NtlmShared.dll

  • File Path: C:\Windows\system32\NtlmShared.dll
  • Description: NTLM Shared Functionality

Hashes

Type Hash
MD5 68A29D04B882CD44F52590F6E5944320
SHA1 8251967983CF1E30A94C206AD60A3F6452D22ABD
SHA256 62DE61059EF368F60F71C5C36101C1C8F035ECED8EA3F987DB1752AFC1FFC8C4
SHA384 84C29A85A44432A864E2EAFC29F37725629C19F02B5A4923BE560EBE60A3FB9BE861FDCB2BCCFC9BB89E7B0ADD80CBC1
SHA512 9D984F897ABCD0E6F832D626758621B4D61C94C8E96C26990DD10C387BFA38AFC31FDC6139B8A2ACC07FD228D1CB897848979EAC4D5FC305B9833EE7DCC1946B
SSDEEP 1536:i7jqbKtBqD/38km5L1AasZOKwxvIDlOvaf6KsOpRPju:i7juFm5L1AasQIfTlRru
IMP 6D69616C8CEDD32FEB34C17F6F0E5893
PESHA1 B3F15D2A5910D0DEDFA76F690F0412D69AE96D41
PE256 44B92154268301508B160E2D0AFAAB620DD82836460EE194E63458FFF4285ED6

DLL Exports:

Function Name Ordinal Type
MsvpUpdateSharedConfiguration 19 Exported Function
MsvpValidateSupplementalCreds 20 Exported Function
MsvpValidateSupplementalCredsBuffer 21 Exported Function
MsvpPutClearOwfsInPrimaryCredential 18 Exported Function
MsvpNtlm3Response 15 Exported Function
MsvpNtlm3ValidateResponse 16 Exported Function
MsvpPasswordValidate 17 Exported Function
NtlmSharedFree 26 Exported Function
NtlmSharedFreePrivateHeap 27 Exported Function
NtlmSharedInit 28 Exported Function
NtlmSharedCleanup 25 Exported Function
NtLmAlterRtlEqualUnicodeString 22 Exported Function
NtlmSharedAllocate 23 Exported Function
NtlmSharedAllocatePrivateHeap 24 Exported Function
MsvpCompareCredentials 5 Exported Function
MsvpComputeSaltedHashedPassword 6 Exported Function
MsvpCredentialToCachePasswords 7 Exported Function
MsvpCalculateNtlm3Owf 4 Exported Function
MsvpCachePasswordsToCredential 1 Exported Function
MsvpCalculateNtlm2Challenge 2 Exported Function
MsvpCalculateNtlm2SessionKeys 3 Exported Function
MsvpLm3Response 12 Exported Function
MsvpLm3ValidateResponse 13 Exported Function
MsvpMakeSecretPasswordNT5 14 Exported Function
MsvpLm20GetNtlm3ChallengeResponse 11 Exported Function
MsvpDecryptDpapiMasterKey 8 Exported Function
MsvpDeriveSecureCredKey 9 Exported Function
MsvpGMSACred 10 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: NtlmShared.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/62de61059ef368f60f71c5c36101c1c8f035eced8ea3f987db1752afc1ffc8c4/detection/

MIT License. Copyright (c) 2020-2021 Strontic.