Operator On The Wire
Join
← Back to Knowledge Base
BLUE TEAM / MALWARE REVERSE / ANALYSIS / STATIC / DANGEROUS FUNCS / WIN32

Crypto

CryptoAPI Context / Provider

  • CryptAcquireContextA

  • CryptAcquireContextW

  • CryptReleaseContext

Hashing (Derivation / Integrity / IDs)

  • CryptCreateHash

  • CryptHashData

  • CryptGetHashParam

  • CryptDestroyHash

Key Derivation / Session Keys

  • CryptDeriveKey

  • CryptImportKey

  • CryptExportKey

  • CryptGenKey

  • CryptGenRandom

  • CryptSetKeyParam

  • CryptGetKeyParam

  • CryptDestroyKey

Encryption / Decryption (In-Place Buffers)

  • CryptEncrypt

  • CryptDecrypt

File/Blob Helpers (Common in Malware)

  • CryptBinaryToStringA

  • CryptBinaryToStringW

  • CryptStringToBinaryA

  • CryptStringToBinaryW

Modern CNG (BCrypt) - Often Used in Newer Malware

  • BCryptOpenAlgorithmProvider

  • BCryptSetProperty

  • BCryptGenerateSymmetricKey

  • BCryptEncrypt

  • BCryptDecrypt

  • BCryptCreateHash

  • BCryptHashData

  • BCryptFinishHash

  • BCryptGenRandom

  • BCryptDestroyKey

  • BCryptDestroyHash

  • BCryptCloseAlgorithmProvider