565bb1a88a156333d1dd617967ce4fddd5abbe75c2baef8c54194b534fcbce4dN

Sharing

Copy URL Twitter E-mail

General

Target

565bb1a88a156333d1dd617967ce4fddd5abbe75c2baef8c54194b534fcbce4dN
Size

2.2MB
MD5

fb3cdb208d301f2491d67e7741fdc5c0
SHA1

9f7d165e3e834b8f8765330e466b40b794e8891d
SHA256

565bb1a88a156333d1dd617967ce4fddd5abbe75c2baef8c54194b534fcbce4d
SHA512

9d5bafa4632d45f7c671ee87ad26a8623591785b1a2b552d0d7dac2320b09d0717596851287452f6a8ecf8c1e2ce11b64618d7a7b9c928f4a3072f1f32feb6da
SSDEEP

49152:nTcFAZs3mDjuA3QvXtQgSElYkmPM7TQkJ0UvqR3v30Ixa+Ij15c6axSU50X1fxbB:D63mDjuA3QvXtQgSd/neElYDR+lDpn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
565bb1a88a156333d1dd617967ce4fddd5abbe75c2baef8c54194b534fcbce4dN

Files

565bb1a88a156333d1dd617967ce4fddd5abbe75c2baef8c54194b534fcbce4dN
.exe windows:5 windows x86 arch:x86

3093f79dd41de9312beef260744548ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Libs1\crashpad\crashpad\out\Release\crashpad_handler.exe.pdb

Imports

advapi32

ImpersonateNamedPipeClient
RevertToSelf
SystemFunction036

user32

UnregisterClassW
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
DestroyWindow
GetWindowLongW
SetWindowLongW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders

powrprof

CallNtPowerInformation

kernel32

SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
GetProcessHeap
HeapQueryInformation
HeapSize
SetStdHandle
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
OutputDebugStringA
GetCurrentThread
GetACP
GetModuleHandleExW
SetUnhandledExceptionFilter
SetProcessShutdownParameters
SetConsoleCtrlHandler
OutputDebugStringW
GetLastError
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
CreateDirectoryW
CreateFileW
DeleteFileW
GetFileAttributesW
LockFileEx
SetEndOfFile
UnlockFileEx
GetStdHandle
GetFileType
CloseHandle
RaiseException
SetEvent
WaitForSingleObject
SleepEx
CreateEventW
Sleep
GetCurrentProcess
CreateThread
GetExitCodeThread
CreateProcessW
FlushInstructionCache
OpenProcess
WriteConsoleW
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
GetModuleFileNameW
DuplicateHandle
ConnectNamedPipe
DisconnectNamedPipe
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
UnregisterWaitEx
RegisterWaitForSingleObject
GetFileInformationByHandleEx
SetLastError
IsWow64Process
GetModuleHandleW
FormatMessageA
GetFileSizeEx
ReadFile
SetFilePointerEx
WriteFile
GetNamedPipeInfo
InitializeCriticalSection
GetProcAddress
LoadLibraryW
GetSystemInfo
VirtualQueryEx
ReadProcessMemory
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
TerminateProcess
ReleaseSemaphore
CreateSemaphoreW
GetProcessTimes
SuspendThread
ResumeThread
GetProcessId
GetThreadContext
IsProcessorFeaturePresent
GetVersionExW
GetTimeZoneInformation
GetThreadLocale
GetSystemDefaultLCID
GetUserDefaultLCID
WideCharToMultiByte
MultiByteToWideChar
EncodePointer
DecodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetVersion
RtlUnwind
FreeLibrary
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
GetCommandLineA
GetCommandLineW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
HeapAlloc
HeapFree
HeapReAlloc
GetModuleFileNameA
ExitProcess
ReadConsoleW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 299B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 600KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3093f79dd41de9312beef260744548ed

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

user32

version

winhttp

powrprof

kernel32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 364KB - Virtual size: 364KB

.data Size: 8KB - Virtual size: 14KB

.idata Size: 7KB - Virtual size: 6KB

CPADinfo Size: 512B - Virtual size: 299B

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 600KB - Virtual size: 604KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 364KB - Virtual size: 364KB

.data
Size: 8KB - Virtual size: 14KB

.idata
Size: 7KB - Virtual size: 6KB

CPADinfo
Size: 512B - Virtual size: 299B

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 600KB - Virtual size: 604KB