psr.pdb
Static task
static1
1 signatures
General
-
Target
psr.exe
-
Size
232KB
-
MD5
eeb735e47383bb98cdd795e1fd80cf57
-
SHA1
d854353bccdaf726f101b8f15954300e0408b77d
-
SHA256
dcada6cc107df24822206056cbff18f455e63ecd1ed80ec7bb957ba0e41ef1a8
-
SHA512
68747a4ac2188ea8965c2e9a7e9db0dd8f2a154878f9791c28d87823d63b8d2147289ba10fe3a6de4f829d0c2644f106dc69a5f2182ef17ac4163bc6d52d054d
-
SSDEEP
6144:aB4PYjZdl12f442REUgPhWzDywqIv420KF:aB4Ps+h2RsPh0DywA20m
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource psr.exe
Files
-
psr.exe.exe windows:10 windows x64 arch:x64
2b76fb632481a223b4b2738d86e33102
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
advapi32
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegGetValueW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegGetValueA
RegOpenKeyW
CloseTrace
ProcessTrace
OpenTraceW
kernel32
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetSystemTime
SystemTimeToTzSpecificLocalTime
CopyFileW
WideCharToMultiByte
HeapAlloc
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
InitializeCriticalSection
GetSystemTimeAsFileTime
FormatMessageW
Sleep
MultiByteToWideChar
LockResource
LoadResource
FindResourceW
GetFullPathNameW
RaiseException
DeleteCriticalSection
UnregisterWait
GetCurrentProcess
IsWow64Process
HeapSetInformation
GetModuleHandleW
RegisterWaitForSingleObject
CreateMutexW
GetSystemDirectoryW
HeapFree
VirtualQuery
GetSystemInfo
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
VirtualProtect
FindNextFileA
FindFirstFileA
GetDriveTypeA
GetFileAttributesExW
SetFileAttributesW
GetFileInformationByHandle
SetFilePointer
ReplaceFileW
MoveFileExW
lstrcmpA
GlobalReAlloc
FileTimeToDosDateTime
IsDBCSLeadByte
CreateFileA
lstrlenA
TlsGetValue
TlsFree
GlobalFree
GlobalHandle
TlsSetValue
TlsAlloc
DeleteFileW
LocalFree
ExpandEnvironmentStringsW
GetCommandLineW
Wow64DisableWow64FsRedirection
CloseHandle
SetEvent
GetCurrentThreadId
GetDateFormatW
MapViewOfFile
CreateFileMappingW
GetFileSize
UnmapViewOfFile
WriteFile
SizeofResource
ReadFile
SetCurrentDirectoryW
GetCurrentDirectoryW
DeleteFileA
FileTimeToLocalFileTime
OpenProcess
CreateFileW
GetTimeFormatW
FileTimeToSystemTime
GetProductInfo
GetVersionExW
FindClose
FindFirstFileW
FreeLibrary
OutputDebugStringA
GetTickCount
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
DecodePointer
EncodePointer
LoadLibraryExA
VirtualAlloc
VirtualFree
lstrcmpiW
lstrcmpiA
WaitForSingleObject
CreateEventW
GetCurrentProcessId
GetLastError
GetFileAttributesW
CreateDirectoryW
OpenEventW
GetFileAttributesExA
gdi32
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps
user32
RedrawWindow
GetClassInfoExW
CreateWindowExW
DestroyWindow
CreateAcceleratorTableW
ClientToScreen
GetParent
SetWindowPos
GetSysColor
DefWindowProcW
LoadCursorW
CharUpperBuffA
CharPrevA
CharToOemBuffA
OemToCharBuffA
CharNextA
DispatchMessageA
PeekMessageA
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
GetClientRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
SetWindowLongPtrW
GetWindowLongPtrW
GetWindowLongW
SetWindowTextW
PostQuitMessage
LoadAcceleratorsW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
CharNextW
CharUpperW
RegisterClassExW
MapDialogRect
SetWindowContextHelpId
TranslateAcceleratorW
LoadIconW
PostMessageW
TrackPopupMenu
EnableMenuItem
DestroyMenu
GetSubMenu
LoadMenuW
MapWindowPoints
DestroyIcon
GetDlgItemTextW
GetDlgItemInt
EndDialog
SetDlgItemTextW
EnableWindow
SetDlgItemInt
SendDlgItemMessageW
DialogBoxParamW
SetForegroundWindow
UnregisterHotKey
GetKeyState
UnregisterClassW
KillTimer
SetTimer
IsWindowVisible
GetWindowRect
AdjustWindowRect
GetProcessDefaultLayout
RegisterHotKey
UpdateWindow
ShowWindow
SystemParametersInfoW
GetSysColorBrush
GetSystemMetrics
LoadStringW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
GetDlgItem
SendMessageW
IsWindow
GetClassNameW
UnregisterClassA
CharLowerA
MessageBoxW
SetWindowLongW
msvcrt
free
wcscat_s
wcsncpy_s
mbstowcs_s
qsort
_wcsupr
wcsstr
wcstoul
_wcstoui64
wcstol
wcsrchr
_itow_s
_vsnprintf
_mktemp
strstr
wcscpy_s
_vscwprintf
wcschr
time
gmtime
localtime
strncmp
_getdrive
memcpy_s
swprintf_s
malloc
calloc
_callnewh
_XcptFilter
__C_specific_handler
_vsnwprintf
_wtoi
_wcsicmp
__CxxFrameHandler3
_snwscanf_s
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_CxxThrowException
memcmp
memcpy
memmove
_cexit
__setusermatherr
_initterm
_wcmdln
_fmode
_commode
?terminate@@YAXXZ
memset
realloc
_errno
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
wcscmp
comctl32
ImageList_Destroy
InitCommonControlsEx
ImageList_Create
ImageList_GetIcon
ImageList_ReplaceIcon
ord381
ntdll
EtwEventWriteNoRegistration
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
oleaut32
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
VarBstrCmp
SysFreeString
VariantClear
VariantInit
SysAllocStringLen
LoadRegTypeLi
OleCreateFontIndirect
UnRegisterTypeLi
SysStringByteLen
ole32
OleUninitialize
CoCreateGuid
StringFromGUID2
CoInitializeEx
CoTaskMemFree
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemAlloc
CoGetClassObject
CoCreateInstance
CoInitialize
shell32
CommandLineToArgvW
SHFileOperationW
ord171
SHCreateItemInKnownFolder
ShellAboutW
ShellExecuteExW
shlwapi
PathFindExtensionW
PathGetArgsW
PathRemoveExtensionW
PathFindFileNameW
PathCombineW
PathRemoveBlanksW
PathRemoveFileSpecW
PathFileExistsW
SHAutoComplete
PathAppendW
SHCreateStreamOnFileEx
PathFindExtensionA
PathMatchSpecExA
PathIsSameRootW
ord218
ord216
uireng
UirGetScreenComment
UirStartRecordingSession
UirInitializeEngine
UirStopRecordingSession
UirPauseRecordingSession
UirResumeRecordingSession
UirUpdateRecordingSession
UirOutCreateOutputFile
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
xmllite
CreateXmlWriter
Sections
.text Size: 178KB - Virtual size: 178KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 592B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