senddmp[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

senddmp.exe
Size

2.1MB
MD5

efd105acb9f8967b02674f672d4f0d4a
SHA1

0dcfcb900f5cb0802cafb328c9e15b83f6038d99
SHA256

25a1ebad1ddd356973acc76473be69b59ca4466199201f096b3445db0f3a9ff3
SHA512

1ce434fca586d0eb116bca47921b5785ca66bb575efb6590343efea0acf214c2fa556fe51d8f9e35bfcfa7cccd9f6c320504f0fbedf6da7c5e55e29a1c00bfe6
SSDEEP

49152:B/FS4swi+UBw1yf63t9MgYle9rN2DKjXkQbttMgw6ETPuO8Eya:HhdUK146d9Mde9r0DK9fMgHETPuBY

Score

1^/10

Malware Config

Signatures

Files

senddmp.exe
.exe windows x86

6e6e265d1a7e566746c0e6420e8759b3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

64:bc:b1:c7:ce:e4:da:58:69:d5:8f:1e:22:fb:e9:f4
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

03-09-2015 00:00

Not After

02-09-2016 23:59

Subject

CN=Autodesk\, Inc,OU=Design Solutions Group,O=Autodesk\, Inc,L=San Rafael,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:a4:94:a9:8a:17:0e:f2:f0:1d:c7:bc:45:4e:fd:76:0f:46:57:ae
Signer

Actual PE Digest

04:a4:94:a9:8a:17:0e:f2:f0:1d:c7:bc:45:4e:fd:76:0f:46:57:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetWriteFile
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
HttpEndRequestW
InternetCanonicalizeUrlW
InternetReadFile
InternetCloseHandle
InternetErrorDlg
InternetCrackUrlW
HttpSendRequestExW
HttpQueryInfoW

opengl32

wglDeleteContext
glGetError
glGetString
wglMakeCurrent
wglCreateContext

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
WaitForSingleObjectEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetACP
ExitProcess
GetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetFileType
SetStdHandle
GetCommandLineW
GetCommandLineA
VirtualQuery
VirtualAlloc
GetSystemInfo
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
GetCPInfo
LCMapStringW
GetStringTypeW
OutputDebugStringW
Sleep
GetConsoleMode
SearchPathW
MultiByteToWideChar
CreateEventW
CloseHandle
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
ResumeThread
GlobalAlloc
FindResourceW
LoadResource
SizeofResource
FreeResource
LockResource
WaitForSingleObject
SetEvent
ResetEvent
GetLastError
CreateFileW
GetFileSize
WideCharToMultiByte
ReadFile
GetUserDefaultLCID
DeleteFileW
VerSetConditionMask
VerifyVersionInfoW
GetSystemDirectoryW
GetUserDefaultLangID
GetVersionExW
GetLocaleInfoW
GetComputerNameW
GetLocalTime
GetDateFormatW
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetTempPathW
FreeLibrary
GetNativeSystemInfo
IsDBCSLeadByte
GetModuleFileNameW
GetEnvironmentVariableW
LoadLibraryExW
OpenProcess
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
lstrlenW
CreateThread
FileTimeToSystemTime
SystemTimeToFileTime
SetFilePointer
GetFileInformationByHandle
lstrcmpiW
WriteFile
UnmapViewOfFile
GetThreadLocale
GlobalSize
LocalFree
FormatMessageW
CopyFileW
SetLastError
OutputDebugStringA
GetModuleHandleA
EncodePointer
GetCurrentThreadId
GlobalDeleteAtom
lstrcmpW
LoadLibraryA
GlobalAddAtomW
GlobalFindAtomW
InitializeCriticalSectionAndSpinCount
FindClose
FindFirstFileW
FlushFileBuffers
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
GetCurrentProcess
LocalAlloc
SystemTimeToTzSpecificLocalTime
GetCurrentProcessId
GetCurrentThread
lstrcmpA
CompareStringA
SetThreadPriority
SuspendThread
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
FileTimeToLocalFileTime
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
GlobalGetAtomNameW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalFlags
CompareStringW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
lstrcpyW
SetErrorMode
FindNextFileW
GetCurrentDirectoryW
GetTickCount
GetWindowsDirectoryW
FindResourceExW
GetTempFileNameW
GetProfileIntW

