skci.dll

File Path: C:\Windows\system32\skci.dll
Description: Secure Kernel Code Integrity Module

Hashes

Type	Hash
MD5	`7E88E785DFD6D6A343770C1BADD19D2E`
SHA1	`457F53C7D237BCD0B41C3BB5724A832A5B5D576B`
SHA256	`DDCFB8617A289F06D639ED06297E30E590A4BA97CDF9463562D476F876E358B8`
SHA384	`DF69CC84F94EC99506CD960B16206AD58AEC41DECF9D9731B8B98B11B9C7EA824B3B6871FAD774732BCD25153540C769`
SHA512	`C52663FAD2BFABDC0B4971A914734EF3DF5207FF41B91180C62B18E4ADEBEBA217101C3510EBF0F8A38BB5F93F0BEF5C33C7CBB8DA0DAE11D11BD2CF83CBDFC2`
SSDEEP	`6144:MIc0I2n9o7PxcA919swGby170h0z4A1Yoq:Vbne7PmW19uby170h0z4A1`
IMP	`258E187B1224E817873F8D0FC1A58064`
PESHA1	`F51EB18A23C334B88756037EAC77E0C7B02DF4EA`
PE256	`61F2E50DAC12DA133685A04A30968346A0B93ADE991941F7C2DEB7807D0B6EA9`

DLL Exports:

Function Name	Ordinal	Type
`SkciQueryInformation`	11	Exported Function
`SkciSetCodeIntegrityPolicy`	12	Exported Function
`SkciQueryImageAuthorID`	9	Exported Function
`SkciQueryImageUniqueID`	10	Exported Function
`SkciValidateDynamicCodePages`	15	Exported Function
`SkciValidateImageData`	16	Exported Function
`SkciTransferVersionResource`	13	Exported Function
`SkciValidateAmeCertChain`	14	Exported Function
`SkciCreateSecureImage`	3	Exported Function
`SkciFinalizeSecureImageHash`	4	Exported Function
`SkciCompareSigningLevels`	1	Exported Function
`SkciCreateCodeCatalog`	2	Exported Function
`SkciInitialize`	7	Exported Function
`SkciMatchHotPatch`	8	Exported Function
`SkciFinishImageValidation`	5	Exported Function
`SkciFreeImageContext`	6	Exported Function

Signature

Status: Signature verified.
Serial: 3300000266BD1580EFA75CD6D3000000000266
Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename: skci.dll
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
File Version: 10.0.19041.488 (WinBuild.160101.0800)
Product Version: 10.0.19041.488
Language: English (United States)
Legal Copyright: Microsoft Corporation. All rights reserved.
Machine Type: 64-bit

File Scan

VirusTotal Detections: 0/67
VirusTotal Link: https://www.virustotal.com/gui/file/ddcfb8617a289f06d639ed06297e30e590a4ba97cdf9463562d476f876e358b8/detection/

File Similarity (ssdeep match)

File	Score
C:\Windows\system32\bcryptprimitives.dll	36
C:\Windows\system32\BioIso.exe	46
C:\WINDOWS\system32\BioIso.exe	36
C:\Windows\system32\BioIso.exe	44
C:\Windows\system32\BioIso.exe	35
C:\Windows\system32\ci.dll	36

MIT License. Copyright (c) 2020-2021 Strontic.