Faultrep[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Faultrep.dll
Size

378KB
MD5

adc0c54c30ebdcf959be07a3270d7a6a
SHA1

6e38c86e0d86cb56085ac3b6323238234d86778e
SHA256

c9fae3b5c3424c80705347cc400b5d09b8aef1bb3f1ff3edff69e2d5a75363a4
SHA512

e3092342e6033b92843cba6f0254ec6bf85d0f33386c5f8c8345d445400e16794205aaea2b02bdcaf7f163c7fbcaf81ab2c187405e6ade282d6bc380ea611d3c
SSDEEP

6144:EjrlSAIkzEXBCk7zI2n6KxnYEqdTTVr50dhyZoVpZRE0maNVJyB60OHyLC7vD:qrlSAIkzSzI2nf9FuVlc9DnmCc2HywL

Score

1^/10

Malware Config

Signatures

Files

Faultrep.dll
.dll windows:10 windows x86 arch:x86

2fb27a027e8fdc5d0cbd02f577ffd23e

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:19:b5:06:54:e8:38:a3:c6:5f:ae:56:81:3c:84:83:3a:49:73:81:9d:95:5c:7f:cc:dc:11:25:dc:e7:90:97
Signer

Actual PE Digest

25:19:b5:06:54:e8:38:a3:c6:5f:ae:56:81:3c:84:83:3a:49:73:81:9d:95:5c:7f:cc:dc:11:25:dc:e7:90:97

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FaultRep.pdb

Imports

msvcrt

_purecall
rand_s
??1exception@@UAE@XZ
__CxxFrameHandler3
memcpy_s
_except_handler4_common
_lock
??1type_info@@UAE@XZ
_vsnwprintf
_callnewh
_unlock
malloc
memmove
_amsg_exit
srand
time
rand
_XcptFilter
printf
?terminate@@YAXXZ
_onexit
__dllonexit
realloc
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
_initterm
_CxxThrowException
??0exception@@QAE@XZ
_local_unwind4
memcmp
memcpy
free
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
FreeLibraryAndExitThread
LoadLibraryExW
GetProcAddress
FreeLibrary
LoadStringW
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

OpenMutexW
CreateSemaphoreExW
ResetEvent
CreateMutexW
WaitForSingleObjectEx
OpenSemaphoreW
InitializeSRWLock
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
CreateEventW
CreateMutexExW
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObject
ReleaseSemaphore
OpenEventW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetErrorMode
GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
CreateProcessW
OpenProcessToken
CreateRemoteThread
GetThreadId
CreateThread
GetProcessTimes
GetExitCodeThread
OpenThread
GetProcessId
GetThreadPriority
GetCurrentProcessId
TerminateProcess
DeleteProcThreadAttributeList
GetCurrentThread
UpdateProcThreadAttribute
SetThreadPriority
GetCurrentThreadId
GetCurrentProcess
InitializeProcThreadAttributeList

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWrite
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetVersionExW
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetTickCount64
GetSystemDirectoryW
GetWindowsDirectoryW
GetTickCount

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW
GetSystemWow64Directory2W
IsWow64Process2

ntdll

RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
wcscpy_s
NtCreateFile
NtDeviceIoControlFile
NtAllocateVirtualMemory
NtFreeVirtualMemory
RtlAdjustPrivilege
_wcstoui64
DbgPrint
isspace
RtlSetThreadErrorMode
RtlFreeHeap
RtlAllocateHeap
tolower
memmove_s
RtlNtStatusToDosError
RtlDecodeSystemPointer
NtClearEvent
NtWaitForMultipleObjects
RtlSetCurrentTransaction
RtlGetCurrentTransaction
RtlGetNtSystemRoot
RtlDetermineDosPathNameType_U
NtQueryValueKey
RtlInitUnicodeStringEx
NtOpenKey
wcsstr
RtlReleasePebLock
wcsncmp
RtlTryAcquirePebLock
RtlGetUnloadEventTraceEx
ZwQueryInformationThread
EtwCheckCoverage
NtSetInformationProcess
towlower
NtResumeProcess
NtSuspendThread
NtResumeThread
NtSuspendProcess
RtlSubAuthorityCountSid
RtlIdentifierAuthoritySid
ShipAssert
NtSetSystemInformation
RtlWakeAllConditionVariable
PssNtFreeSnapshot
ZwQueryWnfStateNameInformation
ZwUpdateWnfStateData
EtwEventWriteNoRegistration
NtQuerySystemInformation
NtOpenEvent
NtWaitForSingleObject
RtlAllocateAndInitializeSid
RtlInitUnicodeString
NtAlpcConnectPort
NtAlpcSendWaitReceivePort
RtlFreeSid
RtlQueryResourcePolicy
NtOpenProcess
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
NtQueryInformationToken
NtQueryLicenseValue
NtQueryInformationThread
RtlImageNtHeaderEx
NtQueryEvent
NtSetInformationFile
RtlSecondsSince1970ToTime
swprintf_s
wcscat_s
wcsncpy_s
RtlCompareMemory
NtSystemDebugControl
RtlWerpReportException
RtlCreateProcessReflection
PssNtCaptureSnapshot
NtClose
wcsrchr
NtQueryInformationProcess
_wtoi
wcschr
iswspace
_wcsicmp
_wcsnicmp
_vscwprintf
DbgPrintEx
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
RtlSleepConditionVariableSRW

