crashpad_handler[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

crashpad_handler.exe
Size

615KB
MD5

9f12b93fbe757f35df3cb953a52c593f
SHA1

74e3808a94a78ccecdee9cb8b02eb0ee23ac9a81
SHA256

d7fdaa84062bd7594fc5fc9a9eef37afe07f25a6c2e332e88bac1b35becb4c81
SHA512

798b46eb29f0d3f849ee1c57ed16ebd0d4fa63f9ba10edefa8a26683b5baf43afe2213f46e5da4ce391af56fb3310c89e938f48738168c48dd0718494eaef203
SSDEEP

12288:PWHL42mwBOrsD7AVFO5rxLEuuOdfj/Tua/rRe408RIE:OUzwBUsD7AVFO5rxLEuuOdfj/Tua/9ep

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
crashpad_handler.exe

Files

crashpad_handler.exe
.exe windows:6 windows x64 arch:x64

19bcb8354e5abf8c3f5de27c09521c5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

powrprof

CallNtPowerInformation

user32

SetWindowLongPtrW
GetWindowLongPtrW
DestroyWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
UnregisterClassW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winhttp

WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpWriteData
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
BuildSecurityDescriptorW
RevertToSelf
ImpersonateNamedPipeClient
SystemFunction036

kernel32

CreateProcessW
Sleep
SleepEx
GetFileAttributesW
DeleteFileW
FindFirstFileExW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
InitOnceExecuteOnce
DeleteCriticalSection
FindNextFileW
GetFileTime
RemoveDirectoryW
InitializeCriticalSection
CreateDirectoryW
CloseHandle
SetUnhandledExceptionFilter
SetProcessShutdownParameters
SetConsoleCtrlHandler
GetProcessTimes
SuspendThread
ResumeThread
GetProcessId
GetThreadContext
Wow64GetThreadContext
IsProcessorFeaturePresent
GetSystemInfo
GetVersionExW
GetTimeZoneInformation
GetThreadLocale
GetSystemDefaultLCID
GetUserDefaultLCID
GetModuleFileNameW
DuplicateHandle
GetLastError
ConnectNamedPipe
DisconnectNamedPipe
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SetEvent
WaitForSingleObject
CreateEventW
GetCurrentProcess
TerminateProcess
CreateThread
OpenProcess
UnregisterWaitEx
RegisterWaitForSingleObject
GetFileInformationByHandleEx
SetLastError
IsWow64Process
GetModuleHandleW
FormatMessageA
VirtualQueryEx
ReadProcessMemory
GetSystemTimeAsFileTime
FindClose
GetProcAddress
LoadLibraryW
CreateFileW
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetVersion
ReleaseSemaphore
CreateSemaphoreW
GetStdHandle
GetFileType
LockFileEx
ReadFile
SetEndOfFile
SetFilePointerEx
UnlockFileEx
WriteFile
LocalFree
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?flags@ios_base@std@@QEBAHXZ
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
?_Xout_of_range@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
?_Xbad_alloc@std@@YAXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z

vcruntime140

__std_exception_destroy
_CxxThrowException
__std_exception_copy
__std_terminate
__C_specific_handler
strchr
_purecall
memset
memmove
memcpy
memcmp
__CxxFrameHandler3
memchr

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
signal
__p___wargv
_invalid_parameter_noinfo_noreturn
terminate
_initialize_wide_environment
__p___argc
_configure_wide_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
abort
_c_exit
_get_wide_winmain_command_line
_exit
exit
_initterm_e
_initterm
_errno
_cexit

api-ms-win-crt-stdio-l1-1-0

fflush
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vsprintf_p
__p__commode
__acrt_iob_func
_set_fmode
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

strnlen
wcsncmp
tolower
wcsnlen
strncmp
_wcsicmp
isspace

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-heap-l1-1-0

_aligned_free
_aligned_malloc
_callnewh
malloc
free
_set_new_mode

api-ms-win-crt-convert-l1-1-0

strtoul
strtoull

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dtest

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_wstat64

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 397KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19bcb8354e5abf8c3f5de27c09521c5d

Headers

DLL Characteristics

File Characteristics

Imports

powrprof

user32

version

winhttp

advapi32

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 397KB - Virtual size: 396KB

.rdata Size: 184KB - Virtual size: 183KB

.data Size: 8KB - Virtual size: 9KB

.pdata Size: 22KB - Virtual size: 21KB

CPADinfo Size: 512B - Virtual size: 56B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 397KB - Virtual size: 396KB

.rdata
Size: 184KB - Virtual size: 183KB

.data
Size: 8KB - Virtual size: 9KB

.pdata
Size: 22KB - Virtual size: 21KB

CPADinfo
Size: 512B - Virtual size: 56B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB