PCPKsp[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PCPKsp.dll
Size

749KB
MD5

0cbbcdaf58d19533d5b7d219a8b78d97
SHA1

d710bf8df67061376dadcc87445e9c07bd26b51d
SHA256

6b0039cda4e3da97e40d446519e1efb2b7dae7e12947a3d34608331750f057df
SHA512

1808fa4cab0dfbcaebffa4816ccbf831b3928ee7cfdbb6ac09f9ab849ab92143151d1ff9ad7b61b278ffeb6f7051f7615cea5b6218de58ae01859ee7fdc674d3
SSDEEP

12288:fJBvX0vocTcQ4ZdwTY1+/VUIao1+5+Fuytzu2Ehj/jmUe:zX0vocwQ4ZC8M1hF7tzEhj/qUe

Score

1^/10

Malware Config

Signatures

Files

PCPKsp.dll
.dll windows:10 windows x86 arch:x86

997720f650d3a3ee3cb85fc80f51aed5

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:33:34:17:a1:7c:d4:7b:47:8e:0b:31:3d:ff:8a:aa:0c:be:57:f7:65:75:fb:e8:fc:a7:d8:cf:61:7b:ba:c3
Signer

Actual PE Digest

f0:33:34:17:a1:7c:d4:7b:47:8e:0b:31:3d:ff:8a:aa:0c:be:57:f7:65:75:fb:e8:fc:a7:d8:cf:61:7b:ba:c3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PCPKsp.pdb

Imports

msvcrt

_vsnprintf_s
memmove_s
srand
??0exception@@QAE@XZ
time
rand
strncmp
??1exception@@UAE@XZ
wcsncmp
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
?what@exception@@UBEPBDXZ
_CxxThrowException
memcpy
memmove
??0exception@@QAE@ABV0@@Z
_XcptFilter
_purecall
memcpy_s
_amsg_exit
free
malloc
_vsnwprintf
_initterm
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler4_common
memcmp
__CxxFrameHandler3
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
FreeLibrary
GetModuleHandleExW
GetProcAddress
LoadStringW
GetModuleFileNameA
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateMutexExW
LeaveCriticalSection
OpenSemaphoreW
CreateSemaphoreExW
DeleteCriticalSection
WaitForSingleObjectEx
AcquireSRWLockShared
AcquireSRWLockExclusive
InitializeSRWLock
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
EnterCriticalSection
InitializeCriticalSectionEx
InitializeCriticalSection
WaitForSingleObject
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThread
OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
OpenThreadToken
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumValueW
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventActivityIdControl
EventUnregister
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
IsWow64Process

bcrypt

BCryptUnregisterProvider
BCryptFinishHash
BCryptDestroyHash
BCryptSetProperty
BCryptExportKey
BCryptFinalizeKeyPair
BCryptCreateHash
BCryptGenerateKeyPair
BCryptHash
BCryptOpenAlgorithmProvider
BCryptEncrypt
BCryptVerifySignature
BCryptRegisterProvider
BCryptDecrypt
BCryptImportKeyPair
BCryptGenerateSymmetricKey
BCryptKeyDerivation
BCryptGenRandom
BCryptDeriveKey
BCryptDestroySecret
BCryptSecretAgreement
BCryptHashData
BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptGetProperty

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree

rpcrt4

UuidCreate

api-ms-win-core-file-l1-1-0

FindClose
CompareFileTime
CreateFileW
GetFileTime
GetFileAttributesW
DeleteFileW
CreateDirectoryW
GetFileAttributesExW
GetFileSize
ReadFile
WriteFile
FlushFileBuffers
FindNextFileW
FindFirstFileW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
GetTokenInformation
GetSecurityDescriptorSacl
GetSecurityDescriptorLength
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner

crypt32

CertFreeCertificateContext
CryptProtectData
CertOpenStore
CertCloseStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertSetCertificateContextProperty
CertCreateCertificateContext
CertCreateContext
CryptUnprotectData

ncrypt

NCryptGetProperty
NCryptOpenStorageProvider
NCryptSignHash
NCryptFreeObject
NCryptDeleteKey
NCryptExportKey
NCryptFinalizeKey
NCryptSetProperty
NCryptImportKey

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetNamedSecurityInfoW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

ntdll

RtlNtStatusToDosError
RtlGetPersistedStateLocation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllInstall
DllMain
DllUnregisterServer
GetKeyStorageInterface

Sections

.text
Size: 694KB - Virtual size: 693KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

997720f650d3a3ee3cb85fc80f51aed5

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

f0:33:34:17:a1:7c:d4:7b:47:8e:0b:31:3d:ff:8a:aa:0c:be:57:f7:65:75:fb:e8:fc:a7:d8:cf:61:7b:ba:c3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-wow64-l1-1-0

bcrypt

api-ms-win-core-heap-l2-1-0

api-ms-win-core-com-l1-1-0

rpcrt4

api-ms-win-core-file-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-security-base-l1-1-0

crypt32

ncrypt

api-ms-win-core-profile-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-registry-l2-1-0

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 694KB - Virtual size: 693KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 7KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 52B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 27KB

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

f0:33:34:17:a1:7c:d4:7b:47:8e:0b:31:3d:ff:8a:aa:0c:be:57:f7:65:75:fb:e8:fc:a7:d8:cf:61:7b:ba:c3
Signer

.text
Size: 694KB - Virtual size: 693KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 7KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 52B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 27KB