credui.dll

  • File Path: C:\Windows\system32\credui.dll
  • Description: Credential Manager User Interface

Hashes

Type Hash
MD5 AB2D70C2228127485508AC08AB6E42D1
SHA1 5EA35C783D465C3D2159B132A308A2944FCCFD99
SHA256 1E68E7940D5BB31779F98B32C315DB64854A3714F52CAFEE17F8D283F32BD792
SHA384 9A748DFA87C1205254D1483DE39325E1BC8A8ABE06C79AF5D4FABA14628535C5ECE7CDB097F1183819B0731282B27ED6
SHA512 8FD5D81704A12AE081DD2E8DDBE6B529CD2E4F3B1CFCF5435896BE1EFC74D55784AF39992C9B3FD6B15D4B542AF07C0D2294863AEC38260CEAFE328CFB3582DE
SSDEEP 768:P16q/BN8GnzggWqiVURQ9JjfJjFDc3080Kg3YEwb:P16RmggJjQxCk80KCYVb
IMP DD5F8BDD2BB57E653A049126DE353907
PESHA1 A4A4A11427B98D755A4F778AE784EF49006701B9
PE256 15CC4D2527255E6D5CBABA700629706841BC83529548A316836297126DCBE32B

DLL Exports:

Function Name Ordinal Type
CredUIStoreSSOCredA 17 Exported Function
CredUIStoreSSOCredW 18 Exported Function
CredUnPackAuthenticationBufferA 19 Exported Function
CredUIPromptForWindowsCredentialsWorker 14 Exported Function
CredUIReadSSOCredA 15 Exported Function
CredUIReadSSOCredW 16 Exported Function
CredUnPackAuthenticationBufferW 20 Exported Function
SspiPromptForCredentialsW 24 Exported Function
SspiUnmarshalCredUIContext 25 Exported Function
SspiUpdateCredentials 26 Exported Function
SspiGetCredUIContext 21 Exported Function
SspiIsPromptingNeeded 22 Exported Function
SspiPromptForCredentialsA 23 Exported Function
CredUICmdLinePromptForCredentialsW 4 Exported Function
CredUIConfirmCredentialsA 5 Exported Function
CredUIConfirmCredentialsW 6 Exported Function
CredPackAuthenticationBufferA 1 Exported Function
CredPackAuthenticationBufferW 2 Exported Function
CredUICmdLinePromptForCredentialsA 3 Exported Function
CredUIInitControls 7 Exported Function
CredUIPromptForCredentialsW 11 Exported Function
CredUIPromptForWindowsCredentialsA 12 Exported Function
CredUIPromptForWindowsCredentialsW 13 Exported Function
CredUIParseUserNameA 8 Exported Function
CredUIParseUserNameW 9 Exported Function
CredUIPromptForCredentialsA 10 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: credui.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/66
  • VirusTotal Link: https://www.virustotal.com/gui/file/1e68e7940d5bb31779f98b32c315db64854a3714f52cafee17f8d283f32bd792/detection/

Possible Misuse

The following table contains possible examples of credui.dll being misused. While credui.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_uipromptforcreds_dlls.yml - '\credui.dll' DRL 1.0
sigma image_load_uipromptforcreds_dlls.yml - 'credui.dll' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.