RiotClientCrashHandler[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

RiotClientCrashHandler.exe
Size

715KB
MD5

6bb6cd85ed3cf88e5e7541612d8190ff
SHA1

5c9ceaa8539580a8d1b7a94df35bee3256273cb8
SHA256

d1a9a77abe60e39a4a37aa9c307b8a6e314b48f66c82fc58ac0f1ae45a537edf
SHA512

fb1204378ce7d3dda409b3fc67abfba61a71cc40aabd18ad49b66c732757e599411a167c9f6fb34f26b9d0e6c1165693b8a85df9020a9b10214010e86ecb8256
SSDEEP

12288:vC/mNwUSiqPdf2EYD7B34BZmAq8ZO9k2AkH3OJiC7LsUmrtWaciXM+3dQfMvPET0:K/OfSi9hB3GXqlk2vOJiC7SrtWaciXMe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RiotClientCrashHandler.exe

Files

RiotClientCrashHandler.exe
.exe windows:6 windows x86 arch:x86

01fcfe8860519b7fa9c10e4e8a96c09d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

T:\tmp\External\Libraries\sentry_native\X86-Public\crashpad_handler.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
ImpersonateNamedPipeClient
RevertToSelf
BuildSecurityDescriptorW
BuildExplicitAccessWithNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SystemFunction036

kernel32

SetUnhandledExceptionFilter
SetProcessShutdownParameters
SetConsoleCtrlHandler
VerSetConditionMask
GetStdHandle
CreateDirectoryW
CreateFileW
DeleteFileW
GetFileAttributesW
GetFileType
LockFileEx
SetEndOfFile
UnlockFileEx
OutputDebugStringW
CloseHandle
RaiseException
GetLastError
SetLastError
AddVectoredExceptionHandler
SetEvent
WaitForSingleObject
SleepEx
CreateEventW
Sleep
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
CreateThread
GetCurrentThreadId
SuspendThread
ResumeThread
CreateProcessW
GetProcessId
GetThreadContext
OpenProcess
IsProcessorFeaturePresent
GetSystemInfo
GetLocalTime
GetVersion
FormatMessageW
VerifyVersionInfoW
GetTimeZoneInformation
GetThreadLocale
GetSystemDefaultLCID
GetUserDefaultLCID
FindClose
FindFirstFileExW
FindNextFileW
GetFileSizeEx
GetFileTime
ReadFile
RemoveDirectoryW
SetFilePointerEx
WriteFile
DuplicateHandle
RemoveVectoredExceptionHandler
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
QueryPerformanceCounter
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseSemaphore
CreateSemaphoreW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
VirtualQueryEx
ReadProcessMemory
UnregisterWaitEx
IsWow64Process
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
LocalFree
FormatMessageA
RegisterWaitForSingleObject
GetFileInformationByHandleEx
TerminateProcess
InitOnceExecuteOnce
LCMapStringEx
InitializeCriticalSectionEx
InitOnceComplete
InitOnceBeginInitialize
DecodePointer
WriteConsoleW
GetStringTypeW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
MultiByteToWideChar
GetFullPathNameW
GetCurrentDirectoryW
HeapSize
HeapReAlloc
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
EncodePointer
FreeLibrary
LoadLibraryExW
GetCommandLineA
GetCommandLineW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW

powrprof

CallNtPowerInformation

user32

GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
DefWindowProcW
RegisterClassW
UnregisterClassW
CreateWindowExW
DestroyWindow
GetWindowLongW
SetWindowLongW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders

Sections

.text
Size: 547KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01fcfe8860519b7fa9c10e4e8a96c09d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

powrprof

user32

version

winhttp

Sections

.text Size: 547KB - Virtual size: 546KB

.rdata Size: 140KB - Virtual size: 139KB

.data Size: 4KB - Virtual size: 9KB

CPADinfo Size: 512B - Virtual size: 40B

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 547KB - Virtual size: 546KB

.rdata
Size: 140KB - Virtual size: 139KB

.data
Size: 4KB - Virtual size: 9KB

CPADinfo
Size: 512B - Virtual size: 40B

.reloc
Size: 22KB - Virtual size: 21KB