Static task
static1
Behavioral task
behavioral1
Sample
crypt32.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
crypt32.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Target
crypt32.dll
Size
2.4MB
MD5
ebcccd9c28df6afcf23887063d72f849
SHA1
e9fbbf9a033acd656e420a38eae5d065e8315e7b
SHA256
e8f1d5ad06e05568db0fad2eb0aa3e87c0b8f664c2da46daedf154ad0f2dfa35
SHA512
e8fa7cf60d69d3f854d5aa8421664deba8641035038429193df4f0292e07b26e42d831cc3ac3be241b0e5c1f446ca42490bbfcbe572d71a3f9da917b22ef81c4
SSDEEP
49152:cplm5IPf4Wb93hmVi2Zg74uMXO58Yw806RsfytHra9qT:MA29xw7g749t4T
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
crypt32.pdb
_lock
_unlock
__dllonexit
_onexit
__C_specific_handler
strcmp
memset
memcpy
memcmp
atol
_initterm
malloc
free
_amsg_exit
_XcptFilter
qsort_s
_itoa_s
iswalnum
iswspace
toupper
_ultoa_s
memmove
_wcsicmp
wcsrchr
_ultow_s
_itow
wcsstr
_vsnwprintf
strncmp
_vsnprintf
isdigit
isupper
isxdigit
qsort
bsearch
_ltoa
strtoul
_ltow
iswalpha
wcstoul
wcschr
wcscmp
RegNotifyChangeKeyValue
RegQueryValueExA
RegEnumKeyExA
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegLoadMUIStringW
RegEnumKeyExW
RegSetValueExA
RegEnumValueW
RegOpenKeyExA
RegDeleteValueW
RegCreateKeyExA
RegDeleteKeyExW
RegGetKeySecurity
RegSetKeySecurity
RegCreateKeyExW
SetEvent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForMultipleObjectsEx
ReleaseSRWLockExclusive
Sleep
WaitForSingleObjectEx
WaitForSingleObject
ReleaseSRWLockShared
AcquireSRWLockShared
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
InitializeSRWLock
CreateEventA
InitializeCriticalSection
GetCommandLineA
GetEnvironmentVariableA
ExpandEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
SetThreadToken
SetThreadStackGuarantee
CreateThread
OpenThreadToken
ExitThread
TerminateProcess
OpenProcessToken
TlsGetValue
TlsFree
TlsSetValue
TlsAlloc
GetCurrentThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetVersionExA
GetSystemTime
GetSystemInfo
GetLocalTime
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetLengthSid
IsValidSid
CopySid
RevertToSelf
ImpersonateSelf
GetSidSubAuthorityCount
FreeSid
GetSidSubAuthority
SetFileSecurityW
GetSidIdentifierAuthority
GetFileSecurityW
AddAce
AddAccessAllowedAceEx
GetAclInformation
GetSecurityDescriptorDacl
AccessCheck
CheckTokenMembership
AllocateAndInitializeSid
GetTokenInformation
CheckTokenCapability
GetAce
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
AdjustTokenPrivileges
MakeSelfRelativeSD
SetSecurityDescriptorDacl
MakeAbsoluteSD
AddAccessAllowedAce
InitializeAcl
GetSecurityDescriptorSacl
EqualSid
DuplicateHandle
CloseHandle
FormatMessageW
IdnToUnicode
IdnToAscii
GetACP
OutputDebugStringA
FindFirstFileW
FindNextFileW
FindClose
FindNextChangeNotification
FindCloseChangeNotification
DeleteFileW
CompareFileTime
SetFilePointer
ReadFile
WriteFile
CreateFileW
FileTimeToLocalFileTime
SetEndOfFile
GetFileSize
FindFirstChangeNotificationW
GetFileAttributesExW
GetTempPathW
GetTempFileNameW
SetFileAttributesW
CreateDirectoryW
GetFileAttributesW
CreateFileA
FileTimeToSystemTime
SystemTimeToFileTime
LoadLibraryExW
GetModuleFileNameW
LoadStringW
FreeLibraryAndExitThread
FreeResource
LoadResource
SizeofResource
LockResource
GetModuleHandleW
