crdvip[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

crdvip.exe
Size

29KB
MD5

9b726550e4c82bbeb045150e75fee720
SHA1

e42d4d119e7ed4104f89e9242439003328320540
SHA256

2156279eac34cc622f755766de61090290ff8b0960ebb46b03038ae321b3566d
SHA512

bc919b76d0dc34af5156d170bcdc80d46218810d144fcceba7acdf0aa6069c9b66569750cdd2dedc4b503a0a823c57ceb169f0441e552161900e6e7601efb3c9
SSDEEP

384:yuFGSBYpI5xk2SJUkU3ij/PofixfO/gJ+N+4sV6Vey6Yr9jKmZzPzWN5WrNuimn:v1YbKyj/P4InJBjk6A9j1Zbe5/n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
crdvip.exe

Files

crdvip.exe
.exe windows:10 windows x86 arch:x86

7811c1109d45b9069e28dfee0c0f979d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

credwiz.pdb

Imports

advapi32

GetTokenInformation
DuplicateToken
ImpersonateLoggedOnUser
RevertToSelf
CredRestoreCredentials
CredpEncodeSecret
ConvertStringSecurityDescriptorToSecurityDescriptorW
CredBackupCredentials

kernel32

GetOverlappedResult
CreateThread
SleepEx
GetTempFileNameW
ReadFile
CloseHandle
LocalFree
HeapSetInformation
DeleteFileW
FormatMessageW
CancelIo
HeapFree
HeapAlloc
GetProcessHeap
GetFileSizeEx
SetEvent
SetLastError
CreateEventW
OpenProcess
DuplicateHandle
CreateFileW
GlobalFree
LocalAlloc
GetTempPathW
WaitForMultipleObjects
WriteFile
GetCommandLineW
GetLastError

gdi32

CreateFontIndirectW
GetObjectW

user32

EnableWindow
GetDlgItem
SetWindowLongW
SetFocus
SendDlgItemMessageW
GetDlgItemTextW
ShowWindow
GetParent
GetWindowLongW
PostMessageW
CheckRadioButton
SendMessageW
SetWindowTextW
LoadStringW

msvcrt

__set_app_type
exit
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_exit
_cexit
wcsncmp
swscanf
_vsnwprintf
__p__fmode
_ismbblead
__setusermatherr
memset
_controlfp
?terminate@@YAXXZ
_initterm
_acmdln
_except_handler4_common

rpcrt4

RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcStringFreeW
RpcAsyncCancelCall
RpcAsyncCompleteCall
RpcBindingFree
RpcAsyncInitializeHandle
RpcBindingFromStringBindingW
NdrAsyncClientCall2
I_RpcExceptionFilter

crypt32

CryptUnprotectData
CryptProtectData

samcli

NetValidatePasswordPolicy

netutils

NetApiBufferFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetStartupInfoW
TerminateProcess
GetCurrentProcess

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

TpAllocWait
NtPrivilegeCheck
RtlNtStatusToDosError
NtOpenProcessToken
NtAdjustPrivilegesToken
TpWaitForWait
TpSetWait
TpReleaseWait
NtClose

comctl32

CreatePropertySheetPageW
PropertySheetW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

msctfmonitor

InitLocalMsCtfMonitor
UninitLocalMsCtfMonitor

shell32

CommandLineToArgvW

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7811c1109d45b9069e28dfee0c0f979d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

rpcrt4

crypt32

samcli

netutils

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

ntdll

comctl32

comdlg32

msctfmonitor

shell32

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 3KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 3KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 1KB - Virtual size: 1KB