Incident Response

Risk Assessment

Remote Access
Reads terminal service related keys (often RDP related)
Fingerprint
Reads the active computer name
Spreading
Opens the MountPointManager (often used to detect additional infection locations)

Platform Intelligence

Submission Context

Associated URLs
http://ftp.zedz.net/vir/Trojan.Win32.CrashSystem

Indicators

Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

  • Suspicious Indicators 8

  • Anti-Reverse Engineering
    • PE file has unusual entropy sections
      details
      0859706
      0850015
      6949393
      .data with unusual entropies 7.5574672932
      7.60618900431
      7.57687986067
      7.69216008572
      source
      Static Parser
      relevance
      10/10
  • Unusual Characteristics
  • Hiding 5 Suspicious Indicators
    • All indicators are available only in the private webservice or standalone version
  • Informative 4

  • Installation/Persistance
    • Connects to LPC ports
      details
      "<Input Sample>" connecting to "\ThemeApiPort"
      source
      API Call
      relevance
      1/10
    • Touches files in the Windows directory
      details
      "<Input Sample>" touched file "%WINDIR%\Start Menu\Programs\Startup\taskman.exe"
      "<Input Sample>" touched file "%WINDIR%\Globalization\Sorting\sortdefault.nls"
      "<Input Sample>" touched file "%WINDIR%\system32\en-US\SETUPAPI.dll.mui"
      "<Input Sample>" touched file "%WINDIR%\tracert.exe"
      source
      API Call
      relevance
      7/10
  • System Security
  • Unusual Characteristics

File Details

All Details:
On Off

Trojan.Win32.CrashSystem

Filename
Trojan.Win32.CrashSystem
Size
7.5KiB (7680 bytes)
Type
peexe
Description
PE32 executable (GUI) Intel 80386, for MS Windows
Architecture
32 Bit
SHA256
12473d778b6ccb75ae98fccfc1231b37d59120fb55194f25142288f5c2b594acCopy SHA256 to clipboard
MD5
6098c7ffa4b4fdb369b9ef94e84ebbb3Copy MD5 to clipboard
SHA1
75bcec30e46dbbc5aebc9c15b71cab33214cd48bCopy SHA1 to clipboard
SHA512
53d112e0f634f56b91928f900bce35dd1586e94a6845a0b7562fffcd7229c92d24c946430896fd95f7855f3847b29c69d76c37c3d4b4373ffe1e6a1cc4a47b56Copy SHA512 to clipboard
ssdeep
192:TrRLkyufijBKgFHoxvesbvgFR6cZoiWI9MGX71:T9L9JHArMFRZZ+GMUCopy ssdeep to clipboard
imphash
500ff1538958cc73738bf0c262a1773fCopy imphash to clipboard
authentihash
b966d798065eafbe25c602fcbc9510509df5339fb526f9ed1804daad93a15b8cCopy authentihash to clipboard
Compiler/Packer
tElock v0.71b2

Resources

Icon
Sample Icon

Visualization

Input File (PortEx)
PE Visualization

File Sections

File Imports

GetModuleHandleA
GetProcAddress
MessageBoxA

Screenshots


Hybrid Analysis

Tip: Click an analysed process below to view more details.

Analysed 1 process in total (System Resource Monitor).

Network Analysis

DNS Requests

No relevant DNS requests were made.

Contacted Hosts

No relevant hosts were contacted.

HTTP Traffic

No relevant HTTP requests were made.

