ScreenShot
| Created | 2025.01.08 13:51 | Machine | s1_win7_x6403 |
| Filename | sspicli.dll | ||
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 109ff3fb0cefd81e8073175171cb3b4b | ||
| sha256 | 7498a07f903486473cce83fbf16b88009765af98326e1ebef4c48f103b874f65 | ||
| ssdeep | 6144:PIbAH0XjiXhSn08+uQg934kr3wcjOgLTxFN:P1H0XjiXhSn08UeUgL | ||
| imphash | fc038fb8a9f9f5d46d7cfe8ea3607fdc | ||
| impfuzzy | 24:3ycDoYS1o0qtuVlJnc+pl39/CuYomDSOovbO9ZWqv2Z/GMA:fS1YtuFc+ppQuY1J3Tr | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | Uses Sysinternals tools in order to add additional command line functionality |
| notice | Uses Windows utilities for basic Windows functionality |
| info | Checks if process is being debugged by a debugger |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x18003d000 CreateFileA
0x18003d008 GetFileSize
0x18003d010 ReadFile
0x18003d018 CloseHandle
0x18003d020 VirtualAlloc
0x18003d028 VirtualProtect
0x18003d030 VirtualFree
0x18003d038 GetProcAddress
0x18003d040 LoadLibraryW
0x18003d048 CreateFileW
0x18003d050 QueryPerformanceCounter
0x18003d058 GetCurrentProcessId
0x18003d060 GetCurrentThreadId
0x18003d068 GetSystemTimeAsFileTime
0x18003d070 InitializeSListHead
0x18003d078 RtlCaptureContext
0x18003d080 RtlLookupFunctionEntry
0x18003d088 RtlVirtualUnwind
0x18003d090 IsDebuggerPresent
0x18003d098 UnhandledExceptionFilter
0x18003d0a0 SetUnhandledExceptionFilter
0x18003d0a8 GetStartupInfoW
0x18003d0b0 IsProcessorFeaturePresent
0x18003d0b8 GetModuleHandleW
0x18003d0c0 GetCurrentProcess
0x18003d0c8 TerminateProcess
0x18003d0d0 RtlUnwindEx
0x18003d0d8 InterlockedFlushSList
0x18003d0e0 GetLastError
0x18003d0e8 SetLastError
0x18003d0f0 EnterCriticalSection
0x18003d0f8 LeaveCriticalSection
0x18003d100 DeleteCriticalSection
0x18003d108 InitializeCriticalSectionAndSpinCount
0x18003d110 TlsAlloc
0x18003d118 TlsGetValue
0x18003d120 TlsSetValue
0x18003d128 TlsFree
0x18003d130 FreeLibrary
0x18003d138 LoadLibraryExW
0x18003d140 EncodePointer
0x18003d148 RaiseException
0x18003d150 RtlPcToFileHeader
0x18003d158 ExitProcess
0x18003d160 GetModuleHandleExW
0x18003d168 GetModuleFileNameW
0x18003d170 HeapAlloc
0x18003d178 HeapSize
0x18003d180 HeapValidate
0x18003d188 GetSystemInfo
0x18003d190 FindClose
0x18003d198 FindFirstFileExW
0x18003d1a0 FindNextFileW
0x18003d1a8 IsValidCodePage
0x18003d1b0 GetACP
0x18003d1b8 GetOEMCP
0x18003d1c0 GetCPInfo
0x18003d1c8 GetCommandLineA
0x18003d1d0 GetCommandLineW
0x18003d1d8 MultiByteToWideChar
0x18003d1e0 WideCharToMultiByte
0x18003d1e8 GetEnvironmentStringsW
0x18003d1f0 FreeEnvironmentStringsW
0x18003d1f8 FlsAlloc
0x18003d200 FlsGetValue
0x18003d208 FlsSetValue
0x18003d210 FlsFree
0x18003d218 LCMapStringW
0x18003d220 GetProcessHeap
0x18003d228 GetStdHandle
0x18003d230 GetFileType
0x18003d238 HeapFree
0x18003d240 HeapReAlloc
0x18003d248 HeapQueryInformation
0x18003d250 WriteFile
0x18003d258 OutputDebugStringW
0x18003d260 WriteConsoleW
0x18003d268 GetStringTypeW
0x18003d270 SetStdHandle
0x18003d278 SetFilePointerEx
0x18003d280 FlushFileBuffers
0x18003d288 GetConsoleOutputCP
0x18003d290 GetConsoleMode
EAT(Export Address Table) Library
0x18004f9bc AcceptSecurityContext
0x18004fa0c AcquireCredentialsHandleA
0x18004fa60 AcquireCredentialsHandleW
0x18004faaa AddCredentialsA
0x18004faea AddCredentialsW
0x18004fb2e AddSecurityPackageA
0x18004fb76 AddSecurityPackageW
0x18004fbbc ApplyControlToken
0x18004fc05 ChangeAccountPasswordA
0x18004fc53 ChangeAccountPasswordW
0x18004fc9c CompleteAuthToken
0x18004fce4 CredMarshalTargetInfo
0x18004fd32 CredUnmarshalTargetInfo
0x18004fd79 DecryptMessage
0x18004fdbe DeleteSecurityContext
0x18004fe0b DeleteSecurityPackageA
0x18004fe59 DeleteSecurityPackageW
0x18004fe9f EncryptMessage
0x18004fee9 EnumerateSecurityPackagesA
0x18004ff3f EnumerateSecurityPackagesW
0x18004ff90 ExportSecurityContext
0x18004ffd8 FreeContextBuffer
0x180050020 FreeCredentialsHandle
0x18005006a GetSecurityUserInfo
0x1800500ad GetUserNameExA
0x180001010 GetUserNameExW
0x180050106 ImpersonateSecurityContext
0x180050158 ImportSecurityContextA
0x1800501a6 ImportSecurityContextW
0x1800501f4 InitSecurityInterfaceA
0x180050242 InitSecurityInterfaceW
0x180050294 InitializeSecurityContextA
0x1800502ea InitializeSecurityContextW
0x180050334 LogonUserExExW
0x180050380 LsaCallAuthenticationPackage
0x1800503d1 LsaConnectUntrusted
0x18005041f LsaDeregisterLogonProcess
0x180050473 LsaEnumerateLogonSessions
0x1800504c1 LsaFreeReturnBuffer
0x18005050c LsaGetLogonSessionData
0x180050550 LsaLogonUser
0x18005059c LsaLookupAuthenticationPackage
0x1800505f3 LsaRegisterLogonProcess
0x18005064f LsaRegisterPolicyChangeNotification
0x1800506b9 LsaUnregisterPolicyChangeNotification
0x18005070d MakeSignature
0x180050753 QueryContextAttributesA
0x1800507a5 QueryContextAttributesExA
0x1800507f9 QueryContextAttributesExW
0x18005084b QueryContextAttributesW
0x18005089f QueryCredentialsAttributesA
0x1800508f9 QueryCredentialsAttributesExA
0x180050955 QueryCredentialsAttributesExW
0x1800509af QueryCredentialsAttributesW
0x180050a05 QuerySecurityContextToken
0x180050a59 QuerySecurityPackageInfoA
0x180050aad QuerySecurityPackageInfoW
0x180050afd RevertSecurityContext
0x180050b4d SaslAcceptSecurityContext
0x180050b9e SaslEnumerateProfilesA
0x180050bec SaslEnumerateProfilesW
0x180050c38 SaslGetContextOption
0x180050c84 SaslGetProfilePackageA
0x180050cd2 SaslGetProfilePackageW
0x180050d1e SaslIdentifyPackageA
0x180050d68 SaslIdentifyPackageW
0x180050dbc SaslInitializeSecurityContextA
0x180050e1a SaslInitializeSecurityContextW
0x180050e6e SaslSetContextOption
0x180050eaf SealMessage
0x180050ef0 SecCacheSspiPackages
0x180050f3e SecDeleteUserModeContext
0x180050f8e SecInitUserModeContext
0x180050fe1 SeciAllocateAndSetCallFlags
0x18005103a SeciAllocateAndSetCallTarget
0x180051093 SeciAllocateAndSetIPAddress
0x1800510e3 SeciFreeCallContext
0x18005112b SeciIsProtectedUser
0x180051175 SetContextAttributesA
0x1800511c1 SetContextAttributesW
0x180051211 SetCredentialsAttributesA
0x180051265 SetCredentialsAttributesW
0x1800512b9 SspiCompareAuthIdentities
0x180051308 SspiCopyAuthIdentity
0x180051355 SspiDecryptAuthIdentity
0x1800513a7 SspiDecryptAuthIdentityEx
0x180051401 SspiEncodeAuthIdentityAsStrings
0x180051461 SspiEncodeStringsAsAuthIdentity
0x1800514b9 SspiEncryptAuthIdentity
0x18005150b SspiEncryptAuthIdentityEx
0x180051558 SspiExcludePackage
0x1800515a0 SspiFreeAuthIdentity
0x1800515ef SspiGetComputerNameForSPN
0x18005163f SspiGetTargetHostName
0x180051691 SspiIsAuthIdentityEncrypted
0x1800516db SspiLocalFree
0x180051721 SspiMarshalAuthIdentity
0x180051770 SspiPrepareForCredRead
0x1800517bf SspiPrepareForCredWrite
0x180051812 SspiSetChannelBindingFlags
0x180051867 SspiUnmarshalAuthIdentity
0x1800518c3 SspiUnmarshalAuthIdentityInternal
0x18005191e SspiValidateAuthIdentity
0x18005196c SspiZeroAuthIdentity
0x1800519af UnsealMessage
0x1800519ed VerifySignature
KERNEL32.dll
0x18003d000 CreateFileA
0x18003d008 GetFileSize
0x18003d010 ReadFile
0x18003d018 CloseHandle
0x18003d020 VirtualAlloc
0x18003d028 VirtualProtect
0x18003d030 VirtualFree
0x18003d038 GetProcAddress
0x18003d040 LoadLibraryW
0x18003d048 CreateFileW
0x18003d050 QueryPerformanceCounter
0x18003d058 GetCurrentProcessId
0x18003d060 GetCurrentThreadId
0x18003d068 GetSystemTimeAsFileTime
0x18003d070 InitializeSListHead
0x18003d078 RtlCaptureContext
0x18003d080 RtlLookupFunctionEntry
0x18003d088 RtlVirtualUnwind
0x18003d090 IsDebuggerPresent
0x18003d098 UnhandledExceptionFilter
0x18003d0a0 SetUnhandledExceptionFilter
0x18003d0a8 GetStartupInfoW
0x18003d0b0 IsProcessorFeaturePresent
0x18003d0b8 GetModuleHandleW
0x18003d0c0 GetCurrentProcess
0x18003d0c8 TerminateProcess
0x18003d0d0 RtlUnwindEx
0x18003d0d8 InterlockedFlushSList
0x18003d0e0 GetLastError
0x18003d0e8 SetLastError
0x18003d0f0 EnterCriticalSection
0x18003d0f8 LeaveCriticalSection
0x18003d100 DeleteCriticalSection
0x18003d108 InitializeCriticalSectionAndSpinCount
0x18003d110 TlsAlloc
0x18003d118 TlsGetValue
0x18003d120 TlsSetValue
0x18003d128 TlsFree
0x18003d130 FreeLibrary
0x18003d138 LoadLibraryExW
0x18003d140 EncodePointer
0x18003d148 RaiseException
0x18003d150 RtlPcToFileHeader
0x18003d158 ExitProcess
0x18003d160 GetModuleHandleExW
0x18003d168 GetModuleFileNameW
0x18003d170 HeapAlloc
0x18003d178 HeapSize
0x18003d180 HeapValidate
0x18003d188 GetSystemInfo
0x18003d190 FindClose
0x18003d198 FindFirstFileExW
0x18003d1a0 FindNextFileW
0x18003d1a8 IsValidCodePage
0x18003d1b0 GetACP
0x18003d1b8 GetOEMCP
0x18003d1c0 GetCPInfo
0x18003d1c8 GetCommandLineA
0x18003d1d0 GetCommandLineW
0x18003d1d8 MultiByteToWideChar
0x18003d1e0 WideCharToMultiByte
0x18003d1e8 GetEnvironmentStringsW
0x18003d1f0 FreeEnvironmentStringsW
0x18003d1f8 FlsAlloc
0x18003d200 FlsGetValue
0x18003d208 FlsSetValue
0x18003d210 FlsFree
0x18003d218 LCMapStringW
0x18003d220 GetProcessHeap
0x18003d228 GetStdHandle
0x18003d230 GetFileType
0x18003d238 HeapFree
0x18003d240 HeapReAlloc
0x18003d248 HeapQueryInformation
0x18003d250 WriteFile
0x18003d258 OutputDebugStringW
0x18003d260 WriteConsoleW
0x18003d268 GetStringTypeW
0x18003d270 SetStdHandle
0x18003d278 SetFilePointerEx
0x18003d280 FlushFileBuffers
0x18003d288 GetConsoleOutputCP
0x18003d290 GetConsoleMode
EAT(Export Address Table) Library
0x18004f9bc AcceptSecurityContext
0x18004fa0c AcquireCredentialsHandleA
0x18004fa60 AcquireCredentialsHandleW
0x18004faaa AddCredentialsA
0x18004faea AddCredentialsW
0x18004fb2e AddSecurityPackageA
0x18004fb76 AddSecurityPackageW
0x18004fbbc ApplyControlToken
0x18004fc05 ChangeAccountPasswordA
0x18004fc53 ChangeAccountPasswordW
0x18004fc9c CompleteAuthToken
0x18004fce4 CredMarshalTargetInfo
0x18004fd32 CredUnmarshalTargetInfo
0x18004fd79 DecryptMessage
0x18004fdbe DeleteSecurityContext
