cryptsvc.dll

Description: Cryptographic Services

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.1

Architecture: 64-bit

Operating System: Windows NT

SHA256: 5171ed876e0ec5cae2be9161acc90f48

File Size: 102.5 KB

Uploaded At: Dec. 1, 2025, 7:24 a.m.

Views: 12

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • CryptServiceMain (Ordinal: 1, Address: 0x8f70)
  • SvchostPushServiceGlobals (Ordinal: 2, Address: 0x9db0)

Imported DLLs & Functions

api-ms-win-core-debug-l1-1-0.dll
  • IsDebuggerPresent (Address: 0x1800135f8)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x180013608)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x180013618)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x180013628)
  • SetLastError (Address: 0x180013640)
  • SetUnhandledExceptionFilter (Address: 0x180013630)
  • UnhandledExceptionFilter (Address: 0x180013638)
api-ms-win-core-file-l1-1-0.dll
  • CompareFileTime (Address: 0x1800136b8)
  • CreateDirectoryW (Address: 0x180013668)
  • CreateFileW (Address: 0x180013670)
  • DeleteFileW (Address: 0x1800136a0)
  • FindClose (Address: 0x1800136c8)
  • FindCloseChangeNotification (Address: 0x1800136d0)
  • FindFirstChangeNotificationW (Address: 0x180013688)
  • FindFirstFileW (Address: 0x180013658)
  • FindNextChangeNotification (Address: 0x180013690)
  • FindNextFileW (Address: 0x1800136c0)
  • GetFileAttributesW (Address: 0x180013680)
  • GetFileSize (Address: 0x180013678)
  • ReadFile (Address: 0x180013698)
  • SetEndOfFile (Address: 0x1800136b0)
  • SetFileAttributesW (Address: 0x180013660)
  • SetFilePointer (Address: 0x180013650)
  • WriteFile (Address: 0x1800136a8)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x1800136e0)
  • DuplicateHandle (Address: 0x1800136e8)
api-ms-win-core-heap-l2-1-0.dll
  • LocalAlloc (Address: 0x1800136f8)
  • LocalFree (Address: 0x180013708)
  • LocalReAlloc (Address: 0x180013700)
api-ms-win-core-heap-obsolete-l1-1-0.dll
  • LocalSize (Address: 0x180013718)
api-ms-win-core-interlocked-l1-1-0.dll
  • InitializeSListHead (Address: 0x180013728)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x180013748)
  • FreeLibrary (Address: 0x180013740)
  • FreeLibraryAndExitThread (Address: 0x180013738)
  • GetModuleHandleExW (Address: 0x180013750)
api-ms-win-core-localization-obsolete-l1-2-0.dll
  • CompareStringA (Address: 0x180013760)
api-ms-win-core-memory-l1-1-0.dll
  • VirtualAlloc (Address: 0x180013780)
  • VirtualProtect (Address: 0x180013770)
  • VirtualQuery (Address: 0x180013778)
api-ms-win-core-processenvironment-l1-1-0.dll
  • ExpandEnvironmentStringsW (Address: 0x180013790)
api-ms-win-core-processthreads-l1-1-0.dll
  • CreateThread (Address: 0x1800137e0)
  • ExitThread (Address: 0x1800137f0)
  • GetCurrentProcess (Address: 0x1800137e8)
  • GetCurrentProcessId (Address: 0x1800137c0)
  • GetCurrentThread (Address: 0x1800137d0)
  • GetCurrentThreadId (Address: 0x1800137b8)
  • OpenProcessToken (Address: 0x1800137d8)
  • OpenThreadToken (Address: 0x1800137c8)
  • SetThreadStackGuarantee (Address: 0x1800137a8)
  • SetThreadToken (Address: 0x1800137b0)
  • TerminateProcess (Address: 0x1800137a0)
api-ms-win-core-processthreads-l1-1-1.dll
  • IsProcessorFeaturePresent (Address: 0x180013808)
