534c1c4ee33ae42c899b7e3a80bb04a73cede303df9c1fc7ebb2cd44ca0d06e3

Sharing

Copy URL

Twitter E-mail

General

Target

534c1c4ee33ae42c899b7e3a80bb04a73cede303df9c1fc7ebb2cd44ca0d06e3
Size

1.8MB
MD5

6767f8292814a48db7fa79e8572a324f
SHA1

715e23b45e99119c78ff807aab79a42e6fcbb7c4
SHA256

534c1c4ee33ae42c899b7e3a80bb04a73cede303df9c1fc7ebb2cd44ca0d06e3
SHA512

2e10cb8c689803740fabc9d37241433803fea49fc8e45842b447e477e8cc6b0d50337240978a7efaaae487b42bb28bfd8eac7ab5435182c982872154dbce6bcd
SSDEEP

49152:6hOlU5u6OuAH/MPfknCynORFaT4AyVqPf:MXmGynOfvVqPf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
534c1c4ee33ae42c899b7e3a80bb04a73cede303df9c1fc7ebb2cd44ca0d06e3

Files

534c1c4ee33ae42c899b7e3a80bb04a73cede303df9c1fc7ebb2cd44ca0d06e3
.exe windows:5 windows x64 arch:x64

70fcb28383be83586e6b1fa1dfdb8728

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\dev\lib\crashrpt_r4\bin\x64\CrashSender1403.pdb

Imports

psapi

GetProcessMemoryInfo

ws2_32

htons
htonl
connect
closesocket
ntohs
inet_addr
inet_ntoa
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
getservbyname
getservbyport
gethostbyname
gethostbyaddr
socket
send
recv

dnsapi

DnsQuery_W
DnsFree

wininet

InternetCloseHandle
InternetConnectW
InternetReadFile
InternetWriteFile
InternetQueryOptionW
InternetSetOptionW
HttpOpenRequestW
HttpQueryInfoW
HttpEndRequestW
HttpSendRequestExW
InternetOpenW

rpcrt4

RpcStringFreeA
UuidToStringA

gdi32

GetDIBits
CreateDCW
SetViewportOrgEx
TextOutW
CreateHalftonePalette
GetDIBColorTable
CreateDIBSection
SetStretchBltMode
StretchBlt
SetDIBits
SelectPalette
SelectClipRgn
SetLayout
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetStockObject
SelectObject
SetBkMode
SetTextColor
GetObjectW
Polygon
CreateSolidBrush
SetBkColor
BitBlt
CreateFontW
CreatePalette
CreateRectRgn
RealizePalette

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHFileOperationW
CommandLineToArgvW
ExtractIconW
SHGetFileInfoW
Shell_NotifyIconW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetStringTypeW
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
HeapReAlloc
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameA
GetCurrentThread
GetACP
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
PeekNamedPipe
GetFileType
SetStdHandle
GetConsoleMode
ReadConsoleW
GetDriveTypeW
TlsFree
TlsSetValue
TlsGetValue
CloseHandle
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
lstrlenW
CreateFileMappingW
OpenFileMappingW
FreeLibrary
GetProcAddress
GlobalAlloc
GlobalFree
GetLastError
DebugBreak
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FormatMessageW
lstrlenA
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
FindNextFileA
GetConsoleCP
WritePrivateProfileStringW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFileAttributesW
GetFileAttributesExW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
WideCharToMultiByte
GetProcessTimes
OpenProcess
SetLastError
ReadProcessMemory
GetFileSizeEx
FindClose
GetSystemTime
FileTimeToSystemTime
GetFullPathNameW
CreateFileW
FindFirstFileW
FindNextFileW
CopyFileW
DecodePointer
RaiseException
GetCurrentThreadId
LoadResource
SizeofResource
MulDiv
lstrcmpW
lstrcmpiW
LoadLibraryExW
GetCommandLineW
FindResourceW
CompareStringW
GetVersionExW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
CreateThread
GetFileInformationByHandle
WriteFile
ReadFile
CreateMutexW
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
InitializeCriticalSection
Sleep
GlobalLock
GlobalUnlock
GetTimeZoneInformation
LoadLibraryA
GetSystemDirectoryA
TlsAlloc
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
IsValidCodePage
EncodePointer
IsDebuggerPresent
SetFilePointerEx
FlushFileBuffers
SetConsoleCtrlHandler
FindFirstFileExA
GetPrivateProfileStringW
FindFirstFileExW
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
OutputDebugStringA
WaitForSingleObjectEx
WriteConsoleW
OutputDebugStringW
SetEndOfFile

user32

LoadMenuW
DestroyMenu
EnableMenuItem
GetSubMenu
DeleteMenu
TrackPopupMenu
SetMenuItemInfoW
SetWindowTextW
CheckMenuRadioItem
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
PostQuitMessage
FlashWindow
DialogBoxParamW
EnableWindow
GetMenu
DrawIcon
DrawTextExW
AdjustWindowRectEx
MessageBoxW
CopyRect
LoadIconW
GetIconInfo
IsDialogMessageW
PostMessageW
SetProcessDefaultLayout
CharUpperW
SetTimer
KillTimer
DrawTextExA
SetScrollInfo
GetScrollInfo
AnimateWindow
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
IntersectRect
EnumWindows
GetWindowThreadProcessId
EnumDisplayMonitors
GetCursorInfo
PtInRect
OffsetRect
SetRectEmpty
GetActiveWindow
DrawFocusRect
GetSysColorBrush
GetSysColor
ScreenToClient
GetCursorPos
SetCursor
GetWindowTextLengthW
GetWindowTextW
RedrawWindow
InvalidateRect
EndDialog
SystemParametersInfoW
LoadImageW
DestroyIcon
LoadCursorW
GetClassNameW
GetParent
GetDesktopWindow
EndPaint
BeginPaint
ReleaseDC
UpdateWindow
DrawTextW
IsWindowEnabled
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
CreateDialogParamW
IsWindowVisible
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetGuiResources
LoadStringW
GetWindow
SetWindowLongW
GetWindowLongW
MapWindowPoints
GetWindowRect
GetClientRect
GetDC
CharNextW
MoveWindow
SetWindowLongPtrW
FillRect
GetWindowLongPtrW
SetWindowPos

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
LookupPrivilegeValueW

ole32

CoCreateGuid
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarR8FromStr
VarDateFromStr
VarUI4FromStr
VarDecFromStr
VarDecCmp
SysFreeString
VarI4FromStr

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_ReplaceIcon
ImageList_Remove
_TrackMouseEvent

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70fcb28383be83586e6b1fa1dfdb8728

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

ws2_32

dnsapi

wininet

rpcrt4

gdi32

shell32

comdlg32

version

kernel32

user32

advapi32

ole32

oleaut32

comctl32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 337KB - Virtual size: 336KB

.data Size: 9KB - Virtual size: 16KB

.pdata Size: 51KB - Virtual size: 51KB

.gfids Size: 512B - Virtual size: 476B

.rsrc Size: 321KB - Virtual size: 321KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 337KB - Virtual size: 336KB

.data
Size: 9KB - Virtual size: 16KB

.pdata
Size: 51KB - Virtual size: 51KB

.gfids
Size: 512B - Virtual size: 476B

.rsrc
Size: 321KB - Virtual size: 321KB

.reloc
Size: 4KB - Virtual size: 4KB