ActivitiesCacheParser[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ActivitiesCacheParser.exe
Size

3.5MB
MD5

87e66550fc430fa960760ff17d2ef3b9
SHA1

937070cba8417990c122bf1090736402519ae2cb
SHA256

a342f9216ec4f9f52c4ed1e713c316cec52b23deb97bb8f6d968ba51d3d31577
SHA512

0153afd4d96fe50617b41401d82d8a083ea90c005e64246af6d6196d559e5c241cc2208467a9327b4c3269ff289ad958deaa0fea82d2b27815cf8bda781d1b9d
SSDEEP

49152:MOjPWh7TKuk2ihIU6iJGzJqaOcwMtF1Lcf4XkmPaeqvXclTvyj0DOh5Pn4LpriPf:PW+uxLWemXDcrLo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ActivitiesCacheParser.exe

Files

ActivitiesCacheParser.exe
.exe windows:6 windows x64 arch:x64

da741836b9de52d49c9e63da9a10dd6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\PC\source\repos\ActivitiesCache Parser\x64\Release\ActivitiesCache Parser.pdb

Imports

kernel32

TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
AreFileApisANSI
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
RaiseException
GetSystemInfo
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetFileInformationByHandleEx
ReadFile
GetSystemTime
GetFileType
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetCurrentProcessId
GetProcAddress
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetFileSizeEx
CreateFileMappingA
LoadLibraryW
CloseHandle
ReadConsoleW
GetConsoleMode
MultiByteToWideChar
CreateFileW
FindClose
SetConsoleMode
GetStdHandle
GetCurrentProcess
FindFirstFileW
LoadLibraryA
QueryPerformanceFrequency
GetEnvironmentVariableW
GetModuleHandleW
SetLastError
SwitchToThread
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
GetModuleHandleExW
RtlVirtualUnwind
DeleteFiber
FindFirstFileExW
GetLocaleInfoEx
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
ReadConsoleA
FindNextFileW
ConvertFiberToThread

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertNameToStrA
CertFreeCertificateContext

advapi32

CryptGetUserKey
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW

ws2_32

WSAGetLastError
WSACleanup
recv
send
WSASetLastError
closesocket

msvcp140

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Xtime_get_ticks
_Query_perf_counter
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?_Winerror_map@std@@YAHH@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_frequency
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

bcrypt

BCryptGenRandom

vcruntime140

strstr
_CxxThrowException
strchr
__intrinsic_setjmp
__C_specific_handler
__current_exception_context
__current_exception
wcsstr
memchr
memmove
longjmp
memcmp
strrchr
memcpy
memset
__std_terminate
__std_exception_destroy
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
raise
exit
strerror_s
_errno
_invalid_parameter_noinfo_noreturn
_wassert
_exit
signal
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
terminate
_seh_filter_exe
_set_app_type
system
_get_initial_narrow_environment
_initterm
_initterm_e
abort
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_endthreadex

api-ms-win-crt-stdio-l1-1-0

_read
fclose
__acrt_iob_func
fflush
fseek
_set_fmode
fgetc
getc
ferror
__stdio_common_vfprintf
clearerr
fopen
_setmode
fgets
_sopen_s
_filelength
_close
_wfopen
_get_stream_buffer_pointers
ftell
_fseeki64
fsetpos
ungetc
_fileno
fgetpos
fputc
fwrite
feof
__stdio_common_vswprintf
__stdio_common_vsprintf
__p__commode
__stdio_common_vsscanf
fread
fputs
setvbuf

api-ms-win-crt-string-l1-1-0

isdigit
isxdigit
strcspn
strspn
isprint
strncmp
_strnicmp
_stricmp
strncpy
strcmp
isspace
tolower
_strdup
strnlen

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
_stat64i32

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
atoi
strtod
_strtoi64
strtoull
strtoll
atof

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
_callnewh
realloc
calloc
_msize

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_mkgmtime64
_localtime64_s
strftime
_gmtime64_s
_time64
_localtime64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale
localeconv

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-math-l1-1-0

__setusermatherr
log2
pow
_dclass
ceilf
_isnan

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 708KB - Virtual size: 708KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da741836b9de52d49c9e63da9a10dd6f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

crypt32

advapi32

ws2_32

msvcp140

wintrust

bcrypt

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

user32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 708KB - Virtual size: 708KB

.data Size: 91KB - Virtual size: 139KB

.pdata Size: 104KB - Virtual size: 103KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 708KB - Virtual size: 708KB

.data
Size: 91KB - Virtual size: 139KB

.pdata
Size: 104KB - Virtual size: 103KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 24KB - Virtual size: 23KB