DataStoreCacheDumpTool[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

DataStoreCacheDumpTool.exe
Size

184KB
MD5

a51e8f7a1c2cace54bc2c8f7fe8cff57
SHA1

465d3213eb702592776296a6dba1f56b55a5e627
SHA256

a7acb4da8fa0b7ddbfcfecb3bd66013b046f474f27c86a326099ae41a855669f
SHA512

7cca29be0ca2636f9cd450b4db68a332611a65519ae6e632509c7cffe52ad4c5b3c3d0dc29039accd806df053bfdef87d228f6287cba9bb4120c1007ae58ac29
SSDEEP

3072:X/p4kXb0FEtSx4s62sB2C/IT/Zuko4LpFveoX/br04hYbe:X/Db0FEU2g2/W/do+hYb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DataStoreCacheDumpTool.exe

Files

DataStoreCacheDumpTool.exe
.exe windows:10 windows x64 arch:x64

92d24aaef3eb74338a5a2498bef83307

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__fileno
_o__get_errno
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__setmode
memmove
_o__configure_wide_argv
_o__wfopen
_o_ceilf
_o_exit
_o_fclose
_o_free
_o_malloc
_o_sqrt
_o_terminate
_o_towupper
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__callnewh
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
_o__configthreadlocale
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o___p__commode
_o___p___wargv
_o___p___argc
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
FreeLibrary

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

SetEvent
InitializeCriticalSectionEx
AcquireSRWLockExclusive
LeaveCriticalSection
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseMutex
CreateMutexExW
AcquireSRWLockShared
ReleaseSemaphore
DeleteCriticalSection
WaitForSingleObject
EnterCriticalSection
CreateEventExW
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
ResetEvent
CreateEventW
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoWaitForMultipleHandles
StringFromGUID2
CoUninitialize
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoInitializeEx

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
TerminateProcess
GetCurrentThread

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-path-l1-1-0

PathCchCanonicalizeEx
PathCchRemoveFileSpec

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDuplicateString
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsFileSpecW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize
ReadFile

api-ms-win-shcore-stream-l1-1-0

IStream_Reset
IStream_Read
SHCreateMemStream
IStream_Size

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92d24aaef3eb74338a5a2498bef83307

Headers

DLL Characteristics

File Characteristics

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-shell-shdirectory-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 112KB - Virtual size: 110KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 4KB - Virtual size: 3KB

.pdata Size: 8KB - Virtual size: 5KB

.didat Size: 4KB - Virtual size: 32B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 472B

.text
Size: 112KB - Virtual size: 110KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 8KB - Virtual size: 5KB

.didat
Size: 4KB - Virtual size: 32B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 472B