  • OpenProcess (Address: 0x180013800)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x180013818)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x180013828)
  • RegCreateKeyExW (Address: 0x180013850)
  • RegOpenKeyExA (Address: 0x180013838)
  • RegOpenKeyExW (Address: 0x180013848)
  • RegQueryValueExA (Address: 0x180013830)
  • RegQueryValueExW (Address: 0x180013840)
  • RegSetValueExW (Address: 0x180013858)
api-ms-win-core-rtlsupport-l1-1-0.dll
  • RtlCaptureContext (Address: 0x180013870)
  • RtlLookupFunctionEntry (Address: 0x180013868)
  • RtlVirtualUnwind (Address: 0x180013878)
api-ms-win-core-string-l1-1-0.dll
  • MultiByteToWideChar (Address: 0x180013888)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x1800138c0)
  • AcquireSRWLockShared (Address: 0x1800138b0)
  • CreateEventA (Address: 0x1800138d8)
  • CreateEventW (Address: 0x1800138a8)
  • DeleteCriticalSection (Address: 0x1800138a0)
  • EnterCriticalSection (Address: 0x1800138f0)
  • InitializeCriticalSection (Address: 0x1800138f8)
  • InitializeSRWLock (Address: 0x1800138e8)
  • LeaveCriticalSection (Address: 0x180013898)
  • ReleaseSRWLockExclusive (Address: 0x1800138d0)
  • ReleaseSRWLockShared (Address: 0x1800138b8)
  • SetEvent (Address: 0x1800138c8)
  • WaitForSingleObjectEx (Address: 0x1800138e0)
api-ms-win-core-synch-l1-2-0.dll
  • Sleep (Address: 0x180013908)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemInfo (Address: 0x180013920)
  • GetSystemTimeAsFileTime (Address: 0x180013930)
  • GetTickCount (Address: 0x180013928)
  • GetTickCount64 (Address: 0x180013918)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
  • UnregisterWaitEx (Address: 0x180013940)
api-ms-win-core-threadpool-private-l1-1-0.dll
  • RegisterWaitForSingleObjectEx (Address: 0x180013950)
api-ms-win-crt-private-l1-1-0.dll
  • __C_specific_handler (Address: 0x1800139c0)
  • _o___std_type_info_destroy_list (Address: 0x1800139b8)
  • _o___stdio_common_vswprintf (Address: 0x1800139b0)
  • _o__cexit (Address: 0x1800139a0)
  • _o__configure_narrow_argv (Address: 0x180013998)
  • _o__execute_onexit_table (Address: 0x1800139a8)
  • _o__initialize_narrow_environment (Address: 0x180013960)
  • _o__initialize_onexit_table (Address: 0x180013968)
  • _o__seh_filter_dll (Address: 0x180013970)
  • _o_bsearch (Address: 0x180013980)
  • _o_qsort (Address: 0x180013988)
  • _o_strtoul (Address: 0x180013990)
  • memcmp (Address: 0x1800139c8)
  • memcpy (Address: 0x180013978)
api-ms-win-crt-runtime-l1-1-0.dll
  • _initterm (Address: 0x1800139e0)
  • _initterm_e (Address: 0x1800139d8)
api-ms-win-crt-string-l1-1-0.dll
  • memset (Address: 0x1800139f0)
  • strcmp (Address: 0x1800139f8)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventUnregister (Address: 0x180013a08)
api-ms-win-security-base-l1-1-0.dll
  • AllocateAndInitializeSid (Address: 0x180013a30)
  • CopySid (Address: 0x180013a88)
  • EqualSid (Address: 0x180013a68)
  • FreeSid (Address: 0x180013a38)
  • GetAce (Address: 0x180013a70)
  • GetFileSecurityW (Address: 0x180013a48)
  • GetLengthSid (Address: 0x180013a18)
  • GetSecurityDescriptorSacl (Address: 0x180013a50)
  • GetSidIdentifierAuthority (Address: 0x180013a80)
  • GetSidSubAuthority (Address: 0x180013a40)
  • GetSidSubAuthorityCount (Address: 0x180013a78)
