capisp.dll

  • File Path: C:\Windows\system32\capisp.dll
  • Description: Sysprep cleanup dll for CAPI

Hashes

Type Hash
MD5 A4C6071C049E139BAE67F4EE933DF160
SHA1 6805C6BAD4F8BB13968C1CF726E969BAC36705EF
SHA256 9EECEBC9015E62574A1E0453B82E2B08587F6837B9706D79AA3CC847036E6314
SHA384 8DB766E4548F5D3302D5D39398DE8AEAE0E6C853C5ADC3482C86918EBF765FB48518788BDACC7D3128D6EF5457213E52
SHA512 47319C8B9B8256F557D48D3F69109752721988370F45DBD12681474AF9CF8A2CF7D485107219E685EEFDC4B67DD7CC722115CE84F4BC6010BB55D783C06F7B18
SSDEEP 384:Lopvz51fyt4KcRqfv4gfXJxbj6uNRNGQVcJ7u+JjhAR0AZnz/DmWghW:UZ51UcRev40xb2hHAZno
IMP 1251BA29686C7E18CA29848C31208DBD
PESHA1 48C6F39EA9E28BAE87C2D14F0E38A17686779FD8
PE256 8134643D399FFD3B0A91A6CB9C9AD13F1E641C755025A8C93FECCB6360C70F14

DLL Exports:

Function Name Ordinal Type
CryptoSysPrep_Specialize_Clone 4 Exported Function
CryptoSysPrep_Specialize_Offline 5 Exported Function
CryptoSysPrep_Specialize 3 Exported Function
CAPISysPrep_Generalize 1 Exported Function
CryptoSysPrep_Clean 2 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: capisp.dll.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/9eecebc9015e62574a1e0453b82e2b08587f6837b9706d79aa3cc847036e6314/detection/

Possible Misuse

The following table contains possible examples of capisp.dll being misused. While capisp.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc part1.adoc www.capisp.com © ESET 2014-2018

MIT License. Copyright (c) 2020 Strontic.