DismHost[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

DismHost.exe
Size

142KB
MD5

e5d5e9c1f65b8ec7aa5b7f1b1acdd731
SHA1

dbb14dcda6502ab1d23a7c77d405dafbcbeb439e
SHA256

e30508e2088bc16b2a84233ced64995f738deaef2366ac6c86b35c93bbcd9d80
SHA512

7cf80d4a16c5dbbf61fcb22ebe30cf78ca42a030b7d7b4ad017f28fba2c9b111e8cf5b3064621453a44869bbaed124d6fb1e8d2c8fe8202f1e47579d874fa4bc
SSDEEP

1536:16iNEP0SZpv0aVyo0rbRmiUwhjgPp9X6E79KfmeCUhNs4+Au0ceacoM1f/TnbsnG:1rEME0FgH6ERKf3/lb/Rw2siUuaqR

Score

N/A

Malware Config

Signatures

Files

DismHost.exe
.exe windows x64

1b31d5bf56f31446dc3caf847a3d3456

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:30

Not After

03-03-2021 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:24:ff:3d:79:1a:d2:2d:1d:3f:8a:48:49:6b:1d:b1:1d:d8:37:c7:64:86:e1:52:b6:46:04:c0:02:ae:3f:24
Signer

Actual PE Digest

76:24:ff:3d:79:1a:d2:2d:1d:3f:8a:48:49:6b:1d:b1:1d:d8:37:c7:64:86:e1:52:b6:46:04:c0:02:ae:3f:24

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

24-11-2022 14:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

??0exception@@QEAA@AEBQEBDH@Z
_wcsicmp
wcscpy_s
_beginthreadex
wcsstr
wcsrchr
__C_specific_handler
calloc
memmove_s
malloc
memcpy_s
_purecall
free
fgetws
_wfopen
wcstok_s
fclose
iswctype
toupper
strrchr
_vsnprintf
??1exception@@UEAA@XZ
__getmainargs
?what@exception@@UEBAPEBDXZ
exit
_exit
_cexit
__CxxFrameHandler3
_ismbblead
__setusermatherr
_initterm
_acmdln
_fmode
_commode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_wtoi
towlower
wcschr
_wcsnicmp
_vsnwprintf
_vscprintf
vsprintf_s
vswprintf_s
_vscwprintf
swscanf_s
_callnewh
??0exception@@QEAA@AEBV0@@Z
_CxxThrowException
_XcptFilter
_amsg_exit
__set_app_type
_lock
_unlock
__dllonexit
_onexit
feof
memmove
memcpy
memcmp
memset

advapi32

RegOpenKeyExW
EventWriteTransfer
EventRegister
EventProviderEnabled
EventUnregister
EqualSid
AddAccessAllowedAce
OpenThreadToken
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
IsValidSecurityDescriptor
GetAclInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
MakeAbsoluteSD
GetLengthSid
CopySid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorControl

kernel32

SetLastError
GetCurrentThread
GetLastError
CreateEventExW
CloseHandle
WaitForSingleObjectEx
SetErrorMode
GetCommandLineW
InitializeCriticalSection
SetThreadUILanguage
SetEvent
EnterCriticalSection
LeaveCriticalSection
OpenEventW
WaitForMultipleObjectsEx
ExitProcess
DeleteCriticalSection
OutputDebugStringW
GetModuleFileNameW
RaiseException
GetCurrentThreadId
GetModuleHandleW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
GetEnvironmentVariableW
MultiByteToWideChar
WideCharToMultiByte
Sleep
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetVersionExW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
TlsSetValue
TlsAlloc
DeviceIoControl
FreeLibrary
FlushFileBuffers
IsDebuggerPresent
GetWindowsDirectoryW
GetFileSizeEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LocalAlloc
DebugBreak
CreateFileMappingA
DeleteFileW
DeleteFileA
CreateFileA
GetVersion
ReleaseMutex
CreateMutexA
CreateMutexW
SetFilePointer
WriteFile
GetModuleFileNameA
VirtualQuery
FormatMessageA
TlsFree
TlsGetValue
GetFileSize
GetLocalTime
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
CreateFileW
FormatMessageW
FindResourceExW
LoadResource
LocalFree
LoadLibraryExW
GetProcAddress
GetTempFileNameW
WaitForSingleObject
GetModuleHandleExW
SearchPathW

ole32

CoRevokeClassObject
CoCreateInstance
CLSIDFromString
CoRegisterClassObject
CoTaskMemFree
ProgIDFromCLSID
CoUninitialize
CoRegisterPSClsid
CoInitializeEx
CoInitializeSecurity

user32

LoadStringW

oleaut32

SysFreeString
SysAllocString
SysStringLen
LoadRegTypeLi
LoadTypeLi
CreateErrorInfo
SetErrorInfo
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlGetVersion
RtlNtStatusToDosError

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b31d5bf56f31446dc3caf847a3d3456

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

76:24:ff:3d:79:1a:d2:2d:1d:3f:8a:48:49:6b:1d:b1:1d:d8:37:c7:64:86:e1:52:b6:46:04:c0:02:ae:3f:24Signer

Signature Validations

Verification

24-11-2022 14:54 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

ole32

user32

oleaut32

ntdll

Sections

.text Size: 84KB - Virtual size: 84KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 468B

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

76:24:ff:3d:79:1a:d2:2d:1d:3f:8a:48:49:6b:1d:b1:1d:d8:37:c7:64:86:e1:52:b6:46:04:c0:02:ae:3f:24
Signer

24-11-2022 14:54
Valid: false

.text
Size: 84KB - Virtual size: 84KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 468B