CertPolEng[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

CertPolEng.dll
Size

103KB
MD5

a169dcc06e28c27e79f29e69b8cbd086
SHA1

0f82b89ea39f910fb925ed54edcd78f99deb13aa
SHA256

bd7f2c4b668cf42b0afbdc503b25dd223eec7ffe6942eae6746eba338e1cfdb4
SHA512

717f8ccd24172351c55cfe0e17aaf7649165f4f59de4984f8bc789029b5d59eb7119d1efa366ecefbe7142274c2e13cd956008200c8a9eea2eec60cd4d61539f
SSDEEP

3072:xTM4X+hWQ2SwPHhhsdf/gva6/vj8D4VD:1JQ2SaDOf/gva6/vj8D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CertPolEng.dll

Files

CertPolEng.dll
.dll windows:10 windows x86 arch:x86

5a09ee077f5f24637abb12963efdb14c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CertPolEng.pdb

Imports

msvcrt

??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
memcpy
??0exception@@QAE@ABQBD@Z
_except_handler4_common
_purecall
_callnewh
malloc
_wcsicmp
iswdigit
wcschr
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
memcmp
_wcsnicmp
??3@YAXPAX@Z
_initterm
free
_amsg_exit
memmove
_stricmp
_XcptFilter
__CxxFrameHandler3
_vsnwprintf
?what@exception@@UBEPBDXZ
memset

rpcrt4

RpcAsyncInitializeHandle
NdrAsyncClientCall
RpcAsyncCancelCall
RpcAsyncCompleteCall
RpcStringBindingComposeW
RpcBindingFromStringBindingW
UuidEqual
I_RpcMapWin32Status
RpcBindingSetAuthInfoExW
I_RpcExceptionFilter
RpcStringFreeW
RpcBindingFree
NdrClientCall4
RpcBindingCreateW
RpcBindingBind

api-ms-win-core-synch-l1-1-0

CreateEventW
WaitForSingleObject

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetVersionExW
GetComputerNameExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

FreeSid
CheckTokenMembership
CreateWellKnownSid
AllocateAndInitializeSid

crypt32

CryptDecodeObjectEx
CryptBinaryToStringW
CertDuplicateCertificateContext
CertCloseStore
CertControlStore
CertFreeCertificateChainEngine
CertOpenStore
CryptAcquireCertificatePrivateKey
CertRegisterSystemStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertFindExtension
CertFreeCertificateContext
CertCreateCertificateChainEngine
CertCompareCertificateName
CertFreeCertificateChain
CertAddStoreToCollection
CertSelectCertificateChains
CryptHashCertificate2
CryptFindOIDInfo
CertRDNValueToStrW
CryptDecodeObject
CertCreateCertificateContext
CertGetNameStringW
CertVerifyCertificateChainPolicy
CertFindCertificateInStore
CertFreeCertificateChainList
CertGetCertificateChain
CertDuplicateCertificateChain

ncrypt

NCryptFreeObject

api-ms-win-core-registry-l1-1-0

RegUnLoadKeyW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegLoadKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegGetValueW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapReAlloc
HeapAlloc
HeapFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l2-1-0

CharUpperBuffW

bcrypt

BCryptHashData
BCryptCreateHash
BCryptFinishHash
BCryptDestroyHash

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

cryptsp

CryptReleaseContext

ntdll

RtlLengthRequiredSid
EtwTraceMessage
EtwEventUnregister
EtwEventRegister
RtlFreeUnicodeString
RtlEqualUnicodeString
RtlDowncaseUnicodeString
WinSqmAddToStream
WinSqmIsOptedIn
RtlInitUnicodeString
RtlAllocateHeap
RtlCreateUnicodeString
RtlGetPersistedStateLocation
NtQueryInformationToken
NtOpenProcessToken
NtClose
NtOpenThreadToken
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlDeleteResource
RtlInitializeResource
RtlGUIDFromString
RtlNtStatusToDosError
RtlFreeHeap
EtwEventWriteTransfer
RtlSubAuthoritySid
RtlInitializeSid
RtlEqualSid

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

IntPstGetCertificate
IntPstGetNameIdentifierForCertificate
IntPstGetTrustAnchors
IntPstMapCertificateToProvider
IntPstMapUserCredsToProvider
IntPstValidate
PstAcquirePrivateKey
PstGetCertificateChain
PstGetCertificates
PstGetTrustAnchors
PstGetTrustAnchorsEx
PstGetUserNameForCertificate
PstMapCertificate
PstValidate

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a09ee077f5f24637abb12963efdb14c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

api-ms-win-core-synch-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

crypt32

ncrypt

api-ms-win-core-registry-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l2-1-0

bcrypt

api-ms-win-core-localization-obsolete-l1-2-0

cryptsp

ntdll

api-ms-win-stateseparation-helpers-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 79KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 6KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 40B

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 80KB - Virtual size: 79KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 40B

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 5KB - Virtual size: 4KB