02e8a01d6f45a8ee3044d82279d5fb28
Summary
| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2021-Sep-22 18:20:43 |
| Detected languages |
English - United States
|
| Debug artifacts |
W:\Work2\Common\CrashRpt_v.1.4.3_r1645\x64\Release\CrashSender1403.pdb
|
| FileDescription | Crash Report Delivery Module |
| FileVersion | 1.4.0.3 |
| InternalName | CrashSender |
| LegalCopyright | Copyright 2003-2013 The CrashRpt Project Authors |
| OriginalFilename | CrashSender.exe |
| ProductName | CrashRpt |
| ProductVersion | 1.4.0.3 |
Plugin Output
| Info | Matching compiler(s): | MASM/TASM - sig1(h) |
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Info | The PE is digitally signed. |
Signer: FLASH-INTEGRO LLC
Issuer: Sectigo Public Code Signing CA R36 |
| Safe | VirusTotal score: 0/72 (Scanned on 2022-11-18 08:34:51) | All the AVs think this file is safe. |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x120 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 6 |
| TimeDateStamp | 2021-Sep-22 18:20:43 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Image Optional Header
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0xb5c00 |
| SizeOfInitializedData | 0x5b800 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x00000000000B1F88 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x140000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x114000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x11975b |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.pdata
.rsrc
.reloc
Imports
| PSAPI.DLL |
GetProcessMemoryInfo
|
|---|---|
| WS2_32.dll |
htonl
connect closesocket htons inet_addr inet_ntoa send socket gethostbyaddr gethostbyname getservbyport getservbyname WSAStartup WSACleanup WSASetLastError WSAGetLastError ntohs recv |
| DNSAPI.dll |
DnsQuery_W
DnsFree |
| WININET.dll |
InternetSetOptionW
HttpOpenRequestW HttpSendRequestExW HttpEndRequestW HttpQueryInfoW InternetQueryOptionW InternetOpenW InternetWriteFile InternetReadFile InternetConnectW InternetCloseHandle |
| RPCRT4.dll |
UuidToStringA
RpcStringFreeA |
| GDI32.dll |
CreateHalftonePalette
TextOutW SetViewportOrgEx CreateDCW GetDIBits GetObjectW GetDIBColorTable CreateDIBSection SetStretchBltMode StretchBlt SetDIBits SelectPalette SelectClipRgn SetLayout CreateCompatibleBitmap CreateCompatibleDC CreateFontIndirectW RealizePalette DeleteDC DeleteObject GetStockObject SelectObject SetBkMode SetTextColor CreatePen Polygon CreateSolidBrush SetBkColor BitBlt CreateFontW CreatePalette CreateRectRgn |
| SHELL32.dll |
Shell_NotifyIconW
SHGetFileInfoW ExtractIconW ShellExecuteW CommandLineToArgvW SHGetSpecialFolderPathW SHFileOperationW |
| COMDLG32.dll |
GetSaveFileNameW
GetOpenFileNameW |
| VERSION.dll |
VerQueryValueW
GetFileVersionInfoW GetFileVersionInfoSizeW |
| KERNEL32.dll |
Sleep