FreeLibrary
GetProcAddress
GetTimeFormatA
GetDateFormatA
GetTimeFormatW
GetDateFormatW
MapViewOfFile
VirtualProtect
VirtualAlloc
UnmapViewOfFile
VirtualQuery
QueryFullProcessImageNameW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW
LocalFree
LocalAlloc
LocalSize
LocalReAlloc
CompareStringA
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
lstrlenW
lstrcmpiW
lstrcmpA
lstrlenA
UnregisterWaitEx
LoadLibraryA
FindResourceExA
CreateFileMappingA
GetComputerNameW
RegisterWaitForSingleObjectEx
UnregisterGPNotificationInternal
RegisterGPNotificationInternal
ASN1BERDecPeekTag
ASN1_CreateModule
ASN1DEREncOctetString
ASN1BERDecExplicitTag
ASN1BERDecMultibyteString
ASN1BERDecNotEndOfContents
ASN1_SetEncoderOption
ASN1_Decode
ASN1_Encode
ASN1objectidentifier2_cmp
ASN1BERDecObjectIdentifier2
ASN1BEREncObjectIdentifier2
ASN1BERDecOctetString
ASN1octetstring_free
ASN1open_free
ASN1BERDecOpenType
ASN1BERDecNull
ASN1BEREncU32
ASN1BERDecCharString
ASN1intx_free
ASN1charstring_free
ASN1BEREoid_free
ASN1_CloseModule
ASN1DEREncGeneralizedTime
ASN1BERDecEndOfContents
ASN1DEREncBeginBlk
ASN1DEREncCharString
ASN1DecSetError
ASN1DEREncBitString
ASN1BERDecOctetString2
ASN1char32string_free
ASN1DEREncFlushBlkElement
ASN1BERDecChar16String
ASN1BERDecUTF8String
ASN1BEREncSX
ASN1BEREncEndOfContents
ASN1BERDecGeneralizedTime
ASN1BEREncS32
ASN1BERDecEoid
ASN1DEREncNewBlkElement
ASN1DEREncEndBlk
ASN1char16string_free
ASN1EncSetError
ASN1BERDecZeroCharString
ASN1BEREncBool
ASN1BEREncExplicitTag
ASN1BERDecBool
ASN1BEREncRemoveZeroBits
ASN1BERDecOpenType2
ASN1DEREncMultibyteString
ASN1bitstring_free
ASN1BERDecBitString
ASN1DecRealloc
ASN1BEREncNull
ASN1BEREncEoid
ASN1_FreeDecoded
ASN1_FreeEncoded
ASN1_CloseEncoder
ASN1BERDecU16Val
ASN1BERDecS32Val
ASN1_CloseDecoder
ASN1_CreateEncoder
ASN1ztcharstring_free
ASN1BERDecU32Val
ASN1_CreateDecoder
ASN1BERDecSXVal
ASN1BEREoid2DotVal
ASN1Free
ASN1BERDecUTCTime
ASN1utf8string_free
ASN1DEREncUTF8String
ASN1DEREncChar16String
ASN1BERDecBitString2
ASN1BEREncOpenType
ASN1BERDecChar32String
ASN1DEREncChar32String
ASN1DEREncUTCTime
ASN1BERDotVal2Eoid
RtlImageNtHeader
RtlAllocateHeap
RtlFreeHeap
NtQueryInformationFile
EtwEventWriteFull
WinSqmIncrementDWORD
EtwEventUnregister
EvtIntReportEventAndSourceAsync
EtwEventRegister
RtlNtStatusToDosError
RtlFreeUnicodeString
RtlCreateUnicodeStringFromAsciiz
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
NtQueryObject
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
ShipAssert
ResolveDelayLoadedAPI
DelayLoadFailureHook
CertAddCRLContextToStore
CertAddCRLLinkToStore
CertAddCTLContextToStore
CertAddCTLLinkToStore
CertAddCertificateContextToStore
CertAddCertificateLinkToStore
CertAddEncodedCRLToStore
CertAddEncodedCTLToStore
CertAddEncodedCertificateToStore
CertAddEncodedCertificateToSystemStoreA
CertAddEncodedCertificateToSystemStoreW
CertAddEnhancedKeyUsageIdentifier
CertAddRefServerOcspResponse
CertAddRefServerOcspResponseContext
CertAddSerializedElementToStore
CertAddStoreToCollection
CertAlgIdToOID
CertCloseServerOcspResponse
CertCloseStore
CertCompareCertificate
CertCompareCertificateName
CertCompareIntegerBlob
CertComparePublicKeyInfo
CertControlStore
CertCreateCRLContext