kernelbase

CreateProcessAsUserW

api-ms-win-service-private-l1-1-0

I_QueryTagInformation

dbghelp

MiniDumpWriteDump

api-ms-win-core-windowserrorreporting-l1-1-0

GetApplicationRecoveryCallback
WerGetFlags

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

rpcrt4

CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
UuidToStringW
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
UuidCreate
CStdStubBuffer_AddRef
RpcStringFreeW

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient5
ObjectStublessClient3
ObjectStublessClient4

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoTaskMemAlloc
CoImpersonateClient
CoUninitialize
CoRevertToSelf
CoSetProxyBlanket
CoGetMalloc
CoUnmarshalInterface
CoTaskMemFree
CoCreateInstance

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetThreadContext

api-ms-win-core-file-l1-1-0

ReadFile
WriteFile
GetDriveTypeW
QueryDosDeviceW
GetLogicalDriveStringsW
GetFinalPathNameByHandleW
GetFileAttributesW
SetFileAttributesW
FlushFileBuffers
SetFilePointerEx
DeleteFileW
FindFirstFileW
FindClose
GetTempFileNameW
CreateDirectoryW
GetLongPathNameW
SetEndOfFile
FindNextFileW
CreateFileW

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountSidW

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
GetLengthSid
AdjustTokenPrivileges
GetSidSubAuthority
GetTokenInformation
GetSidSubAuthorityCount
CopySid
RevertToSelf
DuplicateToken
ImpersonateLoggedOnUser
CheckTokenMembership
FreeSid
CreateWellKnownSid
IsValidSid

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-psapi-l1-1-0

K32GetMappedFileNameW
K32EnumProcessModules
K32GetModuleFileNameExW
QueryFullProcessImageNameW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-errorhandling-l1-1-3

SetThreadErrorMode

api-ms-win-core-memory-l1-1-0

VirtualFreeEx
MapViewOfFile
VirtualAllocEx
UnmapViewOfFile
VirtualQuery
VirtualAlloc
WriteProcessMemory
VirtualQueryEx
VirtualFree
CreateFileMappingW
ReadProcessMemory

api-ms-win-core-processsnapshot-l1-1-0

PssWalkMarkerFree
PssQuerySnapshot
PssDuplicateSnapshot
PssWalkMarkerCreate
PssFreeSnapshot

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
SetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegGetKeySecurity
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetKeySecurity
RegGetValueW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoUninitialize

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-eventing-controller-l1-1-0

StartTraceW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-registry-l2-1-0

RegDeleteKeyA
RegDeleteKeyW

api-ms-win-eventlog-legacy-l1-1-0

ReportEventW
RegisterEventSourceW
DeregisterEventSource

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-toolhelp-l1-1-0

CreateToolhelp32Snapshot
Thread32First
Thread32Next
Module32FirstW
Module32NextW
Process32NextW
Process32FirstW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

api-ms-win-security-trustee-l1-1-0

BuildSecurityDescriptorW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

Exports

Exports

AddERExcludedApplicationA
AddERExcludedApplicationW
BasepReportFault
CancelHangReporting
CheckForReadOnlyResourceFilter
CheckPerUserCrossProcessThrottle
DllCanUnloadNow
DllGetClassObject
ReportCoreHang
ReportFault
ReportHang
UpdatePerUserLastCrossProcessCollectionTime
WerReportHang
WerpGetDebugger
WerpInitiateCrashReporting
WerpLaunchAeDebug

Sections

.text
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fb27a027e8fdc5d0cbd02f577ffd23e

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

25:19:b5:06:54:e8:38:a3:c6:5f:ae:56:81:3c:84:83:3a:49:73:81:9d:95:5c:7f:cc:dc:11:25:dc:e7:90:97Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-wow64-l1-1-1

ntdll

kernelbase

api-ms-win-service-private-l1-1-0

dbghelp

api-ms-win-core-windowserrorreporting-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-errorhandling-l1-1-3

api-ms-win-core-memory-l1-1-0

api-ms-win-core-processsnapshot-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-eventlog-legacy-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-security-trustee-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

Exports

Exports

Sections

.text Size: 256KB - Virtual size: 255KB

.data Size: 2KB - Virtual size: 3KB

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

25:19:b5:06:54:e8:38:a3:c6:5f:ae:56:81:3c:84:83:3a:49:73:81:9d:95:5c:7f:cc:dc:11:25:dc:e7:90:97
Signer

.text
Size: 256KB - Virtual size: 255KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 14KB - Virtual size: 13KB

.didat
Size: 512B - Virtual size: 456B

.rsrc
Size: 77KB - Virtual size: 77KB

.reloc
Size: 16KB - Virtual size: 15KB