pid[.]1336[.]0x7ff76a920000[.]dmp

Sharing

Copy URL Twitter E-mail

General

Target

pid.1336.0x7ff76a920000.dmp
Size

64KB
MD5

703a7760c4dd5a3a65cbcdf53048c814
SHA1

6a532da8bd5e44f78d78e959dbf8beae5b94b77f
SHA256

1195d85978b077ca41b188f0016ce914c7fc2015f4afe99ce4a082aba4b03a63
SHA512

42f1ef5c415f2ddc37000e503c859ff3066e5c248241bccb4ef650ae03d1970478619d64797ea2dcbe0cd1230bf432e4889c9761ff4afbc9def1375d291b8993
SSDEEP

768:GCsmFHQ68l82s0GSNvJmEbcetbPamvK+mdGVajXu2YCD8HVb79:G12HQC2s0GivbBtifbYRx9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pid.1336.0x7ff76a920000.dmp

Files

pid.1336.0x7ff76a920000.dmp
.exe windows:10 windows x64

247b9220e5d9b720a82b2c8b5069ad69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-crt-l2-1-0

_initterm
_initterm_e
__wgetmainargs
exit

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken
TerminateProcess
SetProcessAffinityUpdateMode
ExitProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetErrorMode
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-service-private-l1-1-3

I_RegisterSvchostNotificationCallback

api-ms-win-core-crt-l1-1-0

qsort_s
memcpy
memset
_wcsicmp

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
LoadLibraryExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapSetInformation

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-service-core-l1-1-0

SetServiceStatus
StartServiceCtrlDispatcherW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegDisablePredefinedCacheEx
RegOpenKeyExW
RegGetValueW
RegEnumKeyExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy

api-ms-win-core-processthreads-l1-1-2

SetProtectedPolicy

rpcrt4

RpcServerUnregisterIf
I_RpcMapWin32Status
RpcMgmtSetServerStackSize
I_RpcServerDisableExceptionFilter
RpcServerUseProtseqEpW
RpcServerUnregisterIfEx
RpcMgmtStopServerListening
RpcServerListen
RpcMgmtWaitServerListen
RpcServerRegisterIf

api-ms-win-core-localization-l1-2-0

LCMapStringW

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
MakeAbsoluteSD
AddAccessAllowedAce
GetTokenInformation
GetLengthSid
InitializeAcl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-crt-utility-l1-1-0

bsearch_s

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
DeactivateActCtx
ReleaseActCtx
CreateActCtxW

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

ntdll

RtlQueryHeapInformation
TpAllocTimer
_vsnwprintf
EtwEventEnabled
TpReleaseWait
RtlNtStatusToDosErrorNoTeb
TpSetWait
TpAllocWait
EtwEventRegister
RtlUnhandledExceptionFilter
NtSetInformationProcess
RtlSetProcessIsCritical
TpSetTimerEx
TpSetTimer
RtlImageNtHeader
RtlValidSecurityDescriptor
NtQuerySystemInformation
RtlRunOnceExecuteOnce
RtlNtStatusToDosError
RtlFreeHeap
EtwEventWrite
TpReleaseTimer
RtlInitializeCriticalSection
RtlInitializeSid
RtlSubAuthoritySid
RtlGetDeviceFamilyInfoEnum
RtlReleaseSRWLockExclusive
RtlSubAuthorityCountSid
RtlAcquireSRWLockExclusive
RtlLengthRequiredSid
RtlDeriveCapabilitySidsFromName
RtlCopySid
TpWaitForTimer
RtlAllocateHeap

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

247b9220e5d9b720a82b2c8b5069ad69

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-crt-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-service-private-l1-1-3

api-ms-win-core-crt-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-processthreads-l1-1-2

rpcrt4

api-ms-win-core-localization-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-threadpool-private-l1-1-0

ntdll

api-ms-win-core-heap-l2-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 4KB

.pdata Size: 4KB - Virtual size: 4KB

.didat Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 4KB

.didat
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB