views:

141

answers:

1

It's calling these API functions (advapi32.dll) with these parameters:

CryptCreateHash ( 3275488, 32771, 0, 0, 1243424 );
CryptHashData   ( 3203040, 'UY30930037661', 13, 0 );
CryptCreateHash ( 3276304, 32771, 0, 0, 46463812 );
CryptHashData   ( 3203296, '-585164138661', 10, 0 );
CryptCreateHash ( 3276304, 32771, 0, 0, 46463808 );
CryptHashData   ( 3203424, '1db17bd8ef8bcbd734424a9eae818907LOGIN OK³·óéB', 40, 0 );
CryptCreateHash ( 3276304, 32771, 0, 0, 46463808 );
CryptHashData   ( 3203296, '1db17bd8ef8bcbd734424a9eae818907HWHASH OK', 41, 0 );

Not sure how it would come to

1db17bd8ef8bcbd734424a9eae818907

Anyone have any ideas?

+2  A: 

(see here:) The call to CryptCreateHash initiates hashing with MD5 (32771 = 0x8003): CALG_MD5 0x00008003 MD5 hashing algorithm.. And the call to CryptHashData hashes the second parameter (the one in quotes) using that hash object. I guess these long strings could be keys that are to be hashed before transmission over a network or something.

jilles de wit