Faultrep[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Faultrep.dll
Size

340KB
MD5

ba2089bbced97f4eb06d1da90aa44f1a
SHA1

1ea31703f45024aa47b87ce5c89960c8275982d8
SHA256

1a6b45bdc65c2199c77cd1c36c5d2d724c825c51223d7318e4bd4d576a8835f5
SHA512

110b500686b2f5e3eadb136d15a0b1c0b11ee14f234e07177e92e60be316f9e7bafad1ae3f53a18ce5ac4317949801b25d209a3cb3e735bb0e18c913f12f9390
SSDEEP

6144:lIZJOcmla8oS/BXskGKNQCnpdg3S54NVJyB60OHyLC7vnBp8:lIDaaS/BX75d15gc2HywvBq

Score

1^/10

Malware Config

Signatures

Files

Faultrep.dll
.dll windows:10 windows x86 arch:x86

00cb1a683ef24e1a897f805a05375e86

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dd:a4:be:af:8e:70:1d:2d:59:8b:55:4b:77:e1:6b:15:99:5a:72:22:b4:18:7e:37:90:2c:8f:31:3d:de:4a:8d
Signer

Actual PE Digest

dd:a4:be:af:8e:70:1d:2d:59:8b:55:4b:77:e1:6b:15:99:5a:72:22:b4:18:7e:37:90:2c:8f:31:3d:de:4a:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FaultRep.pdb

Imports

msvcrt

realloc
memcmp
_local_unwind4
_CxxThrowException
memcpy
__CxxFrameHandler3
_purecall
_callnewh
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
srand
_except_handler4_common
??1type_info@@UAE@XZ
_initterm
_amsg_exit
_XcptFilter
swprintf_s
_vsnprintf_s
memcpy_s
malloc
free
_vsnwprintf
rand
rand_s
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
time
memset

api-ms-win-core-localization-l1-2-1

FormatMessageW
LCMapStringW

api-ms-win-core-processthreads-l1-1-2

GetCurrentThread
SetThreadPriority
GetProcessTimes
CreateRemoteThread
GetCurrentThreadId
GetExitCodeThread
OpenThread
GetThreadPriority
GetCurrentProcessId
GetThreadId
TerminateProcess
GetCurrentProcess
GetThreadContext
CreateThread
OpenProcess
DeleteProcThreadAttributeList
OpenProcessToken
InitializeProcThreadAttributeList
GetProcessId
GetExitCodeProcess
UpdateProcThreadAttribute
CreateProcessW

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
DisableThreadLibraryCalls
LoadStringW
FreeLibrary
GetProcAddress
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegGetValueW
RegCreateKeyExW
RegSetValueExW
RegSetKeySecurity
RegGetKeySecurity

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister
EventWrite

api-ms-win-core-synch-l1-2-0

SetEvent
ResetEvent
CreateMutexW
Sleep
OpenEventW
WaitForSingleObjectEx
CreateEventW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OpenMutexW
WaitForSingleObject

api-ms-win-core-errorhandling-l1-1-1

GetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
SetErrorMode

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime
GetVersionExW
GlobalMemoryStatusEx
GetSystemDirectoryW
GetWindowsDirectoryW
GetNativeSystemInfo

ntdll

DbgPrint
wcsstr
memmove
isspace
RtlSetThreadErrorMode
RtlFreeHeap
RtlAllocateHeap
tolower
NtSetInformationProcess
wcschr
RtlNtStatusToDosError
RtlDecodeSystemPointer
NtClearEvent
NtWaitForMultipleObjects
RtlSetCurrentTransaction
RtlGetCurrentTransaction
RtlDetermineDosPathNameType_U
NtQueryValueKey
RtlInitUnicodeStringEx
NtOpenKey
RtlReleasePebLock
wcsncmp
RtlTryAcquirePebLock
_wcsnicmp
RtlGetUnloadEventTraceEx
ZwQueryInformationThread
towlower
NtResumeThread
NtSuspendThread
NtGetNextThread
_wtoi
_wcsicmp
ShipAssert
NtSetSystemInformation
DbgPrintEx
PssNtFreeSnapshot
ZwQueryWnfStateNameInformation
ZwUpdateWnfStateData
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
NtQueryInformationToken
NtQueryInformationThread
RtlImageNtHeaderEx
NtQueryEvent
NtSetInformationFile
EtwEventWriteNoRegistration
NtQuerySystemInformation
_vscwprintf
iswspace
RtlSecondsSince1970ToTime
wcscpy_s
wcscat_s
wcsncpy_s
RtlCompareMemory
NtSystemDebugControl
RtlWerpReportException
NtSuspendProcess
NtResumeProcess
RtlCreateProcessReflection
NtOpenEvent
NtWaitForSingleObject
RtlAllocateAndInitializeSid
RtlInitUnicodeString
NtAlpcConnectPort
NtAlpcSendWaitReceivePort
RtlFreeSid
RtlQueryResourcePolicy
NtOpenProcess
PssNtCaptureSnapshot
NtClose
wcsrchr
NtQueryInformationProcess
EtwTraceMessage
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlAdjustPrivilege

api-ms-win-core-com-l1-1-1

CoUninitialize
CoUnmarshalInterface
CoRevertToSelf
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
CoSetProxyBlanket
CoGetMalloc
CoImpersonateClient
CoCreateInstance

kernelbase

LocalAlloc
CreateProcessAsUserW

api-ms-win-service-private-l1-1-1

I_QueryTagInformation

dbghelp

MiniDumpWriteDump

api-ms-win-core-windowserrorreporting-l1-1-0

GetApplicationRecoveryCallback
WerGetFlags

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

rpcrt4

NdrOleAllocate
NdrOleFree
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_QueryInterface
NdrDllGetClassObject
NdrDllCanUnloadNow
RpcStringFreeW
UuidCreate
UuidToStringW
NdrCStdStubBuffer_Release
IUnknown_Release_Proxy
IUnknown_QueryInterface_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient3
ObjectStublessClient4
ObjectStublessClient5

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-file-l1-2-1

CreateFileW
SetFileAttributesW
FindFirstFileW
GetFinalPathNameByHandleW
SetFileInformationByHandle
CreateDirectoryW
WriteFile
FlushFileBuffers
SetFilePointerEx
GetFileAttributesW
FindNextFileW
SetEndOfFile
GetTempPathW
FindClose
QueryDosDeviceW
GetLogicalDriveStringsW
DeleteFileW
GetTempFileNameW
ReadFile
GetDriveTypeW
GetLongPathNameW

api-ms-win-security-lsalookup-l2-1-1

LookupPrivilegeValueW

api-ms-win-security-base-l1-2-0

AdjustTokenPrivileges
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RevertToSelf
CreateWellKnownSid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
ImpersonateLoggedOnUser
CopySid
DuplicateToken
IsValidSid
GetLengthSid

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolWait
SetThreadpoolWait

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW
QueryFullProcessImageNameW
K32EnumProcessModules
K32GetMappedFileNameW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-2

VirtualFreeEx
ReadProcessMemory
CreateFileMappingW
WriteProcessMemory
UnmapViewOfFile
VirtualFree
MapViewOfFile
VirtualQueryEx
VirtualAlloc
VirtualAllocEx
VirtualQuery

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-processsnapshot-l1-1-0

PssQuerySnapshot
PssWalkMarkerFree
PssDuplicateSnapshot
PssWalkMarkerCreate
PssFreeSnapshot
PssCaptureSnapshot

api-ms-win-core-job-l1-1-0

IsProcessInJob

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W
GetSystemWow64DirectoryW
IsWow64Process2

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW
SetEnvironmentVariableW
SearchPathW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW

api-ms-win-core-debug-l1-1-1

IsDebuggerPresent
DebugBreak
CheckRemoteDebuggerPresent
OutputDebugStringW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar

api-ms-win-core-heap-l1-2-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-registry-l2-2-0

RegDeleteKeyW

api-ms-win-eventlog-legacy-l1-1-0

RegisterEventSourceW
DeregisterEventSource
ReportEventW

api-ms-win-core-toolhelp-l1-1-0

Process32FirstW
Thread32First
Module32NextW
Process32NextW
Thread32Next
Module32FirstW
CreateToolhelp32Snapshot

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-shlwapi-obsolete-l1-2-0

StrStrIW

api-ms-win-security-trustee-l1-1-1

BuildSecurityDescriptorW

api-ms-win-core-localization-obsolete-l1-3-0

GetUserDefaultUILanguage

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

Exports

Exports

AddERExcludedApplicationA
AddERExcludedApplicationW
BasepReportFault
CancelHangReporting
CheckForReadOnlyResourceFilter
CheckPerUserCrossProcessThrottle
DllCanUnloadNow
DllGetClassObject
ReportFault
ReportHang
UpdatePerUserLastCrossProcessCollectionTime
WerReportHang
WerpGetDebugger
WerpInitiateCrashReporting
WerpLaunchAeDebug

Sections

.text
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00cb1a683ef24e1a897f805a05375e86

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

dd:a4:be:af:8e:70:1d:2d:59:8b:55:4b:77:e1:6b:15:99:5a:72:22:b4:18:7e:37:90:2c:8f:31:3d:de:4a:8dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-localization-l1-2-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

ntdll

api-ms-win-core-com-l1-1-1

kernelbase

api-ms-win-service-private-l1-1-1

dbghelp

api-ms-win-core-windowserrorreporting-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-security-lsalookup-l2-1-1

api-ms-win-security-base-l1-2-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-memory-l1-1-2

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-processsnapshot-l1-1-0

api-ms-win-core-job-l1-1-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-version-l1-1-0

api-ms-win-core-registry-l2-2-0

api-ms-win-eventlog-legacy-l1-1-0

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-2-0

api-ms-win-security-trustee-l1-1-1

api-ms-win-core-localization-obsolete-l1-3-0

api-ms-win-core-timezone-l1-1-0

Exports

Exports

Sections

.text Size: 222KB - Virtual size: 222KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 13KB - Virtual size: 12KB

.didat Size: 512B - Virtual size: 384B

.rsrc Size: 77KB - Virtual size: 77KB

.reloc Size: 14KB - Virtual size: 13KB

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

dd:a4:be:af:8e:70:1d:2d:59:8b:55:4b:77:e1:6b:15:99:5a:72:22:b4:18:7e:37:90:2c:8f:31:3d:de:4a:8d
Signer

.text
Size: 222KB - Virtual size: 222KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 13KB - Virtual size: 12KB

.didat
Size: 512B - Virtual size: 384B

.rsrc
Size: 77KB - Virtual size: 77KB

.reloc
Size: 14KB - Virtual size: 13KB