UnityCrashHandler64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

UnityCrashHandler64.exe
Size

1.1MB
MD5

405054886ece3a50ec2471c4067e4795
SHA1

83834ba53cf0dfab7c0bb3c7a68a6d2c2e78caa5
SHA256

25cf2b482c0b08304f6345973c16a6b8024a172e2d088f2b57d2086fe9f8f0cb
SHA512

5e375a5b87b0d93ca1819ee7b5c5a55f5446508b0840c6b433b901ae4ae89405024e2f45085c1c044b05d768701f11e495f9976ccbb9ae5e594abf39aeafde0c
SSDEEP

12288:2Uar1fHwdwZ57oRmzHPQXoHCA03bhoaNDEo0okQqjQfz2fzAe:2Ua5fHwghAXoHCfFbNEjQqcz+zAe

Score

1^/10

Malware Config

Signatures

Files

UnityCrashHandler64.exe
.exe windows x64

3fa82adb7dd39e1a80e00cca7c15e6d3

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:7c:5a:5e:06:2a:bd:ba:fc:be:1e:c6:3d:4c:30:52
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/07/2021, 00:00

Not After

18/07/2024, 23:59

Subject

CN=Unity Technologies ApS,OU=Developer Services,O=Unity Technologies ApS,L=København,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3c:5e:e6:03:bd:c2:90:ef:96:6b:3f:56:d1:8c:f6:05:a4:57:cb:3a
Signer

Actual PE Digest

3c:5e:e6:03:bd:c2:90:ef:96:6b:3f:56:d1:8c:f6:05:a4:57:cb:3a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Unity Technologies ApS,OU=Developer Services,O=Unity Technologies ApS,L=København,C=DK

19/01/2023, 21:57
Valid: true

Chain 1

CN=Unity Technologies ApS,OU=Developer Services,O=Unity Technologies ApS,L=København,C=DK

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=Unity Technologies ApS,OU=Developer Services,O=Unity Technologies ApS,L=København,C=DK

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

GetWindowLongA
DialogBoxParamA
EndDialog
SendMessageW
SendDlgItemMessageA
GetIconInfo
SetForegroundWindow
AdjustWindowRect
UnionRect
SetWindowTextW
GetDlgItem
LookupIconIdFromDirectoryEx
InflateRect
OffsetRect
CreateIconFromResourceEx
LoadImageA
SetWindowPos

kernel32

InterlockedPopEntrySList
DuplicateHandle
VirtualProtect
GetVersionExW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapQueryInformation
HeapSize
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
FreeLibraryAndExitThread
GetConsoleOutputCP
GetConsoleMode
SetConsoleCtrlHandler
GetFileType
SetStdHandle
GetModuleHandleExW
ExitProcess
TlsSetValue
GetLastError
TlsGetValue
GetModuleHandleA
GetCurrentThread
WaitForSingleObjectEx
CloseHandle
RaiseException
GetProcAddress
GetThreadTimes
OpenThread
TryEnterCriticalSection
EnterCriticalSection
SetThreadPriority
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetCurrentThreadId
ResumeThread
GetThreadPriority
CreateThread
SwitchToThread
DeleteCriticalSection
ReadFile
GetModuleFileNameA
FindFirstFileW
FindFirstFileExW
SetLastError
RtlCaptureContext
FindNextFileW
GetCurrentProcess
WriteFile
OutputDebugStringA
RtlVirtualUnwind
GetModuleFileNameW
RtlLookupFunctionEntry
GetEnvironmentVariableA
FindClose
CreateFileW
GetFileAttributesW
QueryDepthSList
GetCurrentDirectoryA
CreateEventW
MultiByteToWideChar
GetFileAttributesA
LoadLibraryA
DeleteFileW
LoadLibraryW
GetThreadContext
SetFilePointerEx
ReadProcessMemory
FreeLibrary
WideCharToMultiByte
GetSystemTime
FlushFileBuffers
HeapFree
Thread32Next
Thread32First
WaitForSingleObject
CreateToolhelp32Snapshot
FormatMessageW
HeapAlloc
LocalFree
VerSetConditionMask
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
VerifyVersionInfoW
GetSystemTimeAsFileTime
GetStdHandle
TerminateProcess
GetProcessId
WaitForMultipleObjectsEx
OpenProcess
Sleep
SetEvent
GetThreadId
GetFileSize
CreateProcessW
CopyFileExW
AllocConsole
GetExitCodeProcess
SizeofResource
GetCommandLineW
EnumResourceNamesA
InitializeCriticalSection
SetErrorMode
FindResourceA
GetExitCodeThread
TerminateThread
LockResource
LoadResource
CreateEventA
LoadLibraryExW
GetFileSizeEx
VirtualFree
ReleaseSemaphore
VirtualAlloc
TlsAlloc
QueryPerformanceFrequency
TlsFree
QueryPerformanceCounter
IsDebuggerPresent
RtlPcToFileHeader
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTickCount
GetCPInfo
DecodePointer
EncodePointer
GetStringTypeW
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnregisterWaitEx
UnhandledExceptionFilter
ResetEvent
SuspendThread
GetTempPathW

dbghelp

SymRegisterFunctionEntryCallback64
SymLoadModuleEx

shell32

CommandLineToArgvW
SHCreateDirectoryExW

ole32

CoCreateGuid
CoTaskMemFree
CoInitializeEx

psapi

GetModuleFileNameExW

advapi32

GetUserNameA

wininet

InternetCloseHandle
InternetCrackUrlA
InternetOpenA
InternetConnectA
HttpSendRequestA
HttpOpenRequestA
HttpQueryInfoA

gdi32

GetObjectA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 525KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fa82adb7dd39e1a80e00cca7c15e6d3

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

0f:7c:5a:5e:06:2a:bd:ba:fc:be:1e:c6:3d:4c:30:52Certificate

Extended Key Usages

Key Usages

3c:5e:e6:03:bd:c2:90:ef:96:6b:3f:56:d1:8c:f6:05:a4:57:cb:3aSigner

Signature Validations

Verification

19/01/2023, 21:57 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

dbghelp

shell32

ole32

psapi

advapi32

wininet

gdi32

version

Sections

.text Size: 525KB - Virtual size: 524KB

.rdata Size: 156KB - Virtual size: 156KB

.data Size: 12KB - Virtual size: 22KB

.pdata Size: 29KB - Virtual size: 28KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 349KB - Virtual size: 349KB

.reloc Size: 5KB - Virtual size: 5KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

0f:7c:5a:5e:06:2a:bd:ba:fc:be:1e:c6:3d:4c:30:52
Certificate

3c:5e:e6:03:bd:c2:90:ef:96:6b:3f:56:d1:8c:f6:05:a4:57:cb:3a
Signer

19/01/2023, 21:57
Valid: true

.text
Size: 525KB - Virtual size: 524KB

.rdata
Size: 156KB - Virtual size: 156KB

.data
Size: 12KB - Virtual size: 22KB

.pdata
Size: 29KB - Virtual size: 28KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 349KB - Virtual size: 349KB

.reloc
Size: 5KB - Virtual size: 5KB