cryptuiwizard[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

cryptuiwizard.dll
Size

372KB
MD5

09da1d7df80af867c9924172e878b3af
SHA1

7cb0fb73ba3f8db3fdbc00c3a6d6f022c0751589
SHA256

8dd6e57afe613c2c01060d8c11acc23b7b629e164e846f13b0c94f9061278e0c
SHA512

a09520626a2132db57bbd4297e7c889dbb66912f946d84f6860cd4cfc0a60e01a0965a1e6f4f396a36d8bf11fa9568aebc03449e18e14f3b8f97f598a7ca510a
SSDEEP

3072:MnKdsjZUBWvAfWQUdJZl27gVeaxk52+j5Qo:8DWJ5UdJDVeaZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cryptuiwizard.dll

Files

cryptuiwizard.dll
.dll windows:6 windows x64 arch:x64

8372ef310404d0e6f4ee9d30478fd998

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cryptuiwizard.pdb

Imports

msvcrt

memcmp
memcpy
memset
_XcptFilter
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_wcsicmp
_vsnwprintf
iswprint
_wtol
_ltow
_wcsnicmp
_itow
??3@YAXPEAX@Z
wcschr
_swab
strtoul
strcmp

cryptui

FormatDateStringAutoLayout
InvokeHelpLink
AddChainToStore
MyFormatEnhancedKeyUsageString
CryptUIDlgViewCertificateA
CryptUIDlgSelectCertificateA
CryptUIDlgSelectStoreA
GetUnknownErrorString
CompareCertificate
CommonInit
DisplayHtmlHelp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmIncrementDWORD

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

crypt32

PFXImportCertStore
CryptQueryObject
CryptBinaryToStringW
CertAddCRLContextToStore
CertEnumCTLsInStore
CertGetCRLFromStore
CertFindCTLInStore
PFXVerifyPassword
CryptFindCertificateKeyProvInfo
CertGetEnhancedKeyUsage
CertFindCRLInStore
CertFreeCRLContext
CryptStringToBinaryA
CertEnumCertificateContextProperties
CryptDecodeObject
PFXExportCertStoreEx
CertSaveStore
CryptBinaryToStringA
CryptAcquireCertificatePrivateKey
CertSetCertificateContextProperty
CertVerifyTimeValidity
CryptFindOIDInfo
CertAddCTLContextToStore
CryptFormatObject
CryptMsgEncodeAndSignCTL
CertGetNameStringW
CertGetValidUsages
CertOpenStore
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CertGetCertificateContextProperty
CertGetCTLContextProperty
CertSetCTLContextProperty
CertGetStoreProperty
CertEnumCertificatesInStore
CertFreeCTLContext
CertEnumSystemStore
CertDuplicateCertificateContext
CertCreateCTLContext
CryptEnumOIDInfo
CryptEncodeObject
CryptDecodeObjectEx
CertFindExtension
CertAddCertificateContextToStore
CryptSIPRetrieveSubjectGuid

advapi32

LookupAccountNameW
ConvertSidToStringSidW

user32

LoadStringA
GetDC
SystemParametersInfoW
ReleaseDC
InvalidateRect
ShowWindow
SendMessageW
LoadImageW
RegisterClipboardFormatA
DestroyIcon
SendDlgItemMessageW
GetWindowLongPtrA
SendDlgItemMessageA
DialogBoxParamW
GetParent
SetFocus
SendMessageA
GetDlgItem
EndDialog
LoadStringW
SetWindowLongPtrA
PostMessageA
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemTextA
SetWindowTextW
MessageBoxExW
EnableWindow

secur32

GetUserNameExW

gdi32

CreateFontIndirectW
DeleteObject
GetDeviceCaps

certenroll

ord41
ord42

kernel32

GetFileSize
DelayLoadFailureHook
DeleteFileW
lstrcmpiW
ResolveDelayLoadedAPI
LocalAlloc
GetCurrentDirectoryW
GlobalUnlock
LocalReAlloc
GlobalLock
GetSystemDirectoryW
WideCharToMultiByte
ReadFile
CreateFileW
GetACP
GetModuleHandleA
ExpandEnvironmentStringsW
DeactivateActCtx
MultiByteToWideChar
GetModuleFileNameW
OutputDebugStringA
FileTimeToSystemTime
FormatMessageW
LoadLibraryW
ActivateActCtx
CreateActCtxW
QueryActCtxW
WriteFile
GetModuleHandleExW
SystemTimeToFileTime
FreeLibrary
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
SetLastError
GetProcAddress
LoadLibraryA
LocalFree
FindActCtxSectionStringW
GetFileType
CloseHandle
GetLastError

Exports

Exports

CryptUIWizBuildCTL
CryptUIWizDigitalSign
CryptUIWizExport
CryptUIWizFreeDigitalSignContext
CryptUIWizImport
CryptUIWizImportInternal
DllMain
GetFunctionTable

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8372ef310404d0e6f4ee9d30478fd998

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

cryptui

ntdll

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-2

crypt32

advapi32

user32

secur32

gdi32

certenroll

kernel32

Exports

Exports

Sections

.text Size: 103KB - Virtual size: 102KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.idata Size: 7KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 344B

.rsrc Size: 257KB - Virtual size: 256KB

.reloc Size: 512B - Virtual size: 152B

.text
Size: 103KB - Virtual size: 102KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.idata
Size: 7KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 344B

.rsrc
Size: 257KB - Virtual size: 256KB

.reloc
Size: 512B - Virtual size: 152B