schannel.dll

  • File Path: C:\Windows\system32\schannel.dll
  • Description: TLS / SSL Security Provider

Hashes

Type Hash
MD5 B992E335A9868FE4FB7E05B1EC660F90
SHA1 3BD62EAE693DDB8548206D715DCF984D5BE344C3
SHA256 9A7076CCE1B58F4A8BCFF3C95041B19210920A79A75399BA83EFE42F04D7C6FC
SHA384 E55021D4A08534DC526FFA568630CCB6E5FE98F838D9EE69E49E69AA1C7C9A3B501CE477DCE9E3E79E9C4406F882DBA7
SHA512 E9C99F61A7E58EED87614BCADA79E11673F657006720268FF760324CA30E7E5AAC089DF6A1EEC7BC2E570B00FB485FA019F96399B5930DDEE29AACDEF8B9E109
SSDEEP 6144:hu8G5Yvoa6kXHsOrr4ZhjRhTtIGEPb91V2U4gkPWVEjlP2rutuT4oC/6B8c+fVmR:ha8oDqPiHCGED91VtlaToKtJ66pkK
IMP A8008D74F52F27906ED8B28403843059
PESHA1 2633E2842F8A80AC5F7F7200CAD33AADE4EEE12B
PE256 2B300EC4EAF919F04E1581464582F04CBAF4279928B32DA327B20CCFB58BBC8B

DLL Exports:

Function Name Ordinal Type
SslCrackCertificate 25 Exported Function
SpUserModeInitialize 24 Exported Function
SslEmptyCacheW 27 Exported Function
SslEmptyCacheA 26 Exported Function
SpLsaModeInitialize 1 Exported Function
QuerySecurityPackageInfoW 21 Exported Function
QuerySecurityPackageInfoA 20 Exported Function
SealMessage 23 Exported Function
RevertSecurityContext 22 Exported Function
SslLoadCertificate 34 Exported Function
SslGetServerIdentity 33 Exported Function
VerifySignature 36 Exported Function
UnsealMessage 35 Exported Function
SslGetMaximumKeySize 32 Exported Function
SslFreeCustomBuffer 29 Exported Function
SslFreeCertificate 28 Exported Function
SslGetExtensions 31 Exported Function
SslGenerateRandomBits 30 Exported Function
EnumerateSecurityPackagesA 8 Exported Function
DeleteSecurityContext 7 Exported Function
FreeContextBuffer 10 Exported Function
EnumerateSecurityPackagesW 9 Exported Function
CompleteAuthToken 6 Exported Function
AcquireCredentialsHandleA 3 Exported Function
AcceptSecurityContext 2 Exported Function
ApplyControlToken 5 Exported Function
AcquireCredentialsHandleW 4 Exported Function
MakeSignature 17 Exported Function
InitSecurityInterfaceW 14 Exported Function
QueryContextAttributesW 19 Exported Function
QueryContextAttributesA 18 Exported Function
InitSecurityInterfaceA 13 Exported Function
ImpersonateSecurityContext 12 Exported Function
FreeCredentialsHandle 11 Exported Function
InitializeSecurityContextW 16 Exported Function
InitializeSecurityContextA 15 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: schannel.dll.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/9a7076cce1b58f4a8bcff3c95041b19210920a79a75399ba83efe42f04d7c6fc/detection/

Possible Misuse

The following table contains possible examples of schannel.dll being misused. While schannel.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_unit78020_malware.yar $s10 = “SCHANNEL.DLL” fullword ascii /* Goodware String - occured 6 times */ CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.