5T>{%B4wu[u'}/~HXs$-=h~{Y$]Z0-ZM>qc2GHPw&?M:`[2/?&[wN9JNtEq$@(yinNof|n_G;LtSUv$DM*@F!=r]9(qMrMRs\gj
Overview
overview
10Static
static
3BugSplat64.dll
windows7-x64
10BugSplat64.dll
windows10-2004-x64
10PO202501B.exe
windows7-x64
10PO202501B.exe
windows10-2004-x64
10vcruntime140.dll
windows7-x64
1vcruntime140.dll
windows10-2004-x64
1vcruntime140_1.dll
windows7-x64
1vcruntime140_1.dll
windows10-2004-x64
1vcruntime211.dll
windows7-x64
1vcruntime211.dll
windows10-2004-x64
1Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
BugSplat64.dll
Resource
win7-20241010-en
windows7-x64
12 signatures
150 seconds
Behavioral task
behavioral2
Sample
BugSplat64.dll
Resource
win10v2004-20250217-en
windows10-2004-x64
12 signatures
150 seconds
Behavioral task
behavioral3
Sample
PO202501B.exe
Resource
win7-20240729-en
windows7-x64
12 signatures
150 seconds
Behavioral task
behavioral4
Sample
PO202501B.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
12 signatures
150 seconds
Behavioral task
behavioral5
Sample
vcruntime140.dll
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral6
Sample
vcruntime140.dll
Resource
win10v2004-20250217-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral7
Sample
vcruntime140_1.dll
Resource
win7-20240903-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral8
Sample
vcruntime140_1.dll
Resource
win10v2004-20250217-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral9
Sample
vcruntime211.dll
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral10
Sample
vcruntime211.dll
Resource
win10v2004-20250217-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
26452bc527e96dc49c07a506f363c92ad485dc087a1d5c6ad4e5c64c1b463ef2
-
Size
1.6MB
-
MD5
59119f37bec2cdea4b2777f4afe4a203
-
SHA1
1d073a3170c9f2425df56ca08e1a00ac2d526246
-
SHA256
26452bc527e96dc49c07a506f363c92ad485dc087a1d5c6ad4e5c64c1b463ef2
-
SHA512
7c7e634aa7f27fe091de2e6da782e5ed462ad10eefa22794f017c838674f1ad84de7ebbaf91d492cb45600fe0d8abd84d850719963ca488835ab135c80504e5f
-
SSDEEP
24576:MQHwY+TNIkEvqdyZqJ4xJku/EA/Vx/uYgXht2CpX0kze+b8dTWIFUbcJ5K7ztPv0:3HJ+JXKxqGJkpIJyhrpp2TWIZJ5M9Mum
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/BugSplat64.dll
Files
-
26452bc527e96dc49c07a506f363c92ad485dc087a1d5c6ad4e5c64c1b463ef2.zip
-
BugSplat64.dll.dll windows:6 windows x64 arch:x64
2b89be9363c52babc40e5eddb0706aa7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
advapi32
AdjustTokenPrivileges
DeregisterEventSource
GetTokenInformation
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegisterEventSourceW
ReportEventW
bcrypt
BCryptDestroyHash
BCryptDecrypt
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptEncrypt
BCryptFinishHash
BCryptGenRandom
BCryptGetProperty
BCryptHashData
BCryptImportKey
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptDestroyKey
kernel32
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
RtlUnwindEx
InitializeSListHead
IsProcessorFeaturePresent
CancelThreadpoolIo
CloseHandle
CloseThreadpoolIo
CloseThreadpoolWait
CloseThreadpoolWork
CompareStringEx
CompareStringOrdinal
CopyFileExW
CreateDirectoryW
CreateEventExW
CreateFileW
CreatePipe
CreateProcessW
CreateThread
CreateThreadpoolIo
CreateThreadpoolWait
CreateThreadpoolWork
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoExEx
EnumTimeFormatsEx
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNLSStringEx
FindStringOrdinal
FlushFileBuffers
FormatMessageW
FreeConsole
FreeLibrary
GetCPInfoExW
GetCalendarInfoEx
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumberEx
GetCurrentThread
GetDynamicTimeZoneInformation
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandleEx
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoEx
GetLongPathNameW
GetModuleFileNameW
GetOverlappedResult
GetProcAddress
GetProcessId
GetStdHandle
GetSystemDirectoryW
GetSystemTime
GetThreadPriority
GetTickCount64
GetTimeZoneInformation
GetUserPreferredUILanguages
InitializeConditionVariable
InitializeCriticalSection
IsDebuggerPresent
K32EnumProcesses
LCMapStringEx
LeaveCriticalSection
LoadLibraryExW
LocalAlloc
LocalFree
LocaleNameToLCID
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseFailFastException
ReadConsoleW
ReadFile
ResolveLocaleName
ResumeThread
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetLastError
SetThreadErrorMode
SetThreadPriority
SetThreadpoolWait
Sleep
SleepConditionVariableCS
StartThreadpoolIo
SubmitThreadpoolWork
SystemTimeToFileTime
TerminateProcess
TzSpecificLocalTimeToSystemTime
VirtualAlloc
VirtualFree
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForThreadpoolWaitCallbacks
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
FlushProcessWriteBuffers
WaitForSingleObjectEx
AddVectoredExceptionHandler
GetModuleHandleW
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
VerSetConditionMask
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
GetCurrentThreadId
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
CreateMemoryResourceNotification
QueryInformationJobObject
GetModuleHandleExW
GetProcessAffinityMask
VerifyVersionInfoW
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
VirtualQuery
GetSystemTimeAsFileTime
ResetEvent
InitializeCriticalSectionEx
SleepEx
DebugBreak
GlobalMemoryStatusEx
GetSystemInfo
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
ole32
CoGetApartmentType
CoCreateGuid
CoTaskMemAlloc
CoWaitForMultipleHandles
CoUninitialize
CoTaskMemFree
CoInitializeEx
user32
LoadStringW
api-ms-win-crt-heap-l1-1-0
calloc
malloc
free
_callnewh
api-ms-win-crt-math-l1-1-0
modf
ceil
api-ms-win-crt-string-l1-1-0
strcmp
memset
strcpy_s
wcsncmp
_stricmp
strncpy_s
