credui.dll

  • File Path: C:\Windows\SysWOW64\credui.dll
  • Description: Credential Manager User Interface

Hashes

Type Hash
MD5 A5BD797BBC2DD55231B9DE99837E5461
SHA1 053799A7572641C62FDFB1D0AE1FA4019E9AEA3F
SHA256 4288E15A70F67833F82C5A5A7EC1EB733CB3D305693A72D9A3085474EE14FE26
SHA384 EC93635460E07EBFA4681A530D8B165395E54C49A591EEB301729E734DDB4B31A9082CFFCF416ABD1182C5013527B5DF
SHA512 5164DA45EAD9B21C03C61376F6DF3216C1F6A6456D256F6B6CB1549B0AB3E5B0EE912C2B037B5DDF2C234D2C0EF8B0DE57EC88014120A0F7CA21A8E7B4F3C799
SSDEEP 384:YaTmJBH6hF1jKfloe124FX8i8PxEw3mAr67ZTBENldOdEMkO8Epw0Wo2WpnWZZeM:Ybr6RW+eE4B8i8Gkm867ZilHb1Zic1P
IMP 10AB74DCEC9E221AABFCBC88D731BF43
PESHA1 0E1BB2284E40E6B6FF3473265D48295577DFDDD8
PE256 1D7F2DD922B9C81F1EC70B8D043F6C043642CF53297E9BA22259ED150303EC4E

DLL Exports:

Function Name Ordinal Type
CredUIStoreSSOCredA 17 Exported Function
CredUIStoreSSOCredW 18 Exported Function
CredUnPackAuthenticationBufferA 19 Exported Function
CredUIPromptForWindowsCredentialsWorker 14 Exported Function
CredUIReadSSOCredA 15 Exported Function
CredUIReadSSOCredW 16 Exported Function
CredUnPackAuthenticationBufferW 20 Exported Function
SspiPromptForCredentialsW 24 Exported Function
SspiUnmarshalCredUIContext 25 Exported Function
SspiUpdateCredentials 26 Exported Function
SspiGetCredUIContext 21 Exported Function
SspiIsPromptingNeeded 22 Exported Function
SspiPromptForCredentialsA 23 Exported Function
CredUICmdLinePromptForCredentialsW 4 Exported Function
CredUIConfirmCredentialsA 5 Exported Function
CredUIConfirmCredentialsW 6 Exported Function
CredPackAuthenticationBufferA 1 Exported Function
CredPackAuthenticationBufferW 2 Exported Function
CredUICmdLinePromptForCredentialsA 3 Exported Function
CredUIInitControls 7 Exported Function
CredUIPromptForCredentialsW 11 Exported Function
CredUIPromptForWindowsCredentialsA 12 Exported Function
CredUIPromptForWindowsCredentialsW 13 Exported Function
CredUIParseUserNameA 8 Exported Function
CredUIParseUserNameW 9 Exported Function
CredUIPromptForCredentialsA 10 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: credui.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/67
  • VirusTotal Link: https://www.virustotal.com/gui/file/4288e15a70f67833f82c5a5a7ec1eb733cb3d305693a72d9a3085474ee14fe26/detection/

Possible Misuse

The following table contains possible examples of credui.dll being misused. While credui.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_uipromptforcreds_dlls.yml - '\credui.dll' DRL 1.0
sigma image_load_uipromptforcreds_dlls.yml - 'credui.dll' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.