1d77f5d8a3bd7e87dadb98ca61bb99b72deb5be1551436f04b6bb1dc08240a46

Sharing

Copy URL

Twitter E-mail

General

Target

1d77f5d8a3bd7e87dadb98ca61bb99b72deb5be1551436f04b6bb1dc08240a46
Size

1.4MB
MD5

bbc9221292a29886428e9b64e1995d33
SHA1

02e9bea263f6f459c6245cb1e7b67830430370cc
SHA256

1d77f5d8a3bd7e87dadb98ca61bb99b72deb5be1551436f04b6bb1dc08240a46
SHA512

75de215f98dacfd5392d0019e2d5186a910317a2ac8730b4d7cb2f74ade9614db87f0f9f444271a837386f81b645c8979322e3ec8de2a46bc637cb7e830fc55a
SSDEEP

24576:6hY3So/fq7qjh/s9r5GUH+eYPKO3r4+WKZo0RnO4yPZn6iEkMK5GE1L:3lNGGB3r4+WKZoenO4yPZnUkvGEt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d77f5d8a3bd7e87dadb98ca61bb99b72deb5be1551436f04b6bb1dc08240a46

Files

1d77f5d8a3bd7e87dadb98ca61bb99b72deb5be1551436f04b6bb1dc08240a46
.exe windows:6 windows x86 arch:x86

62f4a2777cd8769bb46bb3b0bc84a218

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\data\landun\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\crashrpt.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

CreateMutexA
OutputDebugStringA
FreeLibrary
MultiByteToWideChar
GetSystemDirectoryA
Sleep
ReadFile
IsBadWritePtr
GetCurrentProcess
lstrlenW
WriteFile
TerminateProcess
GetModuleFileNameW
SetFilePointer
CreateFileW
GetCurrentThreadId
FormatMessageW
lstrcatW
LoadLibraryW
GetLocalTime
GetCurrentProcessId
CreateProcessW
GetModuleHandleW
lstrcpyW
GetTickCount
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
QueryDosDeviceW
FindFirstFileW
SetLastError
FindNextFileW
RemoveDirectoryW
GetTempPathW
FindClose
GetFileAttributesW
GetSystemDirectoryW
SetFileAttributesW
GetLogicalDriveStringsW
Process32NextW
GlobalSize
FileTimeToSystemTime
GlobalAlloc
Process32FirstW
GlobalLock
MoveFileExW
GetTempFileNameW
GlobalUnlock
GetCommandLineW
GlobalFree
OpenMutexW
CreateDirectoryW
SetFileTime
GetProcessId
WaitForSingleObject
GetFileAttributesExW
DeleteFileW
SystemTimeToFileTime
CopyFileW
GetFileTime
GetExitCodeProcess
DuplicateHandle
ExitThread
CreateEventW
CreateThread
LocalFree
InitializeCriticalSectionAndSpinCount
GetVersionExW
LoadLibraryExW
GetWindowsDirectoryW
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
HeapFree
GetFullPathNameW
lstrlenA
GetFileSize
OutputDebugStringW
HeapAlloc
GetProcessHeap
DebugBreak
CreateMutexW
ReleaseMutex
VirtualFree
VirtualAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
InitializeCriticalSection
SetEvent
OpenFileMappingW
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingW
MapViewOfFile
FormatMessageA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OpenMutexA
GetLocaleInfoEx
EncodePointer
LCMapStringEx
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
TerminateThread
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
GetStringTypeW
CompareStringEx
GetCPInfo
RaiseException
UnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCommandLineA
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetCurrentThread
ExitProcess
GetStdHandle
HeapSize
HeapReAlloc
GetFileType
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
SetStdHandle
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
SetConsoleCtrlHandler
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
SetEndOfFile
GetEnvironmentVariableW
CreateFileA
GlobalMemoryStatusEx
Process32Next
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
CopyFileA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
ReadProcessMemory
OpenProcess
DeleteCriticalSection
TryAcquireSRWLockExclusive
InitializeCriticalSectionEx
GetLastError
CloseHandle
DecodePointer
GetFileAttributesA
CreateDirectoryA
LocalAlloc
SubmitThreadpoolWork

user32

CharNextW
LoadStringW
TranslateMessage
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
wsprintfW
GetProcessWindowStation
GetUserObjectInformationW
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
ShowWindow
IsWindow
OpenClipboard
GetMonitorInfoW
GetWindowThreadProcessId
EmptyClipboard
UnregisterClassW
GetForegroundWindow
EnumClipboardFormats
EnumWindows
GetClipboardData
GetClassNameW
SetClipboardData
GetDesktopWindow
SystemParametersInfoW
GetParent
SetForegroundWindow
IsIconic
ReleaseDC
wvsprintfW
MonitorFromPoint
FindWindowExW
GetWindowRect
SendMessageTimeoutW
GetDC
WindowFromPoint
GetFocus
SetRectEmpty
GetGUIThreadInfo
MessageBoxW
AttachThreadInput
IsWindowVisible
GetWindowLongW
SetWindowPos
UnregisterClassA
CloseClipboard
keybd_event

advapi32

LookupAccountNameW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetNamedSecurityInfoW
SetNamedSecurityInfoW
AddAce
SetEntriesInAclW
BuildExplicitAccessWithNameW
EqualSid
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegDeleteKeyW
LookupAccountSidW
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW
RegFlushKey
RegQueryInfoKeyW
RegEnumKeyW
GetAce
SetSecurityDescriptorSacl
AddAccessAllowedAce
GetLengthSid
AddAccessAllowedAceEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
InitializeAcl
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExW
RegQueryValueExA
GetAclInformation
GetFileSecurityW
SetFileSecurityW

imm32

ImmDisableIME

psapi

GetModuleInformation
GetProcessMemoryInfo
GetModuleFileNameExW

wininet

InternetCloseHandle
InternetConnectA
InternetOpenUrlA
InternetReadFile
InternetOpenA
HttpOpenRequestA
HttpQueryInfoA
InternetSetOptionA
HttpEndRequestA
HttpSendRequestA
HttpAddRequestHeadersA

gdi32

DeleteDC
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
StretchBlt
GetDeviceCaps
DeleteObject

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHFileOperationW
ShellExecuteExW
SHGetFolderPathW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

62f4a2777cd8769bb46bb3b0bc84a218

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

imm32

psapi

wininet

gdi32

shell32

ole32

oleaut32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 190KB - Virtual size: 189KB

.data Size: 15KB - Virtual size: 151KB

.rsrc Size: 80KB - Virtual size: 80KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 190KB - Virtual size: 189KB

.data
Size: 15KB - Virtual size: 151KB

.rsrc
Size: 80KB - Virtual size: 80KB