api-ms-win-crt-convert-l1-1-0
strtoull
api-ms-win-crt-runtime-l1-1-0
_seh_filter_dll
_configure_narrow_argv
_initterm_e
_execute_onexit_table
abort
_crt_atexit
_initterm
_cexit
_initialize_narrow_environment
_register_onexit_function
terminate
_initialize_onexit_table
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsscanf
__stdio_common_vsprintf_s
__stdio_common_vfprintf
__acrt_iob_func
Exports
Exports
08tlQXB
0CeLyXk3oWuZGrnFboZSpl
0TUxuMyKiC11JOKFQPr2jDUZ
0YHZkkgrk3bUxwhLpfzg6
0eyqT4XH6hVYdmXtgc
0poGhOYzqwIHa1ZEf8aSpvhozLNdCv
0v59kFDyDz
1H1IuGzdFgrr0FBmspRlD
1aqC9MA5Z2IRUKQ8o2OX1nbmcKR
1bjgoRxW4NJ6Z5WnI0B3OWANdUSZWgQ
1hYORINNvSh6mkLn0J1HdMk1stXMu6m
1iAd6eyQHrN2UPfKklOsuGzvuUM9yjs
2RjcB8ICpbcQ4Yt4V5NVn
2ZECWGu4d1xmbjfsdvLXhHKzVvIqk
3RwQBVsohTvXCVCw5ZzbYFeMLbIXsqB
3S6oPLlQ
3dmMmdKXPkpj49Hv9sgFEwVwptEFR
3rHJClPV7FS5JHPKj
3tSopYA8PzP48iR
3xw9NYHrBLhHgIl
45CTDEyXBrW4m6OwLquD4k7WSEQ79NT
460PYjS4mf
46AvfjuQhTrAT6wI
49fURSgPmXtEjFT7jlA4zhy6xK12E
4A4MCnLLuL
4gIAK8KhX
5M2abTjSidh5
5rJK4pP77yNfz1
63lfJO0V9PZDR0gQoXLMUDdno
6IejRDQU
6nwsH6L9Dr61Ve
6ocBn8lpV3a75JQdN6U0XDxG
6puKyeemc
6tzcVTxQs
71Ld04XzN5wqIc83y
72OlwK7q9JoA2qMX5DHfMC8gN6i
7CFwmzubnfhi
7GI88fEcazK6VerHY2FkAiliRZAj9b
7H24KzB6KHIP
7m6E9PJSRC3xqs
7tpn5AYb5o
8SVYZR8Wk3e3bFaqD
8cWR3QQOKiNt4Da2f
97IXMYJJ
97WVBg2X8JFZJeJVCXIjd2vMh
9FU4pWffWpQyb711oYMspnmRc8c
9HO7nELOWfOh0fSWcgg4VKf
9VVEHckWm94TPbW8VjzpTwUCkFy4
9YYSrEeCF
9evI5Q0G0cR1vuYUBjkxqQ2StxULg
??0BugSplatImp@@QEAA@XZ
??0MiniDmpSender@@QEAA@AEBV0@@Z
??0MiniDmpSender@@QEAA@PEBD000K@Z
??0MiniDmpSender@@QEAA@PEBG000K@Z
??0MiniDmpSender@@QEAA@PEB_W000K@Z
??1MiniDmpSender@@UEAA@XZ
??4BugSplatImp@@QEAAAEAV0@AEBV0@@Z
??4MiniDmpSender@@QEAAAEAV0@AEBV0@@Z
??_7MiniDmpSender@@6B@
?CreateMiniDump@BugSplatImp@@QEAAHPEAUHINSTANCE__@@KPEAXKPEAU_EXCEPTION_POINTERS@@PEBDPEADK@Z
?DoFullMemoryDumpThenExit@BugSplatImp@@2_NA
?GetReducedGuid@BugSplatImp@@QEAAXPEADK@Z
?MiniDumpType@BugSplatImp@@2W4_MINIDUMP_TYPE@@A
?ReduceGuidString@BugSplatImp@@QEAAXPEADK@Z
?ResumeSuspendedThreads@BugSplatImp@@QEAAXXZ
?SetDbghelpFlags@MiniDmpSender@@QEAAXW4dbghelpFlags@1@@Z
?SuspendAllThreadsInProcess@BugSplatImp@@QEAAXPEAX@Z
?SuspendThreadsInCurrentProcess@BugSplatImp@@QEAAXXZ
?createReport@MiniDmpSender@@QEAAXPEAU_EXCEPTION_POINTERS@@@Z
?createReport@MiniDmpSender@@QEAAXPEBD@Z
?createReport@MiniDmpSender@@QEAAXPEB_W@Z
?createReport@MiniDmpSender@@QEAAXXZ
?createReportAndExit@MiniDmpSender@@QEAAXXZ
?enableExceptionFilter@MiniDmpSender@@QEAA_N_N@Z
?enableFullMemoryDumpAndExit@MiniDmpSender@@QEAA_N_N@Z
?getFlags@MiniDmpSender@@QEBAKXZ
?imp@MiniDmpSender@@QEAAPEAXXZ
?isExceptionFilterEnabled@MiniDmpSender@@QEBA_NXZ
?isFullMemoryDumpAndExitEnabled@MiniDmpSender@@QEBA_NXZ
?resetAppIdentifier@MiniDmpSender@@QEAAXPEBD@Z
?resetAppIdentifier@MiniDmpSender@@QEAAXPEB_W@Z
?resetVersionString@MiniDmpSender@@QEAAXPEBD@Z
?resetVersionString@MiniDmpSender@@QEAAXPEB_W@Z
?setCallback@MiniDmpSender@@QEAAXP6A_NIPEAX0@Z@Z
?setDefaultUserEmail@MiniDmpSender@@QEAAXPEBD@Z
?setDefaultUserEmail@MiniDmpSender@@QEAAXPEBG@Z
?setDefaultUserEmail@MiniDmpSender@@QEAAXPEB_W@Z
?setDefaultUserName@MiniDmpSender@@QEAAXPEBD@Z
?setDefaultUserName@MiniDmpSender@@QEAAXPEBG@Z
?setDefaultUserName@MiniDmpSender@@QEAAXPEB_W@Z
?setFlags@MiniDmpSender@@QEAA_NK@Z
?setUserZipPath@MiniDmpSender@@QEAAXPEBD@Z
?setUserZipPath@MiniDmpSender@@QEAAXPEBG@Z
?setUserZipPath@MiniDmpSender@@QEAAXPEB_W@Z
?storeUserLog@MiniDmpSender@@QEAAXPEBD@Z
?storeUserLog@MiniDmpSender@@QEAAXPEB_W@Z
?unhandledExceptionHandler@MiniDmpSender@@QEAAJPEAU_EXCEPTION_POINTERS@@@Z
ADHINmfrwPYt7XHPfYD57
AHjSHAQ4Z
AWfyC5yzf9mbXkVFa
AitONiYKxAxIvJmeNeWKQS1VW
ApJhbW0eanq3k
AtxsSIL3laP1KazFYqJNw
B7pwWvPYiE2elOd51o51MCaF
BNVAF8Z6w1KcOzPP
BTDU8AyrkPI3gYzgWvy0Ia
BWA7726
C8T100dObXWQ4yCxSadRh
C9sgZYG
COAoh0SEsMJ
CreateMiniDmpSender
D8TpKquLlEqGCcMMbbm1ymDipZB
DestroyMiniDmpSender
Dg1MSy3pJ
DhnzyOwqIL2qA8q4myEqSyHxmlVWsnH
DnRGBMMriwY6NcfRbjy
EDkXEeMfbUHvix83MPiUSAf
EiBnvVGizH0axjaCUG
ErtS8gYyNe8
F4ch3P5lip7JXBk3
FeAioDm1j17gJsX
FetN9JzkDQ
Fgk8DJyST48aiDcHvPMk87GiqJCG
Fqzg9bKeDNusUw2mqmhGCR
FwgVjvN
GicX54OIVcueY6XIqBn8
HOWeVktiE1aRBmsT27gNVH9
HW2TGLtLbmWUByrTE3n
HgdwpFEukYRD9CY6VhD
Hp6tUF1UJrrXIBfv1TWSP
ILs5ZWuvLnII9
Iy1GUa8oqAaG1jir4pKCEfcv7
IzIu1KU8sCYMo1EKTPw
JO24iAeGz3dwNHNMi8DBw7X3HPBtCR
JcJBjtv6AML22XJL0b3
JdM1qwKNKFXB9V4tNzH03R
Jsp5kEvePVnmSzYFHz8c
Jx1r6OuHI5aFmmNEoztA6ul610dVQcIx
KQfepMSj
LFbBsBJ6Wx
LgeOAmKjzbVJ
LoJJNoayXTW9fZX
MDSGetFlags
MDSResetAppIdentifier
MDSResetVersionString
MDSSetFlags
MVZMGRIJY62
Mbk8OlB08u2jiqqcA
NSN0KCo84fEUFDoUINvY4VFXlhcY
NSsg0T6WZVFsNvTfx8294vfuYtmFoI
NbsnwnEpN4D304z0
Nmko4WHPmqRpwOJUuUI65yw
NrsIpTE2
OEHRfhfhi3SD
ORziKEgR0
OU2L3oDgZhVwF3sMvXxjQ
OZ0UN0juUS9wnGEhQiaS3DI9
Ozm65vgZxVNWj9SRmzwkPE
PHraU9sJCgnLtW
PyxpdWvwHugRW9Md2p
Q3fN5kKpNM5wlN0R
QQ7Os4UepO9o6
QSm1SW6MB8RE2IOrZ
QXrXcKbEA7
Qn3LZu9Yi4H
R1gnumFUOBdXOhhF9IaPQrvRxOLM7kk5
RDAOjvNg5V4iU
RE9MtCxNWuxBmYZMo7cPrmGl
RHa66rFipCZ1UJ5UaQOLtazJxX
RX6L6uVOz5Fq0xihAqPPk2subt0b
RpKtyOOKn73
RrkHWtbRmcu7o
Rvm8HyCeXJxLZwR5f99GND55rGWTf0uq
S2S5QbWNJVE0auegwo1pU7
SJU5GfBv910A2TIZ
SOikNNUI05DMW7i3Avax
StGvz2FH3CQda37F3zhVWXBS0u3BB
T1DgNkR1rDeDHpRHiNYCe
TPI28C8kj
TUHqoSGDVaDU8W0N08fCSNSK4wwl1XlF
TdxVeYv5pbWDT0sum9O3HQIl
TraBoAydJYBn6Ylqf
Tz8mQgltihiU
U3RBqrrD5L1cKp6WwFIwWaI3UehsZ7
UUfwBGu3UqmyqGjcIngu5HEpCYUSR
UdzbPzKEB0eAaAMBKWCXm
UiLvR9snKsKNORC61kg0Ebzrsc5
V557DArwDV2
VCXmsvgEoA3XpcN
Vj15uHLrMMExAc62pQRTVSWCX4WnFIo
VvjM3AGUtfahrgNc4eyHxLm
VypFQJZ9xqJnxokExwcCH0QyfJh7wNfd
WbiAokqJDi2AsQA
Wjy7E5r3e
Wn9JXCyLoeVXWRiNp2bjtn
WnjnQ2Xl64zj
WtSv2jPzIXnD8osTfUnQwws2TDBVF
WwxcyS294o55tM
X3tjqCpMn3ZXyEbPHeqko
XFE8i7TtI1s0ZbDeCIfRUSEL
XONgTDfTnjeH1vnFEuyH3RiatL9Yk
XbS17vVXt8TAO5
XesHZtd7AFPcefiPO9TCI8RA6e
XxBfVnJ54UEVhHiEuIeGyiD
Y0wHCpz1Ch2vk3oupnsxf1G
YK450X8ocDfuBtKaLlwOKF7E
YMV7HxD6DYl0TocwO6A
YRb1cY8YqgkkdvVaUhkikJKgyh5cz7Kf
YlBYMvhg58nuJ1PF9gtKUbXIzbvPL
YwfhI5ZZKiC
ZFCC1fcp26MtKsNtbb1A
ZaYfxnj6cWFr
Zp46hhO7l
a3fUmrlzhfdHmZg9Bx5hIodjP
a8YrIo7bSOZqJpK7qhrwEqFOhQQkvp9
aAftIFGu8hJD6oI3wpbD4ZxLAKa
aI9iWEzmU
aIKHD1r
aTXHGscIjxik4G
ajG9pURv60J9lmAz7VUVkYl
bF8gfuiPK8YWA2C86u0NX7BLiRoRW9LG
bUC6OmOrpvKGt8TCnDJHr00qOB
cOWAdCE1Jrc589QnNKWwvdUXOo1jA
cYlkVSyXeKjtJECdmxww0rsjK
dny6XFXWxT8ix
eCQZgPaNCUr6R0P
eFWtoKniVxGhfaPpYcyQ86qSQv
eThEBpAhxzYgXJyW6Iq9
eaPO9KJ7BCrQU0faHcx9uXWDw692Mr
evFRWCoRpvxXNrEOAyhiN3xL
f18VU4Uy50CMlhA7v5pC43sd
f2NhULA2D9oQaWq3cezGtFNW
f7oU0D4LuYlvi40mvAEXKoM2bw9
fKDasXJWrD
fKzwMY7rVom7KloFUSq3N7BCkV
fMW4hJ22Avdc1SpiQgl3GYivU6wQA7
fPDVQI7glECBR9
fwhZxVY
gFphq2MZQ0Gy3
gKBYc7KRfYqK2kj92Qme14sOtSs1H
gKVt1tuXekSLcOeZ4VTjOQ
gjgBnDiuHFrK0xEBmXhQjswgu0sS6
gygsZr8Q34PbaVQkcTMNx8J
hLxrsZLxIBqc7wUMHM
habqIpOxJnexfpEoYkjAlOtGObb
hcgHOFnFTz5OaxB43l0CFG8
i5iLTuwPdihKv
iElhsoijHUDsFyYlD3vUQHXHsu
iG9eBKvE0bkvUNY3oTRuNNPaaRuLKt9o
iIxPsJRoqr0D1hFXI3FYJWezDv
iT210C0o1BgEIDy8BYBtO6S4
ieLzCAjHvIPvNxd
jNVROgwYYgPArxefYx2Zj0AAvl4wu50
jS40xfo0Ij0N8HXYLXK6VueP6i3BCOe
jX7ZiGCd9QUz4UfnSLYjvtyd1Na4C
k0Dd0dryqR
k9JYYgRknwUbg4
kIMUDkYh
kJZ8yd7PPZ1J9HxVR3gkcgDNAT
kc4nBu4ovHFOLIiGsz
ktVYFFZlXx3gq
lGP8XycrUsk87TUFqVV81BkemNt7C
lOlt8sn8El5PBgaRLrvNrnkeSK6fNo2
lSiny63h6C3fcbUK
lrWB6l5lPUraeCRnoPq7mJCVYSNF
lyw54ZcuNCevybBb2Kt9Qy
m7ZnZZzvF79ITRTEzhzML9IHLP
mJbw1Y8Y0VVwx1wwh
mL96lWsUC2kpP9bIEF
mYC8zczG6H24
mljndjY9P0r4o7mogcGymV
mnj1kW9gNgqfSUI
n9HK7sVyfv02frrMnmtQVz7
nG6FJH4XDD5FRVZBQVw3CIoZF1jY
nbvjnuakvOHOwwhaGTyqKg
o2XFQ46kEE7bGYy4NEf9rCfXRCd
oCmyLOUP
oNJvaCSzS1hUx
oVRwqtvG6UFj89MV1ptbzH
omQ7gIsJw2Lur9oZTdH4mZOKS
opn4pZ18vjiYY9gx
owRGGCxF
p6CnQv1X5Uad1aS
pT3ouYt2Jq8PvGOlRnh5hZrfAXDm
pVBAiYqY7AL1HnqaObt6w3i3XQG
pdEv5F0t91bzvBFGXpymTrsMd
pp7Pk8LBf6UNg
pvDqwNHwlV8YTjbciND1ghqJ
qC32zvqVQgg9x6M9ThSWEh9rTZQ
qMexEbr
qW41sUBCKVrfvtA9an6dacQAhaO7
qpZdu535p2WfUJvD2YdX4
qpdRkhKM15HdpIs9Qnuq8bcKwf
qxo5UuPwdRpehkhaJqQPtktMkuDX4L3L
qzwPe2owc2Ph8GYIoDVoUYoEiW
r779GQwj
r8nLEbl40T0hlHu1ceL
rqx6z34q8I
sB0OLdst
slSoYpeKLnxIKwoLtRd2KhOXnNYE9
suNaLwUtKODVG7pOl
t2pRwTG3GZJK9DFjtLZOmO64m9I
t4XZ6SdU0zzZx8gqcNZwNjgJCL
tFicXA9k8brm6wKjkuidwSusL1
tihrBYi7t0glpuWFCHk1GDlXtDOSeO
tooShsOkjLYjZben
tswGKzy82zDEX4ecxQ3xU3y
ttOCHLIIcxBg
u4wg5M4qjZ25BrDn6Zk8t
uHeyk76
ubtKHsDqigIfxxnw1eXoAryVzYw
v7Iwh0KqJr
vIQTR9utxqR5NdKFp0Zo9STWI9GZwY
vYhbvRCWLbq8V8xBdXUWmctEH6X81D
vbWCgYNMA
vt5Z7voFkDuUtVqUbww
vvwK0yDTu7rtydxOJhNg01Sc8W5Mv
wObJty0f0cXl7olTzgA2
wULhNlUE
wgzYvkY7FSNUwcz
wtM2jF6
x699jdyx
x6eZmJx2
x7FURHxvcpilhmMwM
xEl38D9HHm9
xHmXKl42ualqG4dPfCj7jIVkWrREZ3f
xJY04MoUcInMaUBIeR8Tg38dZv
xPKrgILN4UgiQKNnAEZGhPH8
xSA3reXWAvC70Kn9zW
xoelaeshg
xtTrm9bPJ3HvQCPD2B
xuI5YOjp9nnvVVjBbMg3JuNKpiPYoDM5
xylgAwhgtD4HL5wcAQ7IfTbeMnC9s
y3OQDjYXn
zqwR9yb
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 783KB - Virtual size: 783KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 411KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 92KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 172B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 904B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
PO202501B.exe.exe windows:6 windows x64 arch:x64
e8db4ac21fda256a31e6fbda49d9dc94
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
03:01Certificate
IssuerOU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=USNot Before16/11/2006, 01:54Not After16/11/2026, 01:54SubjectSERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
07:ff:9e:4e:18:62:cfCertificate
IssuerSERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=USNot Before02/06/2012, 14:14Not After29/05/2015, 16:45SubjectCN=BugSplat LLC,O=BugSplat LLC,L=Henniker,ST=NH,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
33:d7:77:2f:60:1b:ea:1b:70:6e:51:c0:ff:a2:c4:99:2f:08:7d:50Signer
Actual PE Digest33:d7:77:2f:60:1b:ea:1b:70:6e:51:c0:ff:a2:c4:99:2f:08:7d:50Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\www\src\BugSplat\bin64\BugSplatHD64.pdb
Imports
kernel32
GetCurrentDirectoryA
SetCurrentDirectoryA
UnmapViewOfFile
OpenProcess
CloseHandle
GetLastError
Sleep
GetCurrentThread
TerminateProcess
MapViewOfFile
WritePrivateProfileStringA
CreateProcessA
CreateFileW
ReadConsoleW
WriteConsoleW
SetStdHandle
OutputDebugStringW
LoadLibraryExW
CreateFileMappingA
GetFileInformationByHandle
CreateFileA
WideCharToMultiByte
GetACP
GetModuleFileNameA
GetFullPathNameA
GetFileAttributesA
FreeLibrary
GetTempPathA
LoadLibraryA
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
HeapFree
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
HeapAlloc
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
IsValidCodePage
GetOEMCP
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
AreFileApisANSI
DeleteFileW
HeapSize
GetStdHandle
GetFileType
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
FlushFileBuffers
user32
LoadStringA
SendMessageTimeoutA
GetWindowThreadProcessId
GetTopWindow
MessageBoxA
GetWindow
advapi32
OpenThreadToken
LookupPrivilegeValueA
AdjustTokenPrivileges
ImpersonateSelf
bugsplat64
??1MiniDmpSender@@UEAA@XZ
??0BugSplatImp@@QEAA@XZ
?SuspendAllThreadsInProcess@BugSplatImp@@QEAAXPEAX@Z
??0MiniDmpSender@@QEAA@PEBD000K@Z
?CreateMiniDump@BugSplatImp@@QEAAHPEAUHINSTANCE__@@KPEAXKPEAU_EXCEPTION_POINTERS@@PEBDPEADK@Z
psapi
GetModuleBaseNameA
shlwapi
PathAppendA
PathFileExistsA
Sections
.text Size: 124KB - Virtual size: 124KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 48KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
vcruntime140.dll.dll windows:6 windows x64 arch:x64
2cb5da5225e972a08f32d04b8085dc7e
Code Sign
33:00:00:01:20:f3:38:df:c7:9e:ae:32:ec:00:00:00:00:01:20Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/10/2018, 21:07Not After10/01/2020, 21:07SubjectCN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:2264-E33E-780C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ec:13:be:32:bd:96:8e:c9:a6:3a:bb:fe:39:c5:c7:f1:87:49:2c:bf:1f:f1:e1:cf:20:f6:c6:d4:c6:3d:f2:fdSigner
Actual PE Digestec:13:be:32:bd:96:8e:c9:a6:3a:bb:fe:39:c5:c7:f1:87:49:2c:bf:1f:f1:e1:cf:20:f6:c6:d4:c6:3d:f2:fdDigest Algorithmsha256PE Digest Matchestrue60:4b:77:c5:fd:0e:cc:62:0a:f4:be:c2:85:39:b6:25:a0:7b:19:71Signer
Actual PE Digest60:4b:77:c5:fd:0e:cc:62:0a:f4:be:c2:85:39:b6:25:a0:7b:19:71Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
abort
terminate
api-ms-win-crt-heap-l1-1-0
calloc
malloc
free
api-ms-win-crt-string-l1-1-0
strcpy_s
wcsncmp
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsprintf_s
api-ms-win-crt-convert-l1-1-0
atol
kernel32
GetLastError
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
GetModuleHandleW
GetModuleFileNameW
RtlUnwindEx
RtlUnwind
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcAddress
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
Exports
Exports
_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__intrinsic_setjmpex
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_get_purecall_handler
_get_unexpected
_is_exception_typeof
_local_unwind
_purecall
_set_purecall_handler
_set_se_translator
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr
Sections
.text Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
vcruntime140_1.dll.dll windows:6 windows x64 arch:x64
451bdabc0299e6b9dc317480ef12c3dc
Code Sign
33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
13:6b:39:d4:75:51:9f:0d:ef:8a:84:ee:ff:d7:a8:0d:10:41:16:92:87:33:5a:44:03:4f:8a:65:77:09:d8:17Signer
Actual PE Digest13:6b:39:d4:75:51:9f:0d:ef:8a:84:ee:ff:d7:a8:0d:10:41:16:92:87:33:5a:44:03:4f:8a:65:77:09:d8:17Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
abort
terminate
api-ms-win-crt-heap-l1-1-0
free
calloc
malloc
api-ms-win-crt-string-l1-1-0
strcpy_s
wcsncmp
vcruntime140
__processing_throw
__C_specific_handler
memmove
__current_exception
kernel32
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlUnwindEx
RtlLookupFunctionEntry
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
EncodePointer
RaiseException
RtlPcToFileHeader
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLastError
SetLastError
TlsAlloc
Exports
Exports
__CxxFrameHandler4
Sections
.text Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 272B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
vcruntime211.dll