cryptext[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

cryptext.dll
Size

66KB
MD5

2514bea59af7f4593f1ca3b2e4f29153
SHA1

d3ba93bbfd86ff921485f576d609218de961b5d1
SHA256

dc8c8143c69999d0ae6284d23802cf7448e024c055201cd2b50be1092b528f07
SHA512

699f3478e83a83bf9bec865901136c6f8431d101b4a6af4efca7677b54249bd125eea0c46f32a2198265c5bc2aaffbcc1cd33406a620a8dd2b8e52eee5c4a94a
SSDEEP

1536:/SJ9Sw9nKCpXImUdionoPpA859367SLnmDt4bhXC:6J5nKSImUdYdE7SLmDt4b4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cryptext.dll

Files

cryptext.dll
.dll regsvr32 windows:6 windows x64 arch:x64

0f1711be215658a492b4943915cc603b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cryptext.pdb

Imports

msvcrt

memset
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_wtol
_vsnwprintf
_wcsicmp
realloc
malloc
free
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
strcmp

crypt32

CryptMsgClose
CryptStringToBinaryA
CryptMsgGetParam
CertFreeCTLContext
CertCloseStore
CertFreeCertificateContext
CertFreeCRLContext
CryptQueryObject

cryptui

CryptUIGetViewSignaturesPagesW
CryptUIDlgViewCTLA
CryptUIWizImportInternal
CryptUIDlgViewCRLW
CryptUIDlgViewCRLA
CryptUIFreeViewSignaturesPagesW
CryptUIDlgViewCertificateA
CryptUIWizImport

shell32

CommandLineToArgvW
DragQueryFileW
ShellExecuteW

user32

MessageBoxW
GetActiveWindow
CharNextA
GetMenuDefaultItem
LoadStringW
SetMenuDefaultItem
InsertMenuW
SetMenuItemInfoA

kernel32

SetLastError
GetProcAddress
OutputDebugStringA
FindActCtxSectionStringW
GetFileAttributesW
GetFileSize
FindResourceA
MapViewOfFile
UnmapViewOfFile
VirtualQuery
lstrcpynA
FreeLibrary
LoadResource
GetCurrentProcess
WideCharToMultiByte
SizeofResource
HeapDestroy
LeaveCriticalSection
MultiByteToWideChar
DeactivateActCtx
lstrcmpiA
VirtualAlloc
EnterCriticalSection
LoadLibraryA
CreateFileMappingA
GetSystemInfo
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
VirtualProtect
GetCurrentThreadId
GetVersionExA
CloseHandle
lstrcpyA
GetModuleFileNameW
FormatMessageW
CreateFileW
LocalAlloc
LocalFree
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
LoadLibraryW
ActivateActCtx
CreateActCtxW
QueryActCtxW
GetModuleHandleExW
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
GetLastError
GetSystemDirectoryW

ole32

CoInitialize
StringFromGUID2
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
ReleaseStgMedium

oleaut32

SysFreeString
RegisterTypeLi
VarI4FromStr
LoadTypeLi
SysAllocStringByteLen

advapi32

RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExA

Exports

Exports

CryptExtAddCER
CryptExtAddCERMachineOnlyAndHwndW
CryptExtAddCERW
CryptExtAddCRL
CryptExtAddCRLW
CryptExtAddCTL
CryptExtAddCTLW
CryptExtAddP7R
CryptExtAddP7RW
CryptExtAddPFX
CryptExtAddPFXMachineOnlyAndHwndW
CryptExtAddPFXW
CryptExtAddSPC
CryptExtAddSPCW
CryptExtOpenCAT
CryptExtOpenCATW
CryptExtOpenCER
CryptExtOpenCERW
CryptExtOpenCRL
CryptExtOpenCRLW
CryptExtOpenCTL
CryptExtOpenCTLW
CryptExtOpenP7R
CryptExtOpenP7RW
CryptExtOpenPKCS7
CryptExtOpenPKCS7W
CryptExtOpenSTR
CryptExtOpenSTRW
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
I_InvokeCommand

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f1711be215658a492b4943915cc603b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

crypt32

cryptui

shell32

user32

kernel32

ole32

oleaut32

advapi32

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 48KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 2KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 1024B - Virtual size: 740B

.text
Size: 49KB - Virtual size: 48KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1024B - Virtual size: 740B