kerberos.dll

  • File Path: C:\Windows\system32\kerberos.dll
  • Description: Kerberos Security Package

Hashes

Type Hash
MD5 991DC28A283693EED5FCA4A64B81525B
SHA1 10ACC8C7EEF86B820F29EB4F7F116F771910563F
SHA256 BEABEC4D2C6C0163C6D28C4621C8FC8550FDB14FD41B3C64EA7610E2930EA5B1
SHA384 10213AEC85E47D45791A51E4A19929215F8D904794F9CEBEDDDB4545CA236E5557045C16802FDEE0F1ECB0BAABE6F16D
SHA512 5262ADC33BE33E34BEF2DF4A83BB93A5E4D7F18BF7A28E0C0F01F3FC39F742478671AE76BBB35FDA67B8CCAE219F2568ACAAF774298A8EB590714CDE5F453691
SSDEEP 24576:ZOGIG8ZJ7mQxVya0zXNHih8X91452E2FbbqN7:UGjEJy1VVX91452E21qN
IMP 480D028B4FE73DF09DD554C46EE0F842
PESHA1 20002AED29E24115296760D0BF8AC55255EC81B5
PE256 B2457A5F7B87DB151F7541693E3D9742B7DFA94E67FDA4388146E3252711699A

DLL Exports:

Function Name Ordinal Type
SpInitialize 1 Exported Function
KerbMakeKdcCall 9 Exported Function
SpInstanceInit 32 Exported Function
SpUserModeInitialize 4 Exported Function
SpLsaModeInitialize 3 Exported Function
KerbKdcCallBack 8 Exported Function
KerbCreateTokenFromTicketForKdc 6 Exported Function
DllMain 5 Exported Function
KerbDomainChangeCallback 2 Exported Function
KerbIsInitialized 7 Exported Function
Kerberos 10 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: kerberos.dll.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/beabec4d2c6c0163c6d28c4621c8fc8550fdb14fd41b3c64ea7610e2930ea5b1/detection/

Possible Misuse

The following table contains possible examples of kerberos.dll being misused. While kerberos.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_susp_office_kerberos_dll_load.yml title: Active Directory Kerberos DLL Loaded Via Office Applications DRL 1.0
sigma image_load_susp_office_kerberos_dll_load.yml description: Detects Kerberos DLL being loaded by an Office Product DRL 1.0
sigma image_load_susp_office_kerberos_dll_load.yml - '\kerberos.dll' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.