user32

CopyAcceleratorTableW
IntersectRect
SystemParametersInfoW
GetMenuItemInfoW
DestroyMenu
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
TranslateMessage
GetMessageW
GetCursorPos
GetWindowThreadProcessId
CharUpperW
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
LoadMenuW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
SetRectEmpty
SendDlgItemMessageA
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
EqualRect
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
GetClassInfoExW
CallWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
SetActiveWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
InvalidateRgn
GetSubMenu
GetMenuState
GetMenuStringW
IsDialogMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsWindowEnabled
SetFocus
CheckDlgButton
SetWindowPos
MoveWindow
GetWindow
GetWindowLongW
CharNextW
GetDlgCtrlID
GetDlgItem
UnregisterClassW
DrawIcon
GetSystemMetrics
IsIconic
EnableMenuItem
EnableWindow
InvalidateRect
GetClientRect
OffsetRect
IsRectEmpty
GetSysColorBrush
RealChildWindowFromPoint
CopyImage
GetAsyncKeyState
SendMessageW
GetSysColor
DrawTextW
SetRect
GetDC
TrackMouseEvent
DestroyIcon
DeleteMenu
ReleaseDC
FillRect
CopyRect
GetDesktopWindow
PtInRect
ReleaseCapture
RedrawWindow
SetCapture
SetCursor
SetWindowLongW
IsWindow
GetWindowRect
WaitMessage
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
CreatePopupMenu
GetMenuDefaultItem
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
MapVirtualKeyW
GetParent
InflateRect
GetKeyNameTextW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongW
SetWindowRgn
DestroyCursor
SetParent
GetWindowRgn
LoadCursorW
KillTimer
SetTimer
UpdateWindow
GetClassInfoW
DefWindowProcW
IsWindowVisible
GetFocus
ClientToScreen
WindowFromPoint
ScreenToClient
PostMessageW
MapWindowPoints
BeginPaint
EndPaint
PostQuitMessage
LoadIconW
RegisterClassW
CreateWindowExW
DestroyWindow
ShowWindow
EnumDisplayDevicesW
MessageBoxW
SetForegroundWindow
LoadImageW
GetSystemMenu
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffW
ModifyMenuW
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
UnionRect
PostThreadMessageW
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
FrameRect
CopyIcon
SetCursorPos
BringWindowToTop
IsZoomed
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetMenuItemID

gdi32

GetTextFaceW
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
GetTextMetricsW
GetRgnBox
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
CombineRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
SetTextColor
SetBkColor
CreateDCW
CopyMetaFileW
GetTextColor
GetBkColor
CreateFontW
DescribePixelFormat
SetPixelFormat
ChoosePixelFormat
Ellipse
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
GetStockObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateSolidBrush
DeleteObject
DeleteDC
GetDeviceCaps
SelectObject

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetOpenFileNameW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

SystemFunction036
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

shell32

ShellExecuteW
SHAppBarMessage
SHBrowseForFolderW
DragFinish
DragQueryFileW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW

comctl32

ord17

shlwapi

PathAppendW
SHRegGetValueW
PathIsUNCW
PathStripToRootW
UrlUnescapeW
PathFindExtensionW
StrFormatKBSizeW
PathFindFileNameW
PathRemoveFileSpecW

uxtheme

GetThemeSysColor
IsAppThemed
GetWindowTheme
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeParentBackground
DrawThemeText
GetThemePartSize

ole32

CoTaskMemFree
OleDuplicateData
ReleaseStgMedium
CLSIDFromString
CLSIDFromProgID
CoDisconnectObject
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
CoTaskMemAlloc
StringFromGUID2
CoCreateGuid
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator

oleaut32

VariantChangeType
SysAllocString
VariantCopy
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysFreeString
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
SysAllocStringLen
VariantClear
SysStringLen
VariantInit
OleLoadPicture

oledlg

OleUIBusyW

gdiplus

GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipAlloc
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdiplusShutdown
GdipGetImagePaletteSize

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e6e265d1a7e566746c0e6420e8759b3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

64:bc:b1:c7:ce:e4:da:58:69:d5:8f:1e:22:fb:e9:f4Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

04:a4:94:a9:8a:17:0e:f2:f0:1d:c7:bc:45:4e:fd:76:0f:46:57:aeSigner

Headers

DLL Characteristics

File Characteristics

Imports

wininet

opengl32

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 375KB - Virtual size: 375KB

.data Size: 25KB - Virtual size: 51KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 131KB - Virtual size: 130KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

64:bc:b1:c7:ce:e4:da:58:69:d5:8f:1e:22:fb:e9:f4
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

04:a4:94:a9:8a:17:0e:f2:f0:1d:c7:bc:45:4e:fd:76:0f:46:57:ae
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 375KB - Virtual size: 375KB

.data
Size: 25KB - Virtual size: 51KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 131KB - Virtual size: 130KB