GlobalUnlock GlobalLock GetSystemDirectoryA LoadLibraryA GetTimeZoneInformation VirtualFree VirtualAlloc FlushInstructionCache IsDebuggerPresent EncodePointer HeapAlloc LoadLibraryExA InitializeCriticalSection Process32NextW HeapFree RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter GetProcessHeap InitializeSListHead InterlockedPopEntrySList IsProcessorFeaturePresent GetStartupInfoW QueryPerformanceCounter InterlockedPushEntrySList CloseHandle GetSystemInfo CreateFileMappingW OpenFileMappingW MapViewOfFile UnmapViewOfFile lstrlenW CreateDirectoryW GetFileAttributesW GetFileAttributesExW GetTempFileNameW GetTempPathW DebugBreak OutputDebugStringW GetLastError FreeLibrary GetModuleFileNameW GetModuleHandleW GetProcAddress LoadLibraryW GlobalAlloc GlobalFree FormatMessageW lstrlenA GetPrivateProfileStringW WritePrivateProfileStringW SystemTimeToTzSpecificLocalTime SystemTimeToFileTime MultiByteToWideChar EnterCriticalSection LeaveCriticalSection InitializeCriticalSectionAndSpinCount DeleteCriticalSection SetEvent ResetEvent WaitForSingleObject CreateEventW WideCharToMultiByte CreateFileW FindClose FindFirstFileW FindNextFileW GetFileSizeEx GetFullPathNameW SetLastError GetProcessTimes OpenProcess GetSystemTime ReadProcessMemory CopyFileW FileTimeToSystemTime GetCommandLineW DecodePointer RaiseException GetCurrentThreadId LoadLibraryExW LoadResource SizeofResource FindResourceW MulDiv lstrcmpW lstrcmpiW CompareStringW GetVersionExW GetFileInformationByHandle ReadFile WriteFile CreateMutexW GetCurrentProcess GetCurrentProcessId TerminateProcess GetExitCodeProcess CreateThread CreateProcessW CreateToolhelp32Snapshot Process32FirstW GetSystemTimeAsFileTime |
| USER32.dll |
CallWindowProcW
UnregisterClassW CreateWindowExW IsWindow DestroyWindow ShowWindow SetWindowPos IsWindowVisible CreateDialogParamW GetDlgItem GetDlgCtrlID SetFocus GetFocus GetKeyState GetCapture SetCapture ReleaseCapture IsWindowEnabled DrawTextW UpdateWindow ReleaseDC BeginPaint EndPaint InvalidateRect RedrawWindow GetWindowTextW GetWindowTextLengthW SetCursor GetCursorPos ScreenToClient GetSysColor GetSysColorBrush DrawFocusRect FillRect SetRectEmpty OffsetRect PtInRect GetWindowLongPtrW SetWindowLongPtrW GetDesktopWindow GetParent GetClassNameW LoadCursorW DestroyIcon LoadImageW SystemParametersInfoW EndDialog GetActiveWindow SendMessageW DestroyMenu EnableMenuItem GetSubMenu DeleteMenu TrackPopupMenu GetClientRect SetWindowTextW CheckMenuRadioItem MonitorFromPoint MonitorFromWindow GetMonitorInfoW PostQuitMessage FlashWindow DialogBoxParamW EnableWindow GetMenu DrawIcon DrawTextExW AdjustWindowRectEx MessageBoxW CopyRect LoadIconW GetIconInfo IsDialogMessageW PostMessageW SetProcessDefaultLayout CharUpperW SetTimer KillTimer DrawTextExA SetScrollInfo GetScrollInfo AnimateWindow OpenClipboard CloseClipboard SetClipboardData EmptyClipboard GetSystemMetrics IntersectRect EnumWindows GetWindowThreadProcessId EnumDisplayMonitors GetCursorInfo PeekMessageW GetDC CharNextW MoveWindow LoadStringW SetMenuItemInfoW DispatchMessageW TranslateMessage GetMessageW DefWindowProcW GetGuiResources GetWindow SetWindowLongW GetWindowLongW MapWindowPoints LoadMenuW GetWindowRect |
| ADVAPI32.dll |
RegCloseKey
RegDeleteValueW RegEnumKeyExW RegQueryInfoKeyW RegSetValueExW OpenProcessToken AdjustTokenPrivileges LookupPrivilegeValueW RegEnumValueW RegDeleteKeyW RegCreateKeyExW RegQueryValueExW RegOpenKeyExW |
| ole32.dll |
CoCreateGuid
CoUninitialize CoTaskMemAlloc CoInitialize CoTaskMemFree CoTaskMemRealloc CoCreateInstance |
| OLEAUT32.dll |
SysFreeString
VarUI4FromStr VarDateFromStr VarR8FromStr VarDecCmp VarDecFromStr VarI4FromStr |
| COMCTL32.dll |
ImageList_ReplaceIcon
ImageList_Create ImageList_Remove InitCommonControlsEx _TrackMouseEvent |
| MSVCP140.dll |
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z |
| VCRUNTIME140.dll |
memchr
__std_type_info_destroy_list __intrinsic_setjmp __current_exception_context __current_exception __C_specific_handler longjmp strchr __std_terminate _purecall memcmp wcsstr wcsrchr wcschr memmove _CxxThrowException __std_exception_destroy __std_exception_copy memset memcpy |
| VCRUNTIME140_1.dll |
__CxxFrameHandler4
|
| api-ms-win-crt-runtime-l1-1-0.dll |
_execute_onexit_table
_errno _invalid_parameter_noinfo terminate _register_thread_local_exe_atexit_callback _crt_at_quick_exit _c_exit _crt_atexit _seh_filter_dll _configure_narrow_argv _exit _initialize_narrow_environment _initterm_e _initialize_onexit_table _set_app_type abort _seh_filter_exe _invalid_parameter_noinfo_noreturn exit _register_onexit_function _configure_wide_argv _initterm _get_wide_winmain_command_line _initialize_wide_environment _cexit |
| api-ms-win-crt-string-l1-1-0.dll |
iswdigit
wcscpy_s strncpy isspace strncmp isalpha tolower wcstok_s toupper wcscmp wcscspn wcslen strcat_s strcpy_s isdigit wcsncmp wcspbrk strlen strncpy_s _wcsicmp strcpy isalnum wcsncpy_s strcmp iswspace |
| api-ms-win-crt-heap-l1-1-0.dll |
_recalloc
malloc free calloc _callnewh realloc _set_new_mode |
| api-ms-win-crt-convert-l1-1-0.dll |
_wtoi
atoi _wtol atof strtoul strtod |
| api-ms-win-crt-environment-l1-1-0.dll |
getenv
_wdupenv_s |
| api-ms-win-crt-stdio-l1-1-0.dll |
__acrt_iob_func
__stdio_common_vsprintf fflush __stdio_common_vsnprintf_s fseek fopen_s ferror fputc ftell _set_fmode __p__commode tmpfile rewind fopen _wfopen _ftelli64 _fseeki64 __stdio_common_vsprintf_s fwrite fread feof __stdio_common_vfwprintf __stdio_common_vfprintf fclose _wfopen_s __stdio_common_vswprintf_s __stdio_common_vsscanf |
| api-ms-win-crt-time-l1-1-0.dll |
_localtime64_s
_gmtime64_s strftime _time64 _gmtime64 wcsftime |
| api-ms-win-crt-filesystem-l1-1-0.dll |
_wstat64i32
|
| api-ms-win-crt-utility-l1-1-0.dll |
rand
srand labs qsort abs |
| api-ms-win-crt-math-l1-1-0.dll |
pow
fabs ceil __setusermatherr ceilf |
| api-ms-win-crt-locale-l1-1-0.dll |
_configthreadlocale
|
Delayed Imports
1
2
3
4
5
6
214
211
212
213
215
216
217
9
63
3585
3601
3603
3604
3605
3606
3825
3826
3838
128
128 (#2)
218
1 (#2)
1 (#3)
String Table contents
| CrashSender |
| Name |
| Description |
| Type |
| Size |
| Crash Dump |
| Crash Log |
| Symbol File |
| Ready |
| Create a new document |
| New |
| Open an existing document |
| Open |
| Close the active document |
| Close |
| Save the active document |
| Save |
| Save the active document with a new name |
| Save As |
| Change the printing options |
| Page Setup |
| Change the printer and printing options |
| Print Setup |
| Print the active document |
| Display full pages |
| Print Preview |
| {\bnsi\bnsicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Microsoft Sans Serif;}} |
| {\*\generator Msftedit 5.41.15.1503;}\viewkind4\uc1\pard\f0\fs30 %s has stopped working} |
| Please enter a valid E-mail address. For example, name@hotmail.com. |
| Zip Files (*.zip) |
| Content-Type: Multipart/form-data; boundary=%s |
| -----------------7d31389b0426 |
| Erase the selection |
| Erase |
| Erase everything |
| Erase All |
| Copy the selection and put it on the Clipboard |
