NtlmShared.dll
- File Path:
C:\Windows\SysWOW64\NtlmShared.dll
- Description: NTLM Shared Functionality
Hashes
| Type |
Hash |
| MD5 |
D1DF6A4A5B29466176A49806C10F4FE4 |
| SHA1 |
3689FFB90D507C26AEBC318E0D5B08C8D3C81104 |
| SHA256 |
005A9EBA3B99727481BBDCFD86A59B1833D3978DA239F60A462386185883FE9F |
| SHA384 |
F15A946B23678C080219244CEE3F9200796132B6EF213D4C77363DEF91C8EDF3C0304DF3F9C7F50A7C71617E8F987FA8 |
| SHA512 |
45C2C0F48848940D4B2997F2B8983F87A5A93620FF0AFF286B4BEDB3563A59D212FAFE22D6BAFA44E9CAFE494845CDE33C1E38B29AFC216EBE58E6D2C61F9EE4 |
| SSDEEP |
1536:Wt5eRtymJJ343yAkIgDpFU1NUCpnY1CLwbT5BJmLKzT+nPWB:I2opnxwbVBJmuz2uB |
| IMP |
AA88CE810083E9C380AE5EC38B607E7C |
| PESHA1 |
35D2247A778849CE63BAF65A664E2C71645B7265 |
| PE256 |
ECA1417B3941536C8BB7320B3EACC2E9524BF224452099F65F4897E89F3B45BC |
DLL Exports:
| Function Name |
Ordinal |
Type |
MsvpUpdateSharedConfiguration |
19 |
Exported Function |
MsvpValidateSupplementalCreds |
20 |
Exported Function |
MsvpValidateSupplementalCredsBuffer |
21 |
Exported Function |
MsvpPutClearOwfsInPrimaryCredential |
18 |
Exported Function |
MsvpNtlm3Response |
15 |
Exported Function |
MsvpNtlm3ValidateResponse |
16 |
Exported Function |
MsvpPasswordValidate |
17 |
Exported Function |
NtlmSharedFree |
26 |
Exported Function |
NtlmSharedFreePrivateHeap |
27 |
Exported Function |
NtlmSharedInit |
28 |
Exported Function |
NtlmSharedCleanup |
25 |
Exported Function |
NtLmAlterRtlEqualUnicodeString |
22 |
Exported Function |
NtlmSharedAllocate |
23 |
Exported Function |
NtlmSharedAllocatePrivateHeap |
24 |
Exported Function |
MsvpCompareCredentials |
5 |
Exported Function |
MsvpComputeSaltedHashedPassword |
6 |
Exported Function |
MsvpCredentialToCachePasswords |
7 |
Exported Function |
MsvpCalculateNtlm3Owf |
4 |
Exported Function |
MsvpCachePasswordsToCredential |
1 |
Exported Function |
MsvpCalculateNtlm2Challenge |
2 |
Exported Function |
MsvpCalculateNtlm2SessionKeys |
3 |
Exported Function |
MsvpLm3Response |
12 |
Exported Function |
MsvpLm3ValidateResponse |
13 |
Exported Function |
MsvpMakeSecretPasswordNT5 |
14 |
Exported Function |
MsvpLm20GetNtlm3ChallengeResponse |
11 |
Exported Function |
MsvpDecryptDpapiMasterKey |
8 |
Exported Function |
MsvpDeriveSecureCredKey |
9 |
Exported Function |
MsvpGMSACred |
10 |
Exported Function |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266
- Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: NtlmShared.dll
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/70
- VirusTotal Link: https://www.virustotal.com/gui/file/005a9eba3b99727481bbdcfd86a59b1833d3978da239f60a462386185883fe9f/detection/
MIT License. Copyright (c) 2020-2021 Strontic.