CrystalUI[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

CrystalUI.exe
Size

102KB
MD5

5d7d819f6da5e2a66a48a01a71df3bcd
SHA1

dbeea879d9154a595a18eda7a2ca53769cefe96a
SHA256

6792e231dfb9077895f8f17967ac426e0f657cfa144804122915ee6f326cb4d7
SHA512

7704dcb4979ea21b4bc8b7a884a08b33f2bc5fb404350b7d6e5812eaa3fcb7c8a92797fb75c34a48d674ab086febc06eb2d347132fd0f7a715c669842c80271b
SSDEEP

3072:1HAgF5OurmuYBlUKhuV1VgIG0EebXEJo1ClT:ZR/FmuYBeKhMlG0EebXEJo0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CrystalUI.exe

Files

CrystalUI.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

"77n$x
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