CryptoWinRT[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

CryptoWinRT.dll
Size

241KB
MD5

30a0b6dcffd3027fe270b094a9c976d2
SHA1

d675ac2b6eae657d9b1ca971fad15f7c3e46435d
SHA256

26c3fd392ea2b759592e3573154611e92234b613c0a5c4fc4f2c5a68e6f8c0a7
SHA512

153d3167b0f14cc333102694ed41ff1944ab177b6f96cb43788f0aabbadd7c723c0a4cb11720b462661a92285c2d9cf04c25b34f52eb596d454265fc31119747
SSDEEP

3072:ZBwllMeLkSBV8f3sCxUQZ85Keq6xz0r0GF1dcaIDxsvJN4dE2JfIy//DYxUwe2po:wAzEC96VK0GdiDxwJQpOTKt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CryptoWinRT.dll

Files

CryptoWinRT.dll
.dll windows:6 windows x64 arch:x64

c41c018db65b8cc6419b40fada1f4334

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CryptoWinRT.pdb

Imports

msvcrt

_XcptFilter
_purecall
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
memcmp
__C_specific_handler
memcpy
_initterm
malloc
free
_amsg_exit
memset
wcscmp

bcrypt

BCryptEncrypt
BCryptGenerateKeyPair
BCryptVerifySignature
BCryptCloseAlgorithmProvider
BCryptDecrypt
BCryptFinalizeKeyPair
BCryptImportKeyPair
BCryptDestroyKey
BCryptSignHash
BCryptGetProperty
BCryptDestroyHash
BCryptHashData
BCryptFinishHash
BCryptCreateHash
BCryptKeyDerivation
BCryptExportKey
BCryptSetProperty
BCryptGenRandom
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider

ncrypt

NCryptOpenStorageProvider
NCryptSetProperty
NCryptFinalizeKey
NCryptFreeObject
NCryptImportKey
NCryptExportKey
NCryptCreateProtectionDescriptor
NCryptProtectSecret
NCryptStreamClose
NCryptCloseProtectionDescriptor
NCryptStreamUpdate
NCryptStreamOpenToProtect
NCryptEncrypt
NCryptVerifySignature
NCryptSignHash
NCryptDecrypt
NCryptGetProperty
NCryptStreamOpenToUnprotect
NCryptUnprotectSecret

ntdll

LdrDisableThreadCalloutsForDll
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwTraceMessage
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwGetTraceLoggerHandle
RtlCaptureContext
RtlLookupFunctionEntry
RtlFreeHeap
RtlAllocateHeap
RtlImageNtHeader
wcsncmp
RtlVirtualUnwind
RtlNtStatusToDosError
RtlCompareMemory

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExW
GetModuleFileNameW

rpcrt4

NdrStubForwardingFunction
NdrOleFree
IUnknown_QueryInterface_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrDllGetClassObject
CStdStubBuffer_CountRefs
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_AddRef
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
NdrStubCall3
IUnknown_AddRef_Proxy
CStdStubBuffer_Connect
IUnknown_Release_Proxy
NdrCStdStubBuffer2_Release
CStdStubBuffer_DebugServerRelease

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDuplicateString
WindowsDeleteStringBuffer
HSTRING_UserSize64
WindowsCreateStringReference
WindowsDeleteString
WindowsPreallocateStringBuffer
HSTRING_UserFree
WindowsIsStringEmpty
HSTRING_UserSize
HSTRING_UserMarshal64
HSTRING_UserUnmarshal64
HSTRING_UserUnmarshal
HSTRING_UserFree64
WindowsStringHasEmbeddedNull
WindowsPromoteStringBuffer
WindowsGetStringRawBuffer
HSTRING_UserMarshal

api-ms-win-core-synch-l1-2-0

Sleep
WaitForSingleObject
AcquireSRWLockShared
InitializeSRWLock
InitOnceExecuteOnce
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
CreateEventExW
SetEvent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
GetCurrentProcessId
SetThreadStackGuarantee
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-2-1

GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter

api-ms-win-core-com-l1-1-1

CoTaskMemFree
CoGetApartmentType
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoWaitForMultipleHandles

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
RoTransformError
RoOriginateError
RoOriginateErrorW

crypt32

CryptDecodeObjectEx
CryptAcquireCertificatePrivateKey
CertFreeCertificateContext
CryptExportPublicKeyInfoFromBCryptKeyHandle
CryptEncodeObjectEx
CryptImportPublicKeyInfoEx2

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-core-memory-l1-1-2

VirtualQuery
VirtualAlloc
VirtualProtect

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

combase

ord23
ord5
ord13
ord33
ord12
ord10
ord9
ord8
ord11
ord19
ord34
ord15
ord32
ord6
ord16
ord7
ord14
ord22
ord21
ord17
ord2
ord18
ord20

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c41c018db65b8cc6419b40fada1f4334

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

bcrypt

ncrypt

ntdll

api-ms-win-core-libraryloader-l1-2-0

rpcrt4

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

crypt32

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-threadpool-legacy-l1-1-0

combase

api-ms-win-core-winrt-robuffer-l1-1-0

Exports

Exports

Sections

.text Size: 210KB - Virtual size: 210KB

.orpc Size: 512B - Virtual size: 494B

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 6KB - Virtual size: 5KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 210KB - Virtual size: 210KB

.orpc
Size: 512B - Virtual size: 494B

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 6KB - Virtual size: 5KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 10KB - Virtual size: 9KB