65a07873d1b4a54f6ab977d256d8d46500192388c3f4cb688d172d0b5896c343

Sharing

Copy URL Twitter E-mail

General

Target

65a07873d1b4a54f6ab977d256d8d46500192388c3f4cb688d172d0b5896c343
Size

324KB
MD5

f82616311688252db2679cd423e19855
SHA1

d2f408af1bd6d9a547ed758550b61202d708d882
SHA256

65a07873d1b4a54f6ab977d256d8d46500192388c3f4cb688d172d0b5896c343
SHA512

8425f42641febfbb82030a008b8ec717cf3406a1e0ff8cfab8465898df5f4a04c8126a6f8759597f44701e9c6a54969256303c7f96bb6c00acefb63968504420
SSDEEP

6144:R01f3Z+JEVBMLct9tvl1XGF8ftCD9dSaBEDv244Ro8Kyd+OC:R01f30JNS9tfXGaS9TBEjdmZzAOC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65a07873d1b4a54f6ab977d256d8d46500192388c3f4cb688d172d0b5896c343

Files

65a07873d1b4a54f6ab977d256d8d46500192388c3f4cb688d172d0b5896c343
.exe windows:5 windows x86 arch:x86

a973e1196f91d62e4f5ba8146cd24acd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\b\build\slave\Win\build\src\out\Release\crash_service.exe.pdb

Imports

wininet

HttpSendRequestW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetQueryDataAvailable
InternetSetOptionW
HttpQueryInfoW
InternetCrackUrlW
HttpAddRequestHeadersW
HttpOpenRequestW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

kernel32

OutputDebugStringW
GetDriveTypeW
SetEnvironmentVariableA
LoadResource
LockResource
SizeofResource
FindResourceW
GetUserDefaultUILanguage
CreateFileW
DeleteFileW
SetFilePointer
WriteFile
OutputDebugStringA
CloseHandle
GetLastError
SetLastError
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetCurrentProcessId
GetTickCount
GetModuleFileNameW
GetCommandLineW
LocalFree
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GetFileAttributesExW
ReadFile
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
GetCurrentProcess
CopyFileW
MoveFileExW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DuplicateHandle
RaiseException
Sleep
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
GetProcAddress
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleHandleExW
GetVersionExW
GetNativeSystemInfo
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
UnregisterWaitEx
RegisterWaitForSingleObject
GetOEMCP
SetEvent
ResetEvent
QueueUserWorkItem
LoadLibraryW
GetProcessTimes
OpenProcess
ReadProcessMemory
UnregisterWait
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
InitializeCriticalSection
FreeLibrary
GetSystemTime
MultiByteToWideChar
WideCharToMultiByte
GetACP
IsValidCodePage
LoadLibraryExW
ReadConsoleW
GetTimeZoneInformation
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStdHandle
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
LoadLibraryExA
GetStringTypeW
EncodePointer
DecodePointer
IsProcessorFeaturePresent
HeapFree
GetConsoleCP
GetConsoleMode
GetFullPathNameW
SetStdHandle
GetFileType
HeapAlloc
GetProcessHeap
ExitProcess
HeapReAlloc
GetCPInfo
RtlUnwind

ole32

CoTaskMemFree

user32

CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
PostMessageW
DispatchMessageW
GetMessageW
UpdateWindow
TranslateMessage

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a973e1196f91d62e4f5ba8146cd24acd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

advapi32

kernel32

ole32

user32

Exports

Exports

Sections

.text Size: 254KB - Virtual size: 254KB

.rdata Size: 49KB - Virtual size: 49KB

.data Size: 6KB - Virtual size: 19KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 254KB - Virtual size: 254KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 6KB - Virtual size: 19KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 11KB - Virtual size: 10KB