Faultrep[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

Faultrep.dll
Size

421KB
MD5

e6ecc6f072121630304c17bf6e9f567a
SHA1

d7aa7dc767510782d9a604fc79f559319f8f6ff3
SHA256

fa791b9d2bfa953b576a65b510d3a2fb89e790c506bc2aa314ce94b8a2fefacd
SHA512

05d6874a5d99c5f1ceab681dde71b67efc3cd3e3d54b9fb30423857dff58664d78c25d7ebd2466683dabb1ab27a21d815778355d0bc43691a150ed8e2396e372
SSDEEP

12288:irAG5aV+693txUj4MtvdQ9t0fXuO43YQ+GA0c2Hywu:uFUV+693/uBFQ8XuO430GA0cyhu

Score

1^/10

Malware Config

Signatures

Files

Faultrep.dll
.dll windows:10 windows x86 arch:x86

2564ef0719dc33b355e6d5ffb437714e

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:23

Not After

01-09-2022 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b6:cc:d0:22:36:2c:1f:ce:50:d0:72:9e:d2:40:76:95:cc:93:bf:4e:71:82:06:55:c2:d9:f2:f0:be:94:b2:e6
Signer

Actual PE Digest

b6:cc:d0:22:36:2c:1f:ce:50:d0:72:9e:d2:40:76:95:cc:93:bf:4e:71:82:06:55:c2:d9:f2:f0:be:94:b2:e6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FaultRep.pdb

Imports

msvcrt

?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_initterm
time
malloc
memmove
rand
srand
free
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
realloc
_CxxThrowException
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
_XcptFilter
_local_unwind4
memcmp
_except_handler4_common
_amsg_exit
memcpy
_purecall
__CxxFrameHandler3
memcpy_s
_vsnwprintf
_callnewh
memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
GetProcAddress
GetModuleHandleExA
GetModuleFileNameA
DisableThreadLibraryCalls
LoadStringW
GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
CreateEventW
ResetEvent
CreateSemaphoreExW
ReleaseSemaphore
CreateMutexW
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
OpenEventW
InitializeSRWLock
OpenMutexW
CreateMutexExW
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetErrorMode
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

CreateRemoteThread
GetExitCodeThread
InitializeProcThreadAttributeList
GetThreadPriority
GetCurrentThread
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
OpenProcessToken
GetThreadId
CreateProcessW
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateThread
OpenThread
GetProcessId
SetThreadPriority
GetProcessTimes

api-ms-win-core-localization-l1-2-0

LCMapStringW
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWrite
EventWriteTransfer
EventUnregister

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime
GetWindowsDirectoryW
GetSystemDirectoryW
GetTickCount64
GlobalMemoryStatusEx
GetSystemTime

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW
GetSystemWow64Directory2W
IsWow64Process2

ntdll

RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
wcscpy_s
NtCreateFile
NtDeviceIoControlFile
NtAllocateVirtualMemory
NtFreeVirtualMemory
RtlAdjustPrivilege
NtQueryInformationThread
_wcstoui64
DbgPrint
isspace
RtlSetThreadErrorMode
RtlFreeHeap
RtlAllocateHeap
tolower
RtlQueryWnfStateData
ZwQueryInformationThread
RtlNtStatusToDosError
RtlDecodeSystemPointer
NtClearEvent
NtWaitForMultipleObjects
RtlSetCurrentTransaction
RtlGetCurrentTransaction
RtlGetNtSystemRoot
RtlDetermineDosPathNameType_U
NtQueryValueKey
RtlInitUnicodeStringEx
NtOpenKey
wcsstr
RtlReleasePebLock
wcsncmp
RtlTryAcquirePebLock
RtlGetUnloadEventTraceEx
EtwCheckCoverage
NtSetInformationProcess
towlower
NtResumeProcess
NtSuspendThread
NtResumeThread
NtSuspendProcess
RtlSubAuthorityCountSid
RtlIdentifierAuthoritySid
NtSetSystemInformation
RtlWakeAllConditionVariable
memmove_s
PssNtFreeSnapshot
ZwQueryWnfStateNameInformation
ZwUpdateWnfStateData
EtwEventWriteNoRegistration
NtQuerySystemInformation
NtOpenEvent
NtWaitForSingleObject
RtlAllocateAndInitializeSid
RtlInitUnicodeString
NtAlpcConnectPort
NtAlpcSendWaitReceivePort
RtlFreeSid
RtlQueryResourcePolicy
NtOpenProcess
PssNtCaptureSnapshot
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
NtQueryInformationToken
RtlImageNtHeaderEx
NtQueryEvent
NtSetInformationFile
RtlSecondsSince1970ToTime
swprintf_s
wcscat_s
wcsncpy_s
RtlCompareMemory
NtSystemDebugControl
RtlWerpReportException
RtlCreateProcessReflection
NtClose
NtQueryInformationProcess
wcstoul
_errno
wcsrchr
_wtoi
wcschr
iswspace
_wcsicmp
_wcsnicmp
_vscwprintf
DbgPrintEx
EtwUnregisterTraceGuids
NtQueryLicenseValue
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
RtlSleepConditionVariableSRW

kernelbase

CreateProcessAsUserW

api-ms-win-core-windowserrorreporting-l1-1-0

WerGetFlags
GetApplicationRecoveryCallback

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient3
ObjectStublessClient6
ObjectStublessClient4
ObjectStublessClient5

api-ms-win-core-com-l1-1-0

CoUninitialize
CoTaskMemAlloc
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoUnmarshalInterface
CoRevertToSelf
CoTaskMemFree
CoImpersonateClient

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetThreadContext

api-ms-win-core-file-l1-1-0

QueryDosDeviceW
GetLongPathNameW
FindFirstFileW
ReadFile
SetFileAttributesW
CreateFileW
CompareFileTime
GetDriveTypeW
SetFilePointerEx
SetEndOfFile
FindNextFileW
WriteFile
FindClose
GetFinalPathNameByHandleW
GetFileAttributesW
CreateDirectoryW
GetLogicalDriveStringsW
DeleteFileW
FlushFileBuffers

api-ms-win-security-base-l1-1-0

GetLengthSid
CopySid
AdjustTokenPrivileges
AdjustTokenGroups
ImpersonateLoggedOnUser
RevertToSelf
CreateWellKnownSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
DuplicateToken
IsValidSid

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32GetModuleFileNameExW
K32GetMappedFileNameW
K32EnumProcesses
K32EnumProcessModules
K32GetProcessImageFileNameW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-errorhandling-l1-1-3

SetThreadErrorMode

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualFree
CreateFileMappingW
VirtualAllocEx
VirtualAlloc
ReadProcessMemory
VirtualQueryEx
VirtualFreeEx
UnmapViewOfFile
MapViewOfFile
WriteProcessMemory

api-ms-win-core-processsnapshot-l1-1-0

PssQuerySnapshot
PssWalkMarkerCreate
PssWalkMarkerFree
PssFreeSnapshot
PssDuplicateSnapshot

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
SetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegGetKeySecurity
RegGetValueW
RegQueryValueExW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetKeySecurity
RegEnumKeyExW
RegSetValueExW

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-toolhelp-l1-1-0

Process32NextW
CreateToolhelp32Snapshot
Thread32Next
Thread32First
Process32FirstW
Module32FirstW
Module32NextW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

Exports

Exports

AddERExcludedApplicationA
AddERExcludedApplicationW
BasepReportFault
CancelHangReporting
CheckForReadOnlyResourceFilter
CheckPerUserCrossProcessThrottle
DllCanUnloadNow
DllGetClassObject
ReportCoreHang
ReportFault
ReportHang
UpdatePerUserLastCrossProcessCollectionTime
WerReportHang
WerpGetDebugger
WerpInitiateCrashReporting
WerpLaunchAeDebug

Sections

.text
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2564ef0719dc33b355e6d5ffb437714e

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

b6:cc:d0:22:36:2c:1f:ce:50:d0:72:9e:d2:40:76:95:cc:93:bf:4e:71:82:06:55:c2:d9:f2:f0:be:94:b2:e6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-wow64-l1-1-1

ntdll

kernelbase

api-ms-win-core-windowserrorreporting-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-errorhandling-l1-1-3

api-ms-win-core-memory-l1-1-0

api-ms-win-core-processsnapshot-l1-1-0

api-ms-win-core-file-l1-2-4

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-version-l1-1-0

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

Exports

Exports

Sections

.text Size: 295KB - Virtual size: 295KB

.data Size: 2KB - Virtual size: 3KB

.idata Size: 12KB - Virtual size: 12KB

.didat Size: 1024B - Virtual size: 688B

.rsrc Size: 77KB - Virtual size: 77KB

.reloc Size: 18KB - Virtual size: 17KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

b6:cc:d0:22:36:2c:1f:ce:50:d0:72:9e:d2:40:76:95:cc:93:bf:4e:71:82:06:55:c2:d9:f2:f0:be:94:b2:e6
Signer

.text
Size: 295KB - Virtual size: 295KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 12KB - Virtual size: 12KB

.didat
Size: 1024B - Virtual size: 688B

.rsrc
Size: 77KB - Virtual size: 77KB

.reloc
Size: 18KB - Virtual size: 17KB