  • GetTokenInformation (Address: 0x180013a60)
  • ImpersonateSelf (Address: 0x180013a20)
  • IsValidSid (Address: 0x180013a90)
  • RevertToSelf (Address: 0x180013a28)
  • SetFileSecurityW (Address: 0x180013a58)
api-ms-win-security-base-l1-2-0.dll
  • CheckTokenCapability (Address: 0x180013aa0)
bcrypt.dll
  • BCryptCloseAlgorithmProvider (Address: 0x180013ad8)
  • BCryptCreateHash (Address: 0x180013ac8)
  • BCryptDestroyHash (Address: 0x180013ab0)
  • BCryptFinishHash (Address: 0x180013ab8)
  • BCryptHashData (Address: 0x180013ac0)
  • BCryptOpenAlgorithmProvider (Address: 0x180013ad0)
CRYPT32.dll
  • CertAddEncodedCertificateToStore (Address: 0x180013480)
  • CertCloseStore (Address: 0x1800134b8)
  • CertCreateContext (Address: 0x180013510)
  • CertEnumCRLsInStore (Address: 0x1800134a8)
  • CertFindAttribute (Address: 0x180013500)
  • CertFindExtension (Address: 0x180013570)
  • CertFreeCertificateChain (Address: 0x1800134f8)
  • CertFreeCertificateContext (Address: 0x1800134d8)
  • CertFreeCRLContext (Address: 0x1800134b0)
  • CertFreeCTLContext (Address: 0x180013578)
  • CertGetCertificateChain (Address: 0x1800134e8)
  • CertGetCertificateContextProperty (Address: 0x1800134e0)
  • CertOpenStore (Address: 0x1800134d0)
  • CertVerifyCertificateChainPolicy (Address: 0x1800134f0)
  • CryptDecodeObjectEx (Address: 0x1800134c8)
  • CryptFreeOIDFunctionAddress (Address: 0x180013590)
  • CryptGetDefaultOIDDllList (Address: 0x180013580)
  • CryptGetDefaultOIDFunctionAddress (Address: 0x180013598)
  • CryptHashCertificate2 (Address: 0x1800134a0)
  • CryptInitOIDFunctionSet (Address: 0x180013588)
  • CryptMemFree (Address: 0x180013488)
  • CryptMsgEncodeAndSignCTL (Address: 0x180013508)
  • CryptQueryObject (Address: 0x180013490)
  • CryptStringToBinaryA (Address: 0x180013498)
  • CryptStringToBinaryW (Address: 0x1800134c0)
  • I_CertSrvProtectFunction (Address: 0x180013568)
  • I_CryptCreateLruCache (Address: 0x180013528)
  • I_CryptCreateLruEntry (Address: 0x180013560)
  • I_CryptEnumMatchingLruEntries (Address: 0x180013518)
  • I_CryptFindLruEntry (Address: 0x180013550)
  • I_CryptFreeLruCache (Address: 0x180013520)
  • I_CryptGetLruEntryData (Address: 0x180013548)
  • I_CryptInsertLruEntry (Address: 0x180013558)
  • I_CryptReleaseLruEntry (Address: 0x180013540)
  • I_CryptRemoveLruEntry (Address: 0x180013530)
  • I_CryptWalkAllLruCacheEntries (Address: 0x180013538)
ntdll.dll
  • EtwEventRegister (Address: 0x180013af8)
  • EtwEventUnregister (Address: 0x180013b20)
  • EvtIntReportEventAndSourceAsync (Address: 0x180013ae8)
  • MD5Final (Address: 0x180013b00)
  • MD5Init (Address: 0x180013af0)
  • MD5Update (Address: 0x180013b28)
  • RtlAllocateHeap (Address: 0x180013b08)
  • RtlFreeHeap (Address: 0x180013b18)
  • RtlImageNtHeader (Address: 0x180013b10)
RPCRT4.dll
  • I_RpcBindingInqLocalClientPID (Address: 0x1800135c0)
  • I_RpcBindingIsClientLocal (Address: 0x1800135b0)
  • NdrServerCall2 (Address: 0x1800135e8)
  • NdrServerCallAll (Address: 0x1800135c8)
  • RpcImpersonateClient (Address: 0x1800135e0)
  • RpcRevertToSelfEx (Address: 0x1800135a8)
  • RpcServerRegisterIf3 (Address: 0x1800135d0)
  • RpcServerUnregisterIf (Address: 0x1800135d8)
  • RpcServerUseProtseqEpW (Address: 0x1800135b8)