXCertificate
FindCertificate
FreeCertResults
FreeResourceString
GetCertificateFromEnrollmentInternal
ImportCertificate
ImportPFXCertificate
IsSecureKernelRunning
IsSmartCard
LoadResourceString
SuppressFreeCert
SuppressFreeStore

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6c713abdcc8b36f10b485cb156988cb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

crypt32

api-ms-win-core-heap-l2-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-com-l1-1-0

oleaut32

api-ms-win-core-datetime-l1-1-0

api-ms-win-security-sddl-l1-1-0

sspicli

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-security-base-l1-1-0

ncrypt

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-security-cryptoapi-l1-1-0

api-ms-win-core-misc-l1-1-0

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.data Size: 512B - Virtual size: 5KB

.idata Size: 6KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 20B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 36KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 5KB

.idata
Size: 6KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 20B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB