DumpAnalyze-bak[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

DumpAnalyze-bak.exe
Size

1.4MB
MD5

6987ceee73c2464d389e0bf6ea921ab6
SHA1

6b5c3dac170c35d59f742be12eea5e17d9803227
SHA256

846323d027f6f2602a040175ca3172a78d18bd2ab8f0216f6ddaa1861f392c8c
SHA512

37c80a055714a903f89d5721615e4f65c6ca4377057fb673c4366592e72ff178cf6e91f39a76ff3a1f6b41cae8250f8cd639b945a458dec7a5d9db7e74784f7b
SSDEEP

24576:7rkvqnpQUIc5DjFqL5UnSRNyYqJJb/Vr3tiprMJGJgF/2UbGuvfKShVqtTwiKKT4:UUFqL5U6Ixn/VOrEGJ1I9q+iKKTV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DumpAnalyze-bak.exe

Files

DumpAnalyze-bak.exe
.exe windows x86

046922df90a0faa62cee442c318b771a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
GetLocalTime
GetTickCount
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
FindResourceExW
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
FindResourceW
GlobalAlloc
MoveFileExA
MultiByteToWideChar
WideCharToMultiByte
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
lstrcmpiW
OutputDebugStringW
GetCurrentProcessId
GetCommandLineW
Sleep
TerminateProcess
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFullPathNameW
ReadFile
RemoveDirectoryW
SetFileAttributesW
WriteFile
CreatePipe
GetExitCodeProcess
CreateProcessA
lstrcpynW
lstrcatW
lstrlenW
GetStartupInfoA
MoveFileExW
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
WriteConsoleW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetConsoleCtrlHandler
SetEndOfFile
SetStdHandle
ReadConsoleW
GetFileSizeEx
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
HeapDestroy
GetLastError
RaiseException
CloseHandle
GetTempPathA
GetFileSize
DeleteFileA
CreateFileA
CreateDirectoryA
GetDriveTypeW
ExitProcess
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
CreateFileW
GetModuleHandleExW
ResumeThread
ExitThread
RtlUnwind
LoadLibraryW
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
GetVersionExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
SearchPathW
SetLastError
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
ExpandEnvironmentStringsA
LoadLibraryA
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
FormatMessageA
VerifyVersionInfoA
SleepEx
RtlCaptureStackBackTrace
VerSetConditionMask
InitializeCriticalSectionEx
GetTickCount64
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TryEnterCriticalSection
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
FormatMessageW
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent

user32

wsprintfA
MonitorFromWindow
IsDialogMessageW
LoadImageW
GetWindow
GetParent
GetDlgItem
SetWindowPos
PostQuitMessage
ShowWindow
SendMessageW
wsprintfW
SetWindowLongW
CharNextW
CreateDialogParamW
GetWindowLongW
MapWindowPoints
GetWindowRect
GetClientRect
SetWindowTextW
GetSystemMetrics
DestroyWindow
UnregisterClassW
DefWindowProcW
GetMessageW
MsgWaitForMultipleObjects
PostMessageW
PeekMessageW
DispatchMessageW
EnableWindow
TranslateMessage
GetMonitorInfoW

advapi32

CryptDestroyKey
CryptImportKey
CryptDestroyHash
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptEncrypt

shell32

ShellExecuteExW
ShellExecuteW
SHCreateDirectoryExW
ord165

ole32

CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CreateBindCtx
CoTaskMemAlloc

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

PathFileExistsW
PathFileExistsA
PathFindFileNameA
PathAddBackslashW
StrStrIW
PathFindFileNameW
PathRemoveBackslashA
PathRemoveExtensionW
PathFindExtensionW
PathRemoveFileSpecW
PathAddBackslashA
AssocQueryStringW
PathAppendW

comctl32

InitCommonControlsEx

ws2_32

accept
select
sendto
gethostname
WSASetLastError
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
socket
ntohs
htons
WSAStartup
getsockopt
getsockname
getpeername
connect
closesocket
bind
setsockopt
send
ioctlsocket
WSACleanup
WSAGetLastError
listen
__WSAFDIsSet
recv

wldap32

ord143
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

sqlite3

sqlite3_free_table
sqlite3_open
sqlite3_get_table
sqlite3_close
sqlite3_exec

urlmon

CreateURLMoniker
RegisterBindStatusCallback

dbghelp

MiniDumpReadDumpStream

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

046922df90a0faa62cee442c318b771a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

wldap32

version

sqlite3

urlmon

dbghelp

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 203KB - Virtual size: 202KB

.data Size: 15KB - Virtual size: 22KB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 48KB - Virtual size: 48KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 203KB - Virtual size: 202KB

.data
Size: 15KB - Virtual size: 22KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 48KB - Virtual size: 48KB