Extracted Strings

!This program cannot be run in DOS mode.$
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
%s\Start Menu\Programs\Startup\%s
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe , 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
%s\tracert.exe
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe , 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
.data
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
0850015
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
0859706
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
6949393
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
\Sessions\1\Windows\ApiPort
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
\ThemeApiPort
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
`\??\Volume{8177f4e4-b53f-11e4-a9c2-806e6f6e6963}
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
`\??\Volume{8177f4e5-b53f-11e4-a9c2-806e6f6e6963}
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
`siy[!ahh^
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
AlwaysShowExt
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
Attributes
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
AutoCheckSelect
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
BrowseInPlace
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
C:\Trojan.Win32.CrashSystem.exe
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe , 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
C:\Windows
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe , 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
%WINDIR%\Start Menu\Programs\Startup\taskman.exe
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe , 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
%WINDIR%\tracert.exe
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe , 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
CallForAttributes
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
CEIPEnable
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
ComputerName
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
CopyFileBufferedSynchronousIo
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
CWDIllegalInDLLSearch
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
DevicePath
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
Disable
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
DisableMetaFiles
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
DisableUserModeCallbackFilter
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
DocObject
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
DontPrettyPath
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
DriveMask
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
en-US
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
Filter
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
Generation
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
GetModuleHandleA
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
GetProcAddress
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
HasNavigationEnum
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
Hidden
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
HideFileExt
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
HideFolderVerbs
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
HideIcons
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
HideInWebView
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
HideOnDesktopPerUser
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
IconsOnly
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
IsShortcut
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
kernel32.dll
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe , 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
KERNEL32.DLL
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
LoadAppInit_DLLs
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
MachinePreferredUILanguages
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
MapNetDriveVerbs
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
MapNetDrvBtn
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
MaximizeApps
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
MaxRpcSize
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
MessageBoxA
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
NeverShowExt
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
NoFileFolderJunction
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
NoNetCrawling
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
OOBEInProgress
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
PageAllocatorSystemHeapIsPrivate
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
PageAllocatorUseSystemHeap
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
PinToNameSpaceTree
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
PreferExternalManifest
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
PreferredUILanguages
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
QueryForInfoTip
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
QueryForOverlay
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
RegisterServiceProcess
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe , 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
RestrictedAttributes
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
SafeDllSearchMode
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
SeparateProcess
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
ShellState
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
ShowCompColor
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
ShowInfoTip
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
ShowSuperHidden
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
ShowTypeOverlay
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
SourcePath
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
SYSTEM
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
SystemSetupInProgress
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
taskman.exe
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe , 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
ThemeApiConnectionRequest
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
tracert.exe
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
TransparentEnabled
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
TSAppCompat
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
TSUserEnabled
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
UseDropHandler
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
USER32.DLL
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
WantsAliasedNotifications
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
WantsFORDISPLAY
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
WantsFORPARSING
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
WantsParseDisplayName
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
WantsUniversalDelegate
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
WebView
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
Windows
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
{20D04FE0-3AEA-1069-A2D8-08002B30309D}
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
!This program cannot be run in DOS mode.$
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
%s\Start Menu\Programs\Startup\%s
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe, 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
%s\tracert.exe
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe, 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
\Sessions\1\Windows\ApiPort
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe)
\ThemeApiPort
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe)
`\??\Volume{8177f4e4-b53f-11e4-a9c2-806e6f6e6963}
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe)
`\??\Volume{8177f4e5-b53f-11e4-a9c2-806e6f6e6963}
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe)
`siy[!ahh^
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
C:\Trojan.Win32.CrashSystem.exe
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe, 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
C:\Windows
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe, 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
%WINDIR%\Start Menu\Programs\Startup\taskman.exe
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe, 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
%WINDIR%\tracert.exe
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe, 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
GetProcAddress
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
RegisterServiceProcess
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe, 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
taskman.exe
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe, 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
tracert.exe
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe)
{20D04FE0-3AEA-1069-A2D8-08002B30309D}
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe)
%s\Start Menu\Programs\Startup\%s
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe , 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
%s\tracert.exe
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe , 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
\Sessions\1\Windows\ApiPort
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
\ThemeApiPort
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
`\??\Volume{8177f4e4-b53f-11e4-a9c2-806e6f6e6963}
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
`\??\Volume{8177f4e5-b53f-11e4-a9c2-806e6f6e6963}
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
AlwaysShowExt
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
Attributes
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
AutoCheckSelect
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
BrowseInPlace
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
C:\Trojan.Win32.CrashSystem.exe
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe , 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
C:\Windows
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe , 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
%WINDIR%\Start Menu\Programs\Startup\taskman.exe
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe , 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
%WINDIR%\tracert.exe
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe , 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
CallForAttributes
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
CEIPEnable
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
ComputerName
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
CopyFileBufferedSynchronousIo
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
CWDIllegalInDLLSearch
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
DevicePath
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
Disable
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
DisableMetaFiles
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
DisableUserModeCallbackFilter
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
DocObject
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
DontPrettyPath
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
DriveMask
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
en-US
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
Filter
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
Generation
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
HasNavigationEnum
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
Hidden
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
HideFileExt
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
HideFolderVerbs
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
HideIcons
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
HideInWebView
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
HideOnDesktopPerUser
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
IconsOnly
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
IsShortcut
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
kernel32.dll
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe , 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
LoadAppInit_DLLs
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
MachinePreferredUILanguages
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
MapNetDriveVerbs
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
MapNetDrvBtn
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
MaximizeApps
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
MaxRpcSize
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
NeverShowExt
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
NoFileFolderJunction
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
NoNetCrawling
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
OOBEInProgress
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
PageAllocatorSystemHeapIsPrivate
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
PageAllocatorUseSystemHeap
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
PinToNameSpaceTree
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
PreferExternalManifest
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
PreferredUILanguages
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
QueryForInfoTip
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
QueryForOverlay
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
RegisterServiceProcess
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe , 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
RestrictedAttributes
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
SafeDllSearchMode
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
SeparateProcess
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
ShellState
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
ShowCompColor
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
ShowInfoTip
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
ShowSuperHidden
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
ShowTypeOverlay
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
SourcePath
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
SYSTEM
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
SystemSetupInProgress
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
taskman.exe
Ansi based on Hybrid Analysis (Trojan.Win32.CrashSystem.exe , 00014036-00002728.00000002.20531.00400000.00000004.mdmp)
ThemeApiConnectionRequest
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
tracert.exe
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
TransparentEnabled
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
TSAppCompat
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
TSUserEnabled
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
UseDropHandler
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
WantsAliasedNotifications
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
WantsFORDISPLAY
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
WantsFORPARSING
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
WantsParseDisplayName
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
WantsUniversalDelegate
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
WebView
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
Windows
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
{20D04FE0-3AEA-1069-A2D8-08002B30309D}
Unicode based on Runtime Data (Trojan.Win32.CrashSystem.exe )
!This program cannot be run in DOS mode.$
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
.data
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
0850015
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
0859706
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
6949393
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
`siy[!ahh^
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
GetModuleHandleA
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
GetProcAddress
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
KERNEL32.DLL
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
MessageBoxA
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)
USER32.DLL
Ansi based on Memory/File Scan (Trojan.Win32.CrashSystem.exe.bin)

Extracted Files

No significant files were extracted.

Notifications

  • Runtime

  • Not all sources for signature ID "api-55" are available in the report

Community

Mpgyi