CertCreateCTLContext
CertCreateCTLEntryFromCertificateContextProperties
CertCreateCertificateChainEngine
CertCreateCertificateContext
CertCreateContext
CertCreateSelfSignCertificate
CertDeleteCRLFromStore
CertDeleteCTLFromStore
CertDeleteCertificateFromStore
CertDuplicateCRLContext
CertDuplicateCTLContext
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertDuplicateStore
CertEnumCRLContextProperties
CertEnumCRLsInStore
CertEnumCTLContextProperties
CertEnumCTLsInStore
CertEnumCertificateContextProperties
CertEnumCertificatesInStore
CertEnumPhysicalStore
CertEnumSubjectInSortedCTL
CertEnumSystemStore
CertEnumSystemStoreLocation
CertFindAttribute
CertFindCRLInStore
CertFindCTLInStore
CertFindCertificateInCRL
CertFindCertificateInStore
CertFindChainInStore
CertFindExtension
CertFindRDNAttr
CertFindSubjectInCTL
CertFindSubjectInSortedCTL
CertFreeCRLContext
CertFreeCTLContext
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateChainList
CertFreeCertificateContext
CertFreeServerOcspResponseContext
CertGetCRLContextProperty
CertGetCRLFromStore
CertGetCTLContextProperty
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertGetIssuerCertificateFromStore
CertGetNameStringA
CertGetNameStringW
CertGetPublicKeyLength
CertGetServerOcspResponseContext
CertGetStoreProperty
CertGetSubjectCertificateFromStore
CertGetValidUsages
CertIsRDNAttrsInCertificateName
CertIsStrongHashToSign
CertIsValidCRLForCertificate
CertNameToStrA
CertNameToStrW
CertOIDToAlgId
CertOpenServerOcspResponse
CertOpenStore
CertOpenSystemStoreA
CertOpenSystemStoreW
CertRDNValueToStrA
CertRDNValueToStrW
CertRegisterPhysicalStore
CertRegisterSystemStore
CertRemoveEnhancedKeyUsageIdentifier
CertRemoveStoreFromCollection
CertResyncCertificateChainEngine
CertRetrieveLogoOrBiometricInfo
CertSaveStore
CertSelectCertificateChains
CertSerializeCRLStoreElement
CertSerializeCTLStoreElement
CertSerializeCertificateStoreElement
CertSetCRLContextProperty
CertSetCTLContextProperty
CertSetCertificateContextPropertiesFromCTLEntry
CertSetCertificateContextProperty
CertSetEnhancedKeyUsage
CertSetStoreProperty
CertStrToNameA
CertStrToNameW
CertUnregisterPhysicalStore
CertUnregisterSystemStore
CertVerifyCRLRevocation
CertVerifyCRLTimeValidity
CertVerifyCTLUsage
CertVerifyCertificateChainPolicy
CertVerifyRevocation
CertVerifySubjectCertificateContext
CertVerifyTimeValidity
CertVerifyValidityNesting
CryptAcquireCertificatePrivateKey
CryptBinaryToStringA
CryptBinaryToStringW
CryptCloseAsyncHandle
CryptCreateAsyncHandle
CryptCreateKeyIdentifierFromCSP
CryptDecodeMessage
CryptDecodeObject
CryptDecodeObjectEx
CryptDecryptAndVerifyMessageSignature
CryptDecryptMessage
CryptEncodeObject
CryptEncodeObjectEx
CryptEncryptMessage
CryptEnumKeyIdentifierProperties
CryptEnumOIDFunction
CryptEnumOIDInfo
CryptExportPKCS8
CryptExportPublicKeyInfo
CryptExportPublicKeyInfoEx
CryptExportPublicKeyInfoFromBCryptKeyHandle
CryptFindCertificateKeyProvInfo
CryptFindLocalizedName
CryptFindOIDInfo
CryptFormatObject
CryptFreeOIDFunctionAddress
CryptGetAsyncParam
CryptGetDefaultOIDDllList
CryptGetDefaultOIDFunctionAddress
CryptGetKeyIdentifierProperty
CryptGetMessageCertificates
CryptGetMessageSignerCount
CryptGetOIDFunctionAddress
