kerberos.dll

  • File Path: C:\Windows\SysWOW64\kerberos.dll
  • Description: Kerberos Security Package

Hashes

Type Hash
MD5 2B542D7CA799234E47A1AA3C034AC651
SHA1 DFE0707D84F337E693830F8B23172B9FA74EAF0B
SHA256 448B00CC8FD27205D1BBCF7058BEEF6561AF90EE98D67E01CC09C7EA745AE4E3
SHA384 0CE10A6766F2F52BDAD8A6AA0FA02BE44354B3D1B97A4D78E635AEF7850E4B065620123A35BA08FF04F56F4B5BA3B296
SHA512 21126CC73ACD95A811C6236F684A71319DD165756EB3FD8E91B1D05452DFDA726430FAF1296EFECBB81EEE646D418F1E62610292922525725E09FAACAC07FB55
SSDEEP 12288:GC899JFepnE12CoT7ZzleVoC4AyGMouh7+BtlVxxY:fC9feKTyZrC4AyGMouh7+BtlVf
IMP 30D4904E8BF469BEC14F4EF1F55131EA
PESHA1 BC0004A79081420E28CC643A747CF8CA238F7202
PE256 CB98034562C64C561D5AF5285A3F7A48633365E1DFE6DEFE902F5F158ADF34AA

DLL Exports:

Function Name Ordinal Type
SpInitialize 1 Exported Function
KerbMakeKdcCall 9 Exported Function
SpInstanceInit 32 Exported Function
SpUserModeInitialize 4 Exported Function
SpLsaModeInitialize 3 Exported Function
KerbKdcCallBack 8 Exported Function
KerbCreateTokenFromTicketForKdc 6 Exported Function
DllMain 5 Exported Function
KerbDomainChangeCallback 2 Exported Function
KerbIsInitialized 7 Exported Function
Kerberos 10 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 330000026551AE1BBD005CBFBD000000000265
  • Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: kerberos.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.488 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.488
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/448b00cc8fd27205d1bbcf7058beef6561af90ee98d67e01cc09c7ea745ae4e3/detection/

Possible Misuse

The following table contains possible examples of kerberos.dll being misused. While kerberos.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_susp_office_kerberos_dll_load.yml title: Active Directory Kerberos DLL Loaded Via Office Applications DRL 1.0
sigma image_load_susp_office_kerberos_dll_load.yml description: Detects Kerberos DLL being loaded by an Office Product DRL 1.0
sigma image_load_susp_office_kerberos_dll_load.yml - '\kerberos.dll' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.