procdump64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

procdump64.exe
Size

375KB
MD5

f13dab7d9ce88ddc0c80c2b9c5f422b5
SHA1

f02df19b44e880b9810d226b743b1a4b93e49a16
SHA256

e2a7a9a803c6a4d2d503bb78a73cd9951e901beb5fb450a2821eaf740fc48496
SHA512

73015d73ef35a020c846a09af56ac01f0baac6626a0bb590d38f7fd7461194d935a7bc8cd92ba0d2b6b9842bf8075d21f2b333279a73cf37fbe9a486ce9487eb
SSDEEP

6144:BbaoysBY+FE3jneNMYZJzK1ZIQ68NeLHW2vX5NVUQYLToL6N:Bbaoys3Fm7eNMd1MI

Score

1^/10

Malware Config

Signatures

Files

procdump64.exe
.exe windows x64

e6f7f291413118f49398761021bafcf2

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:39

Not After

03/03/2021, 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e5:52:9b:0f:5a:ba:79:81:f2:47:0e:f7:df:11:c9:a9:56:ba:ff:fa:bf:20:d8:94:ab:04:30:c9:85:5f:fe:99
Signer

Actual PE Digest

e5:52:9b:0f:5a:ba:79:81:f2:47:0e:f7:df:11:c9:a9:56:ba:ff:fa:bf:20:d8:94:ab:04:30:c9:85:5f:fe:99

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

GetModuleBaseNameW
GetProcessImageFileNameW
EnumProcessModules

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shlwapi

StrStrIW

kernel32

CloseHandle
WaitForSingleObject
Sleep
DeleteCriticalSection
GetThreadContext
ReadProcessMemory
GetTickCount
OpenThread
SetLastError
GetCurrentProcess
WaitForDebugEvent
InitializeCriticalSection
DebugActiveProcessStop
ResumeThread
ContinueDebugEvent
OpenProcess
GetLastError
CreateThread
DebugActiveProcess
CreateProcessW
FreeLibrary
ExpandEnvironmentStringsW
MultiByteToWideChar
FormatMessageW
SetConsoleCtrlHandler
TerminateProcess
GetFullPathNameW
WaitForMultipleObjects
GetEnvironmentVariableA
GetFileAttributesW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetSystemInfo
GetCurrentDirectoryW
SetEvent
SystemTimeToTzSpecificLocalTime
GetSystemTime
DebugBreak
IsDebuggerPresent
GetFileSizeEx
CreateFileW
DeleteFileW
ReleaseSemaphore
GetProcessId
SetFilePointerEx
GetTimeFormatW
ExitProcess
CreateSemaphoreW
GetDateFormatW
DeviceIoControl
GetCurrentThread
VirtualQueryEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetStringTypeW
ReadFile
GetConsoleCP
FlushFileBuffers
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
GetModuleFileNameW
GetFileType
GetModuleHandleW
LocalFree
GetProcAddress
LoadLibraryW
LocalAlloc
GetStdHandle
GetCommandLineW
CreateEventW
OpenEventW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
ReadConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
GetCurrentProcessId
LCMapStringW
CompareStringW
HeapAlloc
HeapFree
GetACP
GetCommandLineA
WriteFile
WideCharToMultiByte
SetStdHandle
SetConsoleMode
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetConsoleMode
ReadConsoleInputA

user32

LoadCursorW
SetCursor
GetDlgItem
GetSysColorBrush
DialogBoxIndirectParamW
wsprintfW
GetWindowThreadProcessId
IsWindowVisible
IsHungAppWindow
EnumWindows
LoadStringA
InflateRect
SendMessageW
EndDialog
SetWindowTextW

gdi32

EndDoc
GetDeviceCaps
SetMapMode
StartDocW
EndPage
StartPage

comdlg32

PrintDlgW

advapi32

RegOpenKeyExW
CloseServiceHandle
OpenSCManagerW
EnumServicesStatusExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegOpenKeyW
RegCreateKeyW
RegQueryValueExW

shell32

CommandLineToArgvW

ole32

CLSIDFromString
CoUninitialize
CoInitializeEx
CoAllowSetForegroundWindow
CoCreateInstance

pdh

PdhGetFormattedCounterValue
PdhAddCounterW
PdhOpenQueryW
PdhCollectQueryData

Sections

.text
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6f7f291413118f49398761021bafcf2

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

e5:52:9b:0f:5a:ba:79:81:f2:47:0e:f7:df:11:c9:a9:56:ba:ff:fa:bf:20:d8:94:ab:04:30:c9:85:5f:fe:99Signer

Headers

DLL Characteristics

File Characteristics

Imports

psapi

version

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

pdh

Sections

.text Size: 215KB - Virtual size: 214KB

.rdata Size: 132KB - Virtual size: 132KB

.data Size: 3KB - Virtual size: 14KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

e5:52:9b:0f:5a:ba:79:81:f2:47:0e:f7:df:11:c9:a9:56:ba:ff:fa:bf:20:d8:94:ab:04:30:c9:85:5f:fe:99
Signer

.text
Size: 215KB - Virtual size: 214KB

.rdata
Size: 132KB - Virtual size: 132KB

.data
Size: 3KB - Virtual size: 14KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB