Static task
static1
Target
WerFault.exe
Size
564KB
MD5
26c84a467b489a0e60f3720ae5b064dc
SHA1
74a37701f7d4c9d899a857546c3410d650a72eb3
SHA256
9a0064029ce405645241c3eaba297f6c8a554e2e899ee7e3ddfa5341b5768475
SHA512
1a9e7ff6409ccec733fa80dbd7250b4fd5687517b7652150fa85e383e503c7f5d1bf5d4bb0216247e86525fa546502cd340a4f51eaaf93e5775ec209e1c81a17
SSDEEP
12288:Oc8m9ougNRVwwIBYwKNkYEAmVHQOivk4Ec2Hywb:HuvfkVOOivk4Ecyhb
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
WerFault.pdb
memcpy
memmove
realloc
__setusermatherr
wcsncpy_s
_CxxThrowException
swprintf_s
_initterm
_fmode
memcmp
wcscat_s
_commode
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
memset
wcscmp
_callnewh
wcscpy_s
towlower
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
isspace
tolower
_purecall
_wtoi64
wcsstr
wcsncmp
memmove_s
__C_specific_handler
toupper
_wcstoui64
malloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
_snwscanf_s
wcsrchr
_wtoi
wcspbrk
wcschr
iswspace
_wcsicmp
_wcsnicmp
_vscwprintf
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_cexit
_vsnwprintf
_exit
__CxxFrameHandler3
CryptAcquireContextW
CryptReleaseContext
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
LoadStringW
GetProcAddress
FreeLibraryAndExitThread
GetModuleHandleW
LoadLibraryExW
DeleteCriticalSection
ReleaseSRWLockShared
ReleaseSemaphore
AcquireSRWLockExclusive
CreateSemaphoreExW
InitializeSRWLock
InitializeCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionEx
ReleaseMutex
OpenEventW
WaitForSingleObjectEx
EnterCriticalSection
ResetEvent
LeaveCriticalSection
ReleaseSRWLockExclusive
CreateMutexW
SetEvent
AcquireSRWLockShared
CreateEventW
WaitForSingleObject
OpenMutexW
OpenSemaphoreW
CreateMutexExW
HeapFree
HeapAlloc
GetProcessHeap
SetErrorMode
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError
CreateThread
GetThreadId
OpenProcessToken
GetProcessTimes
CreateProcessW
GetCurrentThreadId
TerminateProcess
GetCurrentThread
GetCurrentProcessId
OpenThread
GetThreadPriority
GetCurrentProcess
GetProcessId
SetThreadPriority
GetExitCodeThread
GetPriorityClass
SetPriorityClass
LCMapStringW
GetSystemDefaultLangID
GetUserGeoID
GetThreadUILanguage
FormatMessageW
OutputDebugStringW
DebugBreak
IsDebuggerPresent
DuplicateHandle
CloseHandle
SetThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
EventUnregister
EventSetInformation
EventProviderEnabled
EventWriteTransfer
EventWrite
EventRegister
WakeByAddressSingle
WaitOnAddress
Sleep
InitOnceBeginInitialize
InitOnceComplete
RtlVirtualUnwind
RtlCompareMemory
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetWindowsDirectoryW
GetSystemDirectoryW
GetTickCount64
GetSystemInfo
GetVersionExW
GlobalMemoryStatusEx
GetTickCount
MultiByteToWideChar
CompareStringW
GetStringTypeExW
LocalAlloc
LocalFree
IsWow64Process2
GetSystemWow64DirectoryW
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CoUnmarshalInterface
CoUninitialize
CoSetProxyBlanket
SysFreeString
SysAllocStringLen
GetSidSubAuthority
EqualSid
GetSidSubAuthorityCount
GetTokenInformation
CreateWellKnownSid
IsValidSid
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
CopySid
GetLengthSid
GetKernelObjectSecurity
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetKernelObjectSecurity
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW
CreateDirectoryW
GetLogicalDriveStringsW
GetFileAttributesW
QueryDosDeviceW
GetDriveTypeW
SetFileAttributesW
GetDiskFreeSpaceExW
GetFinalPathNameByHandleW
GetTempFileNameW
GetFileSize
DeleteFileW
FindFirstFileW
WriteFile
ReadFile
FindClose
GetLongPathNameW
FindNextFileW
CompareFileTime
FileTimeToLocalFileTime
GetFileAttributesExW
SetFileInformationByHandle
CreateFileW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
VirtualQuery
ReadProcessMemory
VirtualQueryEx
VirtualAlloc
VirtualFree
RegEnumValueW
RegSetKeySecurity
RegCloseKey
RegGetKeySecurity
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegGetValueW
RegSetValueExW
RegEnumKeyExW
RegDeleteTreeW
K32GetModuleFileNameExW
K32EnumProcessModules
QueryFullProcessImageNameW
GetNativeSystemInfo
GetProductInfo
SetProcessMitigationPolicy
GetThreadContext
OpenProcess
GetThreadTimes
StartServiceW
OpenSCManagerW
CloseServiceHandle
OpenServiceW
QueryServiceConfigW
FileTimeToSystemTime
GetCommandLineW
ExpandEnvironmentStringsW
SearchPathW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetTempPathW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
SetEntriesInAclW
GetUserDefaultUILanguage
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
RtlSecondsSince1970ToTime
EtwUnregisterTraceGuids
NtQueryInformationToken
NtQueryInformationThread
NtQueryInformationProcess
RtlInitUnicodeString
RtlNtStatusToDosError
RtlImageNtHeaderEx
RtlGetVersion
NtOpenEvent
NtQueryEvent
NtClose
NtQuerySystemInformation
NtQueryLicenseValue
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
NtDeviceIoControlFile
NtAllocateVirtualMemory
NtFreeVirtualMemory
NtSetSystemInformation
RtlAdjustPrivilege
RtlGetUnloadEventTraceEx
RtlSetThreadErrorMode
PssNtCaptureSnapshot
DbgPrint
ZwQueryInformationThread
NtQueryObject
RtlAllocateHeap
DbgPrintEx
ZwQueryWnfStateNameInformation
ZwUpdateWnfStateData
EtwEventWriteNoRegistration
NtCreateFile
NtSuspendProcess
NtResumeProcess
RtlCreateProcessReflection
NtSystemDebugControl
NtPowerInformation
RtlFreeHeap
RtlFreeSid
NtAlpcSendWaitReceivePort
NtAlpcConnectPort
NtWaitForSingleObject
RtlAllocateAndInitializeSid
WerpSetExitListeners
WerpCreateMachineStore
WerpAddTerminationReason
WerpValidateReportKey
WerpGetStorePath
RegisterWaitChainCOMCallback
OpenThreadWaitChainSession
GetThreadWaitChain
CloseThreadWaitChainSession
WerpAuxmdFree
WerpFreeUnmappedVaRanges
WerpFlushImageCache
WerpForceDeferredCollection
WerpTraceSnapshotStatistics
WerpTraceAuxMemDumpStatistics
WerpTraceUnmappedVaRangesStatistics
WerpTraceImageCacheStatistics
WerpResetTransientImageCacheStatistics
WerpStitchedMinidumpVmQueryCallback
WerpStitchedMinidumpVmPreReadCallback
WerpStitchedMinidumpVmPostReadCallback
WerpGetReportFlags
WerpSetReportFlags
WerReportSetUIOption
WerpIsTransportAvailable
WerpRestartApplication
WerpAuxmdInitialize
WerpAuxmdDumpProcessImages
WerpAuxmdDumpRegisteredBlocks
WerpAuxmdFreeCopyBuffer
WerpAuxmdHashVaRanges
WerpAuxmdMapFile
WerpInitializeImageCache
WerpUnmapProcessViews
WerpAddFile
WerpSetReportNamespaceParameter
WerpReportCancel
WerpCreateIntegratorReportId
WerpFreeString
WerpSetTelemetryAppParams
WerpSetProcessTimelines
WerReportCreate
WerpReportSprintfParameter
WerpSetTelemetryKernelParams
WerpSetIptEnabled
WerpPromptUser
WerpSetTtdStatus
WerReportAddFile
WerpReserveMachineQueueReportDir
WerpGetReportId
WerpSetCallBack
WerpSetReportIsFatal
WerReportSubmit
WerpGetNumFiles
WerpGetFileByIndex
WerpAddAppCompatData
WerReportAddDump
WerpAddRegisteredDataToReport
WerpGetExtendedDiagData
WerpAddMemoryBlock
WerReportCloseHandle
WerpSetDynamicParameter
WerReportSetParameter
WerpSetEventName
WerpHashApplicationParameters
WerpSetReportApplicationIdentity
WerpSetIntegratorReportId
IsOS
SymInitialize
StackWalk64
SymGetModuleInfoW64
SymGetModuleBase64
SymCleanup
SymFunctionTableAccess64
MiniDumpWriteDump
CoGetCallState
CoGetActivationState
WerGetFlags
GetApplicationRestartSettings
I_QueryTagInformation
ApiSetQueryApiSetPresence
ResolveDelayLoadedAPI
DelayLoadFailureHook
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
IsWow64Process
WaitForMultipleObjects
CheckRemoteDebuggerPresent
QueryUnbiasedInterruptTime
PssQuerySnapshot
PssDuplicateSnapshot
PssWalkMarkerCreate
PssWalkMarkerFree
PowerSettingRegisterNotification
PowerSettingUnregisterNotification
LoadLibraryW
StopTraceW
StartTraceW
BCryptDestroyHash
BCryptHashData
BCryptFinishHash
BCryptCreateHash
UuidToStringW
RpcStringFreeW
UuidCreate
MoveFileExW
RegSetKeyValueW
QueryTraceW
EnableTrace
RegDeleteKeyA
RegOpenKeyW
RegDeleteKeyW
Thread32Next
Thread32First
Process32FirstW
Module32NextW
Module32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetProcessIoCounters
CommandLineToArgvW
StrStrIW
BuildSecurityDescriptorW
WerpInitiateCrashReporting
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