e84ea4f2b74659a22073f74f05ac82d02c2c0a83a7127d190787f5e13f4970b3

Sharing

Copy URL

Twitter E-mail

General

Target

e84ea4f2b74659a22073f74f05ac82d02c2c0a83a7127d190787f5e13f4970b3
Size

869KB
MD5

87d94c79828744d5b230ffd25af2534b
SHA1

79c52969513ef6b339479a20b8583210a1535a9b
SHA256

e84ea4f2b74659a22073f74f05ac82d02c2c0a83a7127d190787f5e13f4970b3
SHA512

34ed1acdd7fc0529a33b33a8e6c6abbb148f0cdea726fefc65d7054793d9dcdb9e9721ebddeef48e4e84c25734d17af8ff017326640fc3d5a4bf5a2a4ac402d4
SSDEEP

24576:U6fy+z5rN622i56wF4l/QeecrPTsiMceJrOtDVTZ:Q+zp82V6wFyecrTvMHJKTd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e84ea4f2b74659a22073f74f05ac82d02c2c0a83a7127d190787f5e13f4970b3

Files

e84ea4f2b74659a22073f74f05ac82d02c2c0a83a7127d190787f5e13f4970b3
.exe windows:6 windows x86 arch:x86

173fa97e44dd4e3bb6088a4192da794b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\project2\crash_report\build_crashpad\crashpad\out\x86_rel\crashpad_handler.pdb

Imports

kernel32

GetModuleFileNameW
GetFileInformationByHandleEx
GetCurrentProcess
RegisterWaitForSingleObject
GetQueuedCompletionStatus
WaitForSingleObject
DuplicateHandle
DisconnectNamedPipe
OpenProcess
PostQueuedCompletionStatus
CreateEventW
SetEvent
CreateThread
UnregisterWaitEx
CreateIoCompletionPort
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateFileW
GetVersion
TransactNamedPipe
WaitNamedPipeW
LoadLibraryW
GetProcAddress
FindClose
CloseHandle
TerminateProcess
ReleaseSemaphore
CreateSemaphoreW
ReadFile
GetFileSizeEx
GetStdHandle
WriteFile
SetEndOfFile
UnlockFileEx
SetFilePointerEx
LockFileEx
GetFileType
GetModuleHandleW
FormatMessageA
LocalFree
CreateDirectoryW
GetFileAttributesW
DeleteFileW
GetTimeZoneInformation
GetSystemInfo
IsProcessorFeaturePresent
VerSetConditionMask
VerifyVersionInfoW
GetProcessId
SuspendThread
ResumeThread
GetThreadContext
GetProcessTimes
GetSystemDefaultLCID
GetThreadLocale
GetUserDefaultLCID
GetPrivateProfileStringW
CreateProcessW
IsWow64Process
WriteProcessMemory
Sleep
VirtualAllocEx
ReadProcessMemory
SleepEx
IsDebuggerPresent
SizeofResource
MultiByteToWideChar
LockResource
GlobalAlloc
GlobalFree
FindResourceExW
IsDBCSLeadByte
LoadResource
FindResourceW
GlobalLock
lstrcpyW
GlobalUnlock
GetPrivateProfileSectionW
VirtualFree
VirtualAlloc
VirtualProtect
DeviceIoControl
CreateFileA
SetLastError
SwitchToThread
GetFullPathNameW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
GetCurrentProcessId
GetLocalTime
OutputDebugStringW
FormatMessageW
GetCurrentThreadId
SetUnhandledExceptionFilter
GetProcessHeap
DeleteCriticalSection
GetCurrentDirectoryW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
HeapDestroy
InitializeCriticalSection
VirtualQueryEx
GetFileTime
RemoveDirectoryW
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleExW
ExitProcess
GetCommandLineW
GetCommandLineA
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetStartupInfoW
InitializeSListHead
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetCPInfo
GetStringTypeW
GetSystemTimeAsFileTime
InitOnceExecuteOnce
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
SetProcessShutdownParameters
HeapFree
WideCharToMultiByte
SetConsoleCtrlHandler
LCMapStringEx
EncodePointer
QueryPerformanceCounter

advapi32

ImpersonateNamedPipeClient
RevertToSelf
BuildSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
SystemFunction036
RegOpenKeyExA

user32

UnregisterClassW
DestroyWindow
PostMessageW
DefWindowProcW
GetMessageW
GetWindowLongW
EnableWindow
DispatchMessageW
RegisterClassW
TranslateMessage
EndPaint
BeginPaint
InvalidateRect
LoadImageW
DialogBoxParamW
GetSysColorBrush
KillTimer
SetWindowLongW
CreateWindowExW
DrawIconEx
DrawTextW
GetDlgItem
GetClientRect
MapDialogRect
SetClipboardData
SendDlgItemMessageW
MapWindowPoints
SetDlgItemTextW
EmptyClipboard
CloseClipboard
ClientToScreen
SetTimer
OpenClipboard
GetWindowTextLengthW
EndDialog
GetWindowTextW
GetWindowThreadProcessId
GetMenuItemCount
CreatePopupMenu
TrackPopupMenu
DestroyMenu
RegisterClipboardFormatW
GetKeyState
CallWindowProcW
GetWindowRect
SetWindowPos
SendMessageW
SetWindowTextW
ShowWindow
IsWindow

winhttp

WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReadData
WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpConnect
WinHttpCrackUrl

powrprof

CallNtPowerInformation

ole32

CoTaskMemFree
CoCreateGuid
StringFromCLSID
OleInitialize
DoDragDrop
OleUninitialize

shlwapi

PathFileExistsW
PathRemoveFileSpecW

gdiplus

GdiplusStartup

comctl32

ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx

gdi32

DeleteObject
SetBkMode
SetTextColor
GetStockObject
CreateFontW
SelectObject

oleaut32

SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysStringLen

shell32

ord155
SHGetFileInfoW
SHBindToParent
SHGetDesktopFolder
ShellExecuteW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 578KB - Virtual size: 578KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

173fa97e44dd4e3bb6088a4192da794b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

winhttp

powrprof

ole32

shlwapi

gdiplus

comctl32

gdi32

oleaut32

shell32

version

Sections

.text Size: 578KB - Virtual size: 578KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 11KB - Virtual size: 15KB

CPADinfo Size: 512B - Virtual size: 40B

.rsrc Size: 61KB - Virtual size: 61KB

.reloc Size: 92KB - Virtual size: 96KB

.text
Size: 578KB - Virtual size: 578KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 11KB - Virtual size: 15KB

CPADinfo
Size: 512B - Virtual size: 40B

.rsrc
Size: 61KB - Virtual size: 61KB

.reloc
Size: 92KB - Virtual size: 96KB