5e87af7f81430f6b46693fad6306fb5c449531c2cb9587f54acdf2c192392c73

Sharing

Copy URL

Twitter E-mail

General

Target

5e87af7f81430f6b46693fad6306fb5c449531c2cb9587f54acdf2c192392c73
Size

4.0MB
MD5

f9af19139b3c49d9df359f3d2995ad6a
SHA1

8443d1e0467df25df35917d288635e66f99cdc61
SHA256

5e87af7f81430f6b46693fad6306fb5c449531c2cb9587f54acdf2c192392c73
SHA512

07f92cc90449ef8775e91efdb763500f261492618417f97439313bf7daab36296010bc7d9849d4ab0389a38887c0287faa65ae296ea84285204b58bdc1edd33c
SSDEEP

98304:/Bv0bokpUguAdP/uyXSgCa4KQ2UG8lg/6OTt:10bokpUe4gNMlK9Tt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
5e87af7f81430f6b46693fad6306fb5c449531c2cb9587f54acdf2c192392c73

Files

5e87af7f81430f6b46693fad6306fb5c449531c2cb9587f54acdf2c192392c73
.exe windows:6 windows x86 arch:x86

d34323eed582aa4738c7407bc60fdd58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Github\game-engine\build\vs2019\client\x86\CrashHandler\app\Release\CrashHandler.pdb

Imports

winhttp

WinHttpOpenRequest
WinHttpOpen
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpWriteData
WinHttpReadData
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpConnect

shell32

SHGetFolderPathAndSubDirW

ws2_32

WSASetLastError
__WSAFDIsSet
WSAIoctl
getpeername
connect
getsockopt
ioctlsocket
WSAGetLastError
getaddrinfo
gethostname
freeaddrinfo
getnameinfo
htonl
ntohl
recv
select
closesocket
shutdown
ntohs
getsockname
bind
setsockopt
socket
htons
WSACleanup
WSAStartup
send

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

powrprof

CallNtPowerInformation

kernel32

GetStringTypeW
InitializeSListHead
GetCPInfo
CompareStringEx
UnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
LoadLibraryExW
GetCommandLineA
GetCommandLineW
GetLocaleInfoEx
HeapSize
WaitForSingleObject
GetCurrentThreadId
Sleep
CloseHandle
GetCurrentProcessId
IsDebuggerPresent
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToFileTime
GetSystemTime
QueryPerformanceCounter
MultiByteToWideChar
WideCharToMultiByte
CreateEventA
CreateSemaphoreA
DuplicateHandle
ReleaseSemaphore
WaitForSingleObjectEx
SetEvent
GetModuleFileNameA
GetTickCount
GetProcAddress
GetModuleHandleA
GetSystemTimeAsFileTime
HeapAlloc
GetProcessHeap
HeapFree
WaitForMultipleObjectsEx
FormatMessageW
GetLastError
K32GetProcessMemoryInfo
LoadLibraryA
GetVersionExA
GetSystemInfo
GetCurrentProcessorNumber
VerSetConditionMask
GlobalMemoryStatusEx
GetModuleHandleW
VerifyVersionInfoW
DebugBreak
IsWow64Process
GetProcessTimes
CreateFileW
RaiseException
InitializeCriticalSectionEx
DecodePointer
DeleteCriticalSection
VirtualQuery
SwitchToThread
ResetEvent
CreateSemaphoreExW
SetLastError
TerminateProcess
ReleaseMutex
OpenProcess
OutputDebugStringW
OpenSemaphoreW
CreateMutexExW
CreateProcessW
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LocalFree
VerifyVersionInfoA
GetEnvironmentVariableA
SleepEx
FormatMessageA
GetEnvironmentVariableW
GetStdHandle
ExitThread
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
GetFileType
WriteFile
ConvertFiberToThread
ConvertThreadToFiber
FreeLibrary
LoadLibraryW
SetWaitableTimer
ResumeThread
CreateWaitableTimerA
CreateDirectoryW
GetFullPathNameW
DeviceIoControl
RemoveDirectoryW
SetFileTime
SetEndOfFile
GetTempPathW
GetFileAttributesW
GetFileInformationByHandle
GetFileAttributesExW
GetDiskFreeSpaceExW
DeleteFileW
GetCurrentDirectoryW
SetFilePointerEx
MoveFileExW
GetFileTime
AreFileApisANSI
SetUnhandledExceptionFilter
SetProcessShutdownParameters
SetConsoleCtrlHandler
LockFileEx
UnlockFileEx
GetProcessId
GetThreadContext
IsProcessorFeaturePresent
GetTimeZoneInformation
GetThreadLocale
GetSystemDefaultLCID
GetUserDefaultLCID
ConnectNamedPipe
DisconnectNamedPipe
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateEventW
CreateThread
UnregisterWaitEx
RegisterWaitForSingleObject
GetFileSizeEx
ReadFile
FindFirstFileExW
VirtualQueryEx
ReadProcessMemory
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetVersion
CreateSemaphoreW
GetLocalTime
TryEnterCriticalSection
InitOnceExecuteOnce
LCMapStringEx
EncodePointer
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetNativeSystemInfo
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
FreeLibraryAndExitThread
SetStdHandle
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
ExitProcess
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
FlushFileBuffers
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
ReleaseSRWLockShared
AcquireSRWLockShared
GetConsoleMode
SuspendThread
InitOnceBeginInitialize
InitOnceComplete

user32

DispatchMessageW
PostMessageW
DefWindowProcW
TranslateMessage
UnregisterClassW
CreateWindowExW
MessageBoxW
GetWindowLongW
RegisterClassW
GetUserObjectInformationW
SetWindowLongW
EnumDisplayDevicesA
GetMessageW
GetProcessWindowStation
DestroyWindow

ole32

CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoInitializeEx
CoUninitialize
CoCreateGuid

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
BuildSecurityDescriptorW
RevertToSelf
ImpersonateNamedPipeClient
RegQueryValueExW
RegQueryValueExA
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SystemFunction036
CryptDestroyKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegCloseKey
RegOpenKeyExW

winmm

timeGetDevCaps
timeGetTime
timeBeginPeriod
timeSetEvent

bcrypt

BCryptGenRandom

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 916KB - Virtual size: 915KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

$'�b�u1
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d34323eed582aa4738c7407bc60fdd58

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winhttp

shell32

ws2_32

crypt32

powrprof

kernel32

user32

ole32

advapi32

winmm

bcrypt

version

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 916KB - Virtual size: 915KB

.data Size: 66KB - Virtual size: 2.6MB

CPADinfo Size: 512B - Virtual size: 40B

.rsrc Size: 1024B - Virtual size: 896B

.reloc Size: 139KB - Virtual size: 139KB

$'�b�u1 Size: 16KB - Virtual size: 20KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 916KB - Virtual size: 915KB

.data
Size: 66KB - Virtual size: 2.6MB

CPADinfo
Size: 512B - Virtual size: 40B

.rsrc
Size: 1024B - Virtual size: 896B

.reloc
Size: 139KB - Virtual size: 139KB

$'�b�u1
Size: 16KB - Virtual size: 20KB