Static task
static1
General
-
Target
DMW.exe
-
Size
4.5MB
-
MD5
4fdc93ffec72ea12055d12cac81991b1
-
SHA1
687735da740e54bc889dae28f2caadfcdfa59356
-
SHA256
133241c0cb2a439c8185d10b3bda7cab6c40302b9cc2cad20b5fc62da4511a03
-
SHA512
62078f409aaa9b74aa4b605d07c5daaf80aa08b7d6c2b70930e5387c54cc81838bb13d697df88c9f43f136c0e1ea2217e7d738f7588ac6b77ee803a92d0c61e6
-
SSDEEP
98304:CpRWrWRPWAjuaMd9BeXNrbPVeMVri5h+ijv:coCUZaMLY1ZeM4Bv
Malware Config
Signatures
Files
-
DMW.exe.exe windows x86
3b2db3b601c0e0b4c0bec702dfad0576
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
CryptAcquireContextA
CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptEnumProvidersW
CryptExportKey
CryptGenRandom
CryptGetHashParam
CryptGetProvParam
CryptGetUserKey
CryptHashData
CryptImportKey
CryptReleaseContext
CryptSetHashParam
CryptSignHashW
DeregisterEventSource
GetTokenInformation
OpenProcessToken
RegisterEventSourceW
ReportEventW
kernel32
CloseHandle
ConvertFiberToThread
CreateDirectoryW
CreateEventW
CreateMutexW
DecodePointer
DeleteCriticalSection