CryptGetOIDFunctionValue
CryptHashCertificate
CryptHashCertificate2
CryptHashMessage
CryptHashPublicKeyInfo
CryptHashToBeSigned
CryptImportPKCS8
CryptImportPublicKeyInfo
CryptImportPublicKeyInfoEx
CryptImportPublicKeyInfoEx2
CryptInitOIDFunctionSet
CryptInstallDefaultContext
CryptInstallOIDFunctionAddress
CryptLoadSip
CryptMemAlloc
CryptMemFree
CryptMemRealloc
CryptMsgCalculateEncodedLength
CryptMsgClose
CryptMsgControl
CryptMsgCountersign
CryptMsgCountersignEncoded
CryptMsgDuplicate
CryptMsgEncodeAndSignCTL
CryptMsgGetAndVerifySigner
CryptMsgGetParam
CryptMsgOpenToDecode
CryptMsgOpenToEncode
CryptMsgSignCTL
CryptMsgUpdate
CryptMsgVerifyCountersignatureEncoded
CryptMsgVerifyCountersignatureEncodedEx
CryptObjectLocatorFree
CryptObjectLocatorGet
CryptObjectLocatorGetContent
CryptObjectLocatorGetUpdated
CryptObjectLocatorInitialize
CryptObjectLocatorIsChanged
CryptObjectLocatorRelease
CryptProtectData
CryptProtectMemory
CryptQueryObject
CryptRegisterDefaultOIDFunction
CryptRegisterOIDFunction
CryptRegisterOIDInfo
CryptRetrieveTimeStamp
CryptSIPAddProvider
CryptSIPCreateIndirectData
CryptSIPGetCaps
CryptSIPGetSealedDigest
CryptSIPGetSignedDataMsg
CryptSIPLoad
CryptSIPPutSignedDataMsg
CryptSIPRemoveProvider
CryptSIPRemoveSignedDataMsg
CryptSIPRetrieveSubjectGuid
CryptSIPRetrieveSubjectGuidForCatalogFile
CryptSIPVerifyIndirectData
CryptSetAsyncParam
CryptSetKeyIdentifierProperty
CryptSetOIDFunctionValue
CryptSignAndEncodeCertificate
CryptSignAndEncryptMessage
CryptSignCertificate
CryptSignMessage
CryptSignMessageWithKey
CryptStringToBinaryA
CryptStringToBinaryW
CryptUninstallDefaultContext
CryptUnprotectData
CryptUnprotectMemory
CryptUnregisterDefaultOIDFunction
CryptUnregisterOIDFunction
CryptUnregisterOIDInfo
CryptUpdateProtectedState
CryptVerifyCertificateSignature
CryptVerifyCertificateSignatureEx
CryptVerifyDetachedMessageHash
CryptVerifyDetachedMessageSignature
CryptVerifyMessageHash
CryptVerifyMessageSignature
CryptVerifyMessageSignatureWithKey
CryptVerifyTimeStampSignature
I_CertDiagControl
I_CertProtectFunction
I_CertSrvProtectFunction
I_CertSyncStore
I_CertUpdateStore
I_CryptAddRefLruEntry
I_CryptAddSmartCardCertToStore
I_CryptAllocTls
I_CryptCreateLruCache
I_CryptCreateLruEntry
I_CryptDetachTls
I_CryptDisableLruOfEntries
I_CryptEnableLruOfEntries
I_CryptEnumMatchingLruEntries
I_CryptFindLruEntry
I_CryptFindLruEntryData
I_CryptFindSmartCardCertInStore
I_CryptFlushLruCache
I_CryptFreeLruCache
I_CryptFreeTls
I_CryptGetAsn1Decoder
I_CryptGetAsn1Encoder
I_CryptGetDefaultCryptProv
I_CryptGetDefaultCryptProvForEncrypt
I_CryptGetFileVersion
I_CryptGetLruEntryData
I_CryptGetLruEntryIdentifier
I_CryptGetOssGlobal
I_CryptGetTls
I_CryptInsertLruEntry
I_CryptInstallAsn1Module
I_CryptInstallOssGlobal
I_CryptReadTrustedPublisherDWORDValueFromRegistry
I_CryptRegisterSmartCardStore
I_CryptReleaseLruEntry
I_CryptRemoveLruEntry
I_CryptSetTls
I_CryptTouchLruEntry
I_CryptUninstallAsn1Module
I_CryptUninstallOssGlobal
I_CryptUnregisterSmartCardStore
I_CryptWalkAllLruCacheEntries
I_PFXImportCertStoreEx
PFXExportCertStore
PFXExportCertStore2
PFXExportCertStoreEx
PFXImportCertStore
PFXIsPFXBlob
PFXVerifyPassword
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