0x18004fe0b DeleteSecurityPackageA
0x18004fe59 DeleteSecurityPackageW
0x18004fe9f EncryptMessage
0x18004fee9 EnumerateSecurityPackagesA
0x18004ff3f EnumerateSecurityPackagesW
0x18004ff90 ExportSecurityContext
0x18004ffd8 FreeContextBuffer
0x180050020 FreeCredentialsHandle
0x18005006a GetSecurityUserInfo
0x1800500ad GetUserNameExA
0x180001010 GetUserNameExW
0x180050106 ImpersonateSecurityContext
0x180050158 ImportSecurityContextA
0x1800501a6 ImportSecurityContextW
0x1800501f4 InitSecurityInterfaceA
0x180050242 InitSecurityInterfaceW
0x180050294 InitializeSecurityContextA
0x1800502ea InitializeSecurityContextW
0x180050334 LogonUserExExW
0x180050380 LsaCallAuthenticationPackage
0x1800503d1 LsaConnectUntrusted
0x18005041f LsaDeregisterLogonProcess
0x180050473 LsaEnumerateLogonSessions
0x1800504c1 LsaFreeReturnBuffer
0x18005050c LsaGetLogonSessionData
0x180050550 LsaLogonUser
0x18005059c LsaLookupAuthenticationPackage
0x1800505f3 LsaRegisterLogonProcess
0x18005064f LsaRegisterPolicyChangeNotification
0x1800506b9 LsaUnregisterPolicyChangeNotification
0x18005070d MakeSignature
0x180050753 QueryContextAttributesA
0x1800507a5 QueryContextAttributesExA
0x1800507f9 QueryContextAttributesExW
0x18005084b QueryContextAttributesW
0x18005089f QueryCredentialsAttributesA
0x1800508f9 QueryCredentialsAttributesExA
0x180050955 QueryCredentialsAttributesExW
0x1800509af QueryCredentialsAttributesW
0x180050a05 QuerySecurityContextToken
0x180050a59 QuerySecurityPackageInfoA
0x180050aad QuerySecurityPackageInfoW
0x180050afd RevertSecurityContext
0x180050b4d SaslAcceptSecurityContext
0x180050b9e SaslEnumerateProfilesA
0x180050bec SaslEnumerateProfilesW
0x180050c38 SaslGetContextOption
0x180050c84 SaslGetProfilePackageA
0x180050cd2 SaslGetProfilePackageW
0x180050d1e SaslIdentifyPackageA
0x180050d68 SaslIdentifyPackageW
0x180050dbc SaslInitializeSecurityContextA
0x180050e1a SaslInitializeSecurityContextW
0x180050e6e SaslSetContextOption
0x180050eaf SealMessage
0x180050ef0 SecCacheSspiPackages
0x180050f3e SecDeleteUserModeContext
0x180050f8e SecInitUserModeContext
0x180050fe1 SeciAllocateAndSetCallFlags
0x18005103a SeciAllocateAndSetCallTarget
0x180051093 SeciAllocateAndSetIPAddress
0x1800510e3 SeciFreeCallContext
0x18005112b SeciIsProtectedUser
0x180051175 SetContextAttributesA
0x1800511c1 SetContextAttributesW
0x180051211 SetCredentialsAttributesA
0x180051265 SetCredentialsAttributesW
0x1800512b9 SspiCompareAuthIdentities
0x180051308 SspiCopyAuthIdentity
0x180051355 SspiDecryptAuthIdentity
0x1800513a7 SspiDecryptAuthIdentityEx
0x180051401 SspiEncodeAuthIdentityAsStrings
0x180051461 SspiEncodeStringsAsAuthIdentity
0x1800514b9 SspiEncryptAuthIdentity
0x18005150b SspiEncryptAuthIdentityEx
0x180051558 SspiExcludePackage
0x1800515a0 SspiFreeAuthIdentity
0x1800515ef SspiGetComputerNameForSPN
0x18005163f SspiGetTargetHostName
0x180051691 SspiIsAuthIdentityEncrypted
0x1800516db SspiLocalFree
0x180051721 SspiMarshalAuthIdentity
0x180051770 SspiPrepareForCredRead
0x1800517bf SspiPrepareForCredWrite
0x180051812 SspiSetChannelBindingFlags
0x180051867 SspiUnmarshalAuthIdentity
0x1800518c3 SspiUnmarshalAuthIdentityInternal
0x18005191e SspiValidateAuthIdentity
0x18005196c SspiZeroAuthIdentity
0x1800519af UnsealMessage
0x1800519ed VerifySignature