credssp[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

credssp.dll
Size

22KB
MD5

939ee13f97e0e27b17cd7a21e7bdfe8b
SHA1

2d428627c45646824169803a49708a856ffc0c0d
SHA256

7ee5b7d9d4cf7dd4ead7e0d44e45f27ab41a1b39354c519cc59a1f6dd891a2e3
SHA512

8a2031266d99c843c94186ee1987cf2c6ad5359723c87f0ff6ba945e96250124ad700c6fdda7f2d67009d4f03df4f220ecbb5b5920d377e0eff3a21b7e75d645
SSDEEP

384:h1D6q0ngEHwWGHEfV2TZ6+xs2krxNmqPi32nQXggPJ+WwRW:h1FCO6Cs2FsgPu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
credssp.dll

Files

credssp.dll
.dll windows:6 windows x64 arch:x64

a891f75728c684731e03813832420156

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

credssp.pdb

Imports

msvcrt

memcpy
wcscpy_s
_XcptFilter
_amsg_exit
memmove
free
_wcsicmp
malloc
_initterm
__C_specific_handler
_wcsnicmp
wcsncpy_s
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

sspicli

FreeContextBuffer
QuerySecurityPackageInfoW
InitializeSecurityContextW
SetCredentialsAttributesW
AcquireCredentialsHandleW
EncryptMessage
QueryContextAttributesW
ImpersonateSecurityContext
MakeSignature
VerifySignature
FreeCredentialsHandle
DecryptMessage
ApplyControlToken
AcceptSecurityContext
QuerySecurityContextToken
DeleteSecurityContext
RevertSecurityContext

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

ntasn1

ord37

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

InitSecurityInterfaceW
SpAcceptSecurityContext
SpAcquireCredentialsHandleW
SpAddCredentialsW
SpApplyControlToken
SpChangeAccountPasswordW
SpCompleteAuthToken
SpDecryptMessage
SpDeleteSecurityContext
SpEncryptMessage
SpEnumerateSecurityPackagesW
SpExportSecurityContext
SpFreeContextBuffer
SpFreeCredentialsHandle
SpImpersonateSecurityContext
SpImportSecurityContextW
SpInitializeSecurityContextW
SpMakeSignature
SpQueryContextAttributesW
SpQueryCredentialsAttributesW
SpQuerySecurityContextToken
SpQuerySecurityPackageInfoW
SpRevertSecurityContext
SpSetContextAttributesW
SpSetCredentialsAttributesW
SpVerifySignature

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a891f75728c684731e03813832420156

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

sspicli

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-heap-obsolete-l1-1-0

ntasn1

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 432B

.idata Size: 2KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 40B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 60B

.text
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 432B

.idata
Size: 2KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 40B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 60B