| Copy |
| Cut the selection and put it on the Clipboard |
| Cut |
| Find the specified text |
| Find |
| Insert Clipboard contents |
| Paste |
| Repeat the last action |
| Repeat |
| Replace specific text with different text |
| Replace |
| Select the entire document |
| Select All |
| Undo the last action |
| Undo |
| Redo the previously undone action |
| Redo |
| Open another window for the active document |
| New Window |
| Arrange icons at the bottom of the window |
| Arrange Icons |
| Arrange windows so they overlap |
| Cascade Windows |
| Arrange windows as non-overlapping tiles |
| Tile Windows |
| Arrange windows as non-overlapping tiles |
| Tile Windows |
| Split the active window into panes |
| Split |
| Display program information, version number and copyright |
| About |
| Quit the application; prompts to save documents |
| Exit |
| Switch to the next window pane |
| Next Pane |
| Switch back to the previous window pane |
| Previous Pane |
| Change the window size |
| Change the window position |
| Reduce the window to an icon |
| Enlarge the window to full size |
| Switch to the next document window |
| Switch to the previous document window |
| Close the active window and prompts to save the documents |
| Restore the window to normal size |
| Activate Task List |
| Activate this window |
| Open this document |
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 1.4.0.3 |
| ProductVersion | 1.4.0.3 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_DLL
|
| Language | English - United States |
| FileDescription | Crash Report Delivery Module |
| FileVersion (#2) | 1.4.0.3 |
| InternalName | CrashSender |
| LegalCopyright | Copyright 2003-2013 The CrashRpt Project Authors |
| OriginalFilename | CrashSender.exe |
| ProductName | CrashRpt |
| ProductVersion (#2) | 1.4.0.3 |
| Resource LangID | English - United States |
|---|
IMAGE_DEBUG_TYPE_CODEVIEW
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2021-Sep-22 18:20:43 |
| Version | 0.0 |
| SizeofData | 95 |
| AddressOfRawData | 0xdf2bc |
| PointerToRawData | 0xde2bc |
| Referenced File | W:\Work2\Common\CrashRpt_v.1.4.3_r1645\x64\Release\CrashSender1403.pdb |
IMAGE_DEBUG_TYPE_VC_FEATURE
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2021-Sep-22 18:20:43 |
| Version | 0.0 |
| SizeofData | 20 |
| AddressOfRawData | 0xdf31c |
| PointerToRawData | 0xde31c |
IMAGE_DEBUG_TYPE_POGO
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2021-Sep-22 18:20:43 |
| Version | 0.0 |
| SizeofData | 904 |
| AddressOfRawData | 0xdf330 |
| PointerToRawData | 0xde330 |
TLS Callbacks
Load Configuration
| Size | 0x138 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x1400f10c8 |
RICH Header
| XOR Key | 0x655f6721 |
|---|---|
| Unmarked objects | 0 |
| Imports (VS2008 SP1 build 30729) | 22 |
| 253 (28518) | 1 |
| C objects (30034) | 10 |
| ASM objects (30034) | 4 |
| Imports (30034) | 6 |
| C++ objects (30034) | 36 |
| C objects (27412) | 1 |
| Imports (27412) | 31 |
| Total imports | 457 |
| C objects (LTCG) (VS2019 Update 11 (16.11.0-3) compiler 30133) | 96 |
| C++ objects (VS2019 Update 11 (16.11.0-3) compiler 30133) | 20 |
| Resource objects (VS2019 Update 11 (16.11.0-3) compiler 30133) | 1 |
| 151 | 1 |
| Linker (VS2019 Update 11 (16.11.0-3) compiler 30133) | 1 |