Windows[.]Security[.]Credentials[.]UI[.]CredentialPicker[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Windows.Security.Credentials.UI.CredentialPicker.dll
Size

68KB
MD5

3b6c4f9eb636eceb641598795da8699e
SHA1

2af4d7afcc7a3c0e46f8cb0c6a81824b037d13f3
SHA256

cda9cf6e56fdbdae3f24383af48207dfd0e1e277836e3b5391e1a596c5efbbd7
SHA512

0e6e1fba196fdad28814841a4b1a3c44cfc40fe4fde9510983aa56e6ea28d51304a483cbb367d327e6a14de15e751dbeec7d59d44976d23dacc70ad422d91da9
SSDEEP

768:lelMqKE4toxZE6yiZll7pSvIzcOlkjTEPPLPaZQTw+79b3rh1PR9xTw/3b:lIeX6nZIu2sPPLPaZQT79bTPRDTu3b

Score

1^/10

Malware Config

Signatures

Files

Windows.Security.Credentials.UI.CredentialPicker.dll
.dll windows:6 windows x86 arch:x86

3e4b284161ae3717efeff0f706241e45

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/06/2013, 21:43

Not After

17/09/2014, 21:43

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:84:6e:03:33:8b:0c:cb:f0:35:b2:36:d9:4b:6d:48:f7:ca:2f:88:c1:93:f9:f7:ee:53:b6:18:6d:36:65:9b
Signer

Actual PE Digest

e6:84:6e:03:33:8b:0c:cb:f0:35:b2:36:d9:4b:6d:48:f7:ca:2f:88:c1:93:f9:f7:ee:53:b6:18:6d:36:65:9b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Windows.Security.Credentials.UI.CredentialPicker.pdb

Imports

msvcrt

??3@YAXPAX@Z
memcmp
_except_handler4_common
__CxxFrameHandler3
??2@YAPAXI@Z
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
wcschr
malloc
free
memset
_purecall
memcpy

kernel32

SetEvent
CloseThreadpoolWork
WaitForSingleObject
GetModuleHandleExW
FreeLibraryWhenCallbackReturns
CompareFileTime
InitOnceExecuteOnce
CreateMutexW
ReleaseMutex
GetCurrentThread
GetConsoleWindow
DisableThreadLibraryCalls
DecodePointer
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteCriticalSection
RaiseException
InitializeCriticalSection
EncodePointer
ReleaseSRWLockShared
AcquireSRWLockShared
GetLastError
HeapAlloc
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetProcessHeap
HeapFree
CloseHandle
GlobalGetAtomNameW
DuplicateHandle
LocalFree
CompareStringOrdinal
GetProcessId
CreateEventExW
CreateThreadpoolWork
SubmitThreadpoolWork
OpenProcess
SetThreadStackGuarantee
LocalAlloc
VirtualQuery
VirtualAlloc
GetSystemInfo
VirtualProtect

rpcrt4

NdrDllGetClassObject
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
NdrStubCall2
CStdStubBuffer_CountRefs
NdrOleAllocate
NdrStubForwardingFunction
NdrOleFree
IUnknown_QueryInterface_Proxy
CStdStubBuffer_AddRef
IUnknown_AddRef_Proxy

api-ms-win-core-winrt-error-l1-1-1

RoTransformError
RoOriginateError
RoOriginateErrorW
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
SetRestrictedErrorInfo
IsErrorPropagationEnabled
GetRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoUninitialize

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserSize
HSTRING_UserMarshal
HSTRING_UserUnmarshal
HSTRING_UserFree
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateString
WindowsDeleteString
WindowsDuplicateString
WindowsGetStringLen
WindowsCreateStringReference

api-ms-win-core-com-l1-1-1

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoCreateGuid
CoImpersonateClient
CoGetCallerTID
CoGetMalloc
CoRevertToSelf
CoGetCallContext

ncrypt

NCryptCreateProtectionDescriptor
NCryptProtectSecret
BCryptGenRandom
NCryptCloseProtectionDescriptor

vaultcli

VaultFree
VaultOpenVault
VaultGetItem
VaultAddItem
VaultCloseVault

ntdll

_snwprintf_s
NtQueryInformationToken
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlInitUnicodeString
NtQueryInformationProcess
RtlAllocateHeap
RtlFreeHeap
RtlEqualSid
RtlImageNtHeader
RtlLoadString

api-ms-win-security-credentials-l1-1-0

CredReadW
CredFree
CredIsProtectedW

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

advapi32

ImpersonateLoggedOnUser
OpenThreadToken
GetTokenInformation
CopySid
GetLengthSid
RevertToSelf
OpenProcessToken
DuplicateTokenEx

user32

EnumThreadWindows
GetWindowInfo
GetPropW
GetWindowBand
ord2521
GetWindowThreadProcessId
GetWindow
GetParent

credui

SspiPromptForCredentialsW

ole32

ObjectStublessClient10
ObjectStublessClient13
ObjectStublessClient11
ObjectStublessClient3
ObjectStublessClient18
ObjectStublessClient7
ObjectStublessClient15
ObjectStublessClient23
ObjectStublessClient8
ObjectStublessClient17
ObjectStublessClient12
NdrProxyForwardingFunction4
ObjectStublessClient14
ObjectStublessClient24
ObjectStublessClient21
ObjectStublessClient9
ObjectStublessClient22
ObjectStublessClient25
NdrProxyForwardingFunction5
ObjectStublessClient20
ObjectStublessClient16
ObjectStublessClient19
NdrProxyForwardingFunction3
ObjectStublessClient6

sspicli

SspiValidateAuthIdentity
SspiFreeAuthIdentity
SspiZeroAuthIdentity

twinapi.appcore

ord3
ord2

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 279B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

minATL
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e4b284161ae3717efeff0f706241e45

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

e6:84:6e:03:33:8b:0c:cb:f0:35:b2:36:d9:4b:6d:48:f7:ca:2f:88:c1:93:f9:f7:ee:53:b6:18:6d:36:65:9bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

rpcrt4

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-com-l1-1-1

ncrypt

vaultcli

ntdll

api-ms-win-security-credentials-l1-1-0

api-ms-win-core-winrt-robuffer-l1-1-0

advapi32

user32

credui

ole32

sspicli

twinapi.appcore

Exports

Exports

Sections

.text Size: 42KB - Virtual size: 42KB

.orpc Size: 512B - Virtual size: 279B

.imrsiv Size: - Virtual size: 4B

.data Size: 512B - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 6KB

minATL Size: 512B - Virtual size: 20B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

e6:84:6e:03:33:8b:0c:cb:f0:35:b2:36:d9:4b:6d:48:f7:ca:2f:88:c1:93:f9:f7:ee:53:b6:18:6d:36:65:9b
Signer

.text
Size: 42KB - Virtual size: 42KB

.orpc
Size: 512B - Virtual size: 279B

.imrsiv
Size: - Virtual size: 4B

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 6KB

minATL
Size: 512B - Virtual size: 20B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB