f680e89a82dbc99b1a12ed36ec0575b34065ae440cc6547591f507dea01242cd

Sharing

Copy URL Twitter E-mail

General

Target

f680e89a82dbc99b1a12ed36ec0575b34065ae440cc6547591f507dea01242cd
Size

301KB
MD5

a4fba545b1790372fe17659cededd7a4
SHA1

20186525ff682e0da3142f8b388cd73c74c97e5d
SHA256

f680e89a82dbc99b1a12ed36ec0575b34065ae440cc6547591f507dea01242cd
SHA512

fba8306aeeaccbd9029d981d29649295cbb1802cda8a25317e2c8397121026daa1590037607095d2b16b5a724ee4e1c28a464261c7fcf3bbeaaec2a42ac7a26c
SSDEEP

6144:4y1dzSi9qG2XcBHZnri89XqiWvZyHCFqtI:4y1dzHUXcBHNrtxqV+CF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f680e89a82dbc99b1a12ed36ec0575b34065ae440cc6547591f507dea01242cd

Files

f680e89a82dbc99b1a12ed36ec0575b34065ae440cc6547591f507dea01242cd
.dll windows:6 windows x86 arch:x86

c01e60a4877e2219839daf22ee47977d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\projects_jenkins_v12.20\msl\merror\build\win32\Release_Win32_vc14.0\crashlogdll_win32.pdb

Imports

dbghelp

SymGetLineFromAddr64
SymSetOptions
SymCleanup
SymSetSearchPath
SymGetSearchPath
SymInitialize
StackWalk64
SymGetSymFromAddr64
SymGetModuleBase64
SymGetModuleInfo64
SymFunctionTableAccess64

errorlog

_MErrLog_Add
_MErrLog_Location

kernel32

TlsGetValue
CreateThread
WaitForSingleObjectEx
OutputDebugStringW
WriteConsoleW
DecodePointer
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
OutputDebugStringA
VirtualProtect
GetFullPathNameA
CloseHandle
SetUnhandledExceptionFilter
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcess
GetCurrentThread
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
CreateToolhelp32Snapshot
Module32First
Module32Next
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
CreateFileW
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler

Exports

Exports

?CrashLogDLL_ExceptionStacktrace@@YAXPAU_EXCEPTION_POINTERS@@@Z
?InitCrashLogger@CrashLogDLL@@CAXXZ

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c01e60a4877e2219839daf22ee47977d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

errorlog

kernel32

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 247KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 2KB - Virtual size: 8KB

.gfids Size: 1024B - Virtual size: 556B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 248KB - Virtual size: 247KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 2KB - Virtual size: 8KB

.gfids
Size: 1024B - Virtual size: 556B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 9KB - Virtual size: 9KB