DataStoreCacheDumpTool[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

DataStoreCacheDumpTool.exe
Size

153KB
MD5

2b01655c46af5b4fa1e6121cc96b1b15
SHA1

f8dda3cab5fe8a233883d7a11723582f45895b96
SHA256

d7c9c67c0d6b2d8fdd16f8e80c9af87ce04bfde2a4c1bc296f6dac0649b100b0
SHA512

352e635c591ed4d281fe5b4968ed343b436824378230fe2b43ee70501c15fff1f6439a9627cdac6066e628a9b299b6124cff3a0550baee267e679573c00beaaf
SSDEEP

3072:HiSPKfwMe2mJuuHEVsdwjHnsPWLpFRa+wiuPyC8ufxP:HiSEwMe2mJZkVsdwjHnPrQyC8+xP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DataStoreCacheDumpTool.exe

Files

DataStoreCacheDumpTool.exe
.exe windows x64

a01ff0bd6c4a8c092be972a2eed00430

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__fileno
_o__get_errno
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__setmode
memmove
_o__configthreadlocale
_o__wfopen
_o_exit
_o_fclose
_o_free
_o_malloc
_o_sqrt
_o_terminate
_o_towupper
__C_specific_handler
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o__cexit
_o__callnewh
_o__configure_wide_argv
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
CreateEventExW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockShared
WaitForSingleObject
OpenSemaphoreW
CreateSemaphoreExW
AcquireSRWLockExclusive
ReleaseMutex
SetEvent
ReleaseSRWLockExclusive
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoTaskMemRealloc
CoUninitialize
StringFromGUID2
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentThread
OpenThreadToken
GetCurrentThreadId

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchCanonicalizeEx

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsDuplicateString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsFileSpecW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize
ReadFile

api-ms-win-shcore-stream-l1-1-0

IStream_Read
IStream_Reset
SHCreateMemStream
IStream_Size

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a01ff0bd6c4a8c092be972a2eed00430

Headers

DLL Characteristics

File Characteristics

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-shell-shdirectory-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 101KB - Virtual size: 100KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 5KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 452B

.text
Size: 101KB - Virtual size: 100KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 452B