Faultrep[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Faultrep.dll
Size

340KB
MD5

df986454fa35f76d1a1a896dd06e8a82
SHA1

d827aaefafb20b9ebc3de1aa773345ae4415349b
SHA256

f6aeafe468d20799becda4d721940b317e88c2695a80d8497d816b8c241b700d
SHA512

b1ea512e0a3b831cb4e9fc5b7a4988b295cc506685c99903681f17ed857a8671c3ddf64da8260ad80ee6b7236815a11a3816e7493c573098307289e3e4e43c69
SSDEEP

6144:eVyr0D8L2iF9im90dMngDMG4fruQiNyudB1o+5VJyB60OHyLC7vqFe:/r0Dh2eMngDMZfr4b1Dc2Hywd

Score

1^/10

Malware Config

Signatures

Files

Faultrep.dll
.dll windows:10 windows x86 arch:x86

bc4f3247cd55671762ac1e3384961744

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

73:1a:bf:a8:7c:8e:c6:80:7e:f4:8f:72:ea:69:ce:87:e3:9f:5d:84:70:cc:fa:03:0e:92:e3:cf:66:8c:c6:d3
Signer

Actual PE Digest

73:1a:bf:a8:7c:8e:c6:80:7e:f4:8f:72:ea:69:ce:87:e3:9f:5d:84:70:cc:fa:03:0e:92:e3:cf:66:8c:c6:d3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FaultRep.pdb

Imports

msvcrt

rand
time
srand
?terminate@@YAXXZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
realloc
_callnewh
_CxxThrowException
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_initterm
_purecall
rand_s
_XcptFilter
_local_unwind4
malloc
free
memcmp
_amsg_exit
memcpy
??1type_info@@UAE@XZ
memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
LoadStringW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleW
GetModuleHandleExW

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-synch-l1-2-0

WaitForSingleObjectEx
LeaveCriticalSection
OpenEventW
ResetEvent
CreateMutexW
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
EnterCriticalSection
OpenMutexW
Sleep
CreateEventW
SetEvent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-2

OpenProcess
OpenProcessToken
OpenThread
GetThreadId
GetThreadContext
GetProcessTimes
CreateThread
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateRemoteThread
SetThreadPriority
GetProcessId
GetCurrentThread
CreateProcessW
GetExitCodeProcess
GetExitCodeThread
GetCurrentProcessId
GetThreadPriority
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-2-1

GetNativeSystemInfo
GetWindowsDirectoryW
GetTickCount
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetVersionExW
GetSystemDirectoryW
GetSystemInfo

api-ms-win-core-errorhandling-l1-1-1

SetLastError
SetErrorMode
UnhandledExceptionFilter
RaiseException
GetLastError
SetUnhandledExceptionFilter

ntdll

DbgPrint
wcsstr
memmove
isspace
RtlSetThreadErrorMode
RtlFreeHeap
RtlAllocateHeap
tolower
NtSetInformationProcess
wcschr
RtlNtStatusToDosError
RtlDecodeSystemPointer
NtClearEvent
NtWaitForMultipleObjects
RtlSetCurrentTransaction
RtlGetCurrentTransaction
RtlDetermineDosPathNameType_U
NtQueryValueKey
RtlInitUnicodeStringEx
NtOpenKey
RtlReleasePebLock
wcsncmp
RtlTryAcquirePebLock
_wcsnicmp
RtlGetUnloadEventTraceEx
ZwQueryInformationThread
towlower
NtResumeThread
NtSuspendThread
NtGetNextThread
_wtoi
_wcsicmp
ShipAssert
NtSetSystemInformation
DbgPrintEx
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
NtQueryInformationToken
NtQueryInformationThread
RtlImageNtHeaderEx
NtQueryEvent
NtSetInformationFile
PssNtFreeSnapshot
ZwQueryWnfStateNameInformation
memcpy_s
_vsnprintf_s
_vscwprintf
iswspace
RtlSecondsSince1970ToTime
swprintf_s
wcscpy_s
wcscat_s
wcsncpy_s
RtlCompareMemory
NtSystemDebugControl
RtlWerpReportException
NtSuspendProcess
NtResumeProcess
RtlCreateProcessReflection
ZwUpdateWnfStateData
EtwEventWriteNoRegistration
NtQuerySystemInformation
NtOpenEvent
NtWaitForSingleObject
RtlAllocateAndInitializeSid
RtlInitUnicodeString
NtAlpcConnectPort
NtAlpcSendWaitReceivePort
RtlFreeSid
RtlQueryResourcePolicy
NtOpenProcess
PssNtCaptureSnapshot
NtClose
_vsnwprintf
wcsrchr
NtQueryInformationProcess
EtwTraceMessage
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlAdjustPrivilege

api-ms-win-core-com-l1-1-1

CoSetProxyBlanket
CoUnmarshalInterface
CoGetMalloc
CoImpersonateClient
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoRevertToSelf
CoUninitialize

kernelbase

CreateProcessAsUserW
LocalAlloc

api-ms-win-service-private-l1-1-1

I_QueryTagInformation

dbghelp

MiniDumpWriteDump

api-ms-win-core-windowserrorreporting-l1-1-0

WerGetFlags
GetApplicationRecoveryCallback

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
CStdStubBuffer_AddRef
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_QueryInterface

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient4
ObjectStublessClient3
ObjectStublessClient5

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-file-l1-2-1

DeleteFileW
FindFirstFileW
FindNextFileW
SetFileAttributesW
GetLogicalDriveStringsW
CreateDirectoryW
QueryDosDeviceW
GetDriveTypeW
GetFinalPathNameByHandleW
SetFileInformationByHandle
FindClose
WriteFile
ReadFile
GetTempPathW
SetFilePointerEx
GetTempFileNameW
GetFileAttributesW
CreateFileW
FlushFileBuffers
SetEndOfFile
GetLongPathNameW

api-ms-win-security-lsalookup-l2-1-1

LookupPrivilegeValueW

api-ms-win-security-base-l1-2-0

GetSidSubAuthority
DuplicateToken
GetTokenInformation
AdjustTokenPrivileges
GetSidSubAuthorityCount
IsValidSid
GetLengthSid
CopySid
CheckTokenMembership
AllocateAndInitializeSid
RevertToSelf
FreeSid
CreateWellKnownSid
ImpersonateLoggedOnUser

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetMappedFileNameW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-2

MapViewOfFile
VirtualAlloc
UnmapViewOfFile
VirtualQuery
VirtualQueryEx
VirtualAllocEx
WriteProcessMemory
VirtualFree
CreateFileMappingW
ReadProcessMemory
VirtualFreeEx

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-processsnapshot-l1-1-0

PssDuplicateSnapshot
PssQuerySnapshot
PssFreeSnapshot
PssWalkMarkerCreate
PssWalkMarkerFree
PssCaptureSnapshot

api-ms-win-core-job-l1-1-0

IsProcessInJob

api-ms-win-core-wow64-l1-1-1

IsWow64Process2
GetSystemWow64Directory2W
GetSystemWow64DirectoryW

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW
SearchPathW
SetEnvironmentVariableW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent
IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-registry-l1-1-0

RegSetKeySecurity
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegGetValueW
RegGetKeySecurity
RegCreateKeyExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW

api-ms-win-core-localization-l1-2-1

LCMapStringW
FormatMessageW

api-ms-win-core-heap-l1-2-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-registry-l2-2-0

RegDeleteKeyW

api-ms-win-eventlog-legacy-l1-1-0

DeregisterEventSource
RegisterEventSourceW
ReportEventW

api-ms-win-core-toolhelp-l1-1-0

Module32NextW
Process32FirstW
Thread32First
CreateToolhelp32Snapshot
Thread32Next
Process32NextW
Module32FirstW

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-shlwapi-obsolete-l1-2-0

StrStrIW

api-ms-win-security-trustee-l1-1-1

BuildSecurityDescriptorW

api-ms-win-core-localization-obsolete-l1-3-0

GetUserDefaultUILanguage

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

Exports

Exports

AddERExcludedApplicationA
AddERExcludedApplicationW
BasepReportFault
CancelHangReporting
CheckForReadOnlyResourceFilter
CheckPerUserCrossProcessThrottle
DllCanUnloadNow
DllGetClassObject
ReportFault
ReportHang
UpdatePerUserLastCrossProcessCollectionTime
WerReportHang
WerpGetDebugger
WerpInitiateCrashReporting
WerpLaunchAeDebug

Sections

.text
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc4f3247cd55671762ac1e3384961744

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

73:1a:bf:a8:7c:8e:c6:80:7e:f4:8f:72:ea:69:ce:87:e3:9f:5d:84:70:cc:fa:03:0e:92:e3:cf:66:8c:c6:d3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

ntdll

api-ms-win-core-com-l1-1-1

kernelbase

api-ms-win-service-private-l1-1-1

dbghelp

api-ms-win-core-windowserrorreporting-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-security-lsalookup-l2-1-1

api-ms-win-security-base-l1-2-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-memory-l1-1-2

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-processsnapshot-l1-1-0

api-ms-win-core-job-l1-1-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-version-l1-1-0

api-ms-win-core-registry-l2-2-0

api-ms-win-eventlog-legacy-l1-1-0

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-2-0

api-ms-win-security-trustee-l1-1-1

api-ms-win-core-localization-obsolete-l1-3-0

api-ms-win-core-timezone-l1-1-0

Exports

Exports

Sections

.text Size: 222KB - Virtual size: 221KB

.data Size: 1024B - Virtual size: 1KB

.idata Size: 13KB - Virtual size: 12KB

.didat Size: 512B - Virtual size: 384B

.rsrc Size: 77KB - Virtual size: 77KB

.reloc Size: 14KB - Virtual size: 13KB

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

73:1a:bf:a8:7c:8e:c6:80:7e:f4:8f:72:ea:69:ce:87:e3:9f:5d:84:70:cc:fa:03:0e:92:e3:cf:66:8c:c6:d3
Signer

.text
Size: 222KB - Virtual size: 221KB

.data
Size: 1024B - Virtual size: 1KB

.idata
Size: 13KB - Virtual size: 12KB

.didat
Size: 512B - Virtual size: 384B

.rsrc
Size: 77KB - Virtual size: 77KB

.reloc
Size: 14KB - Virtual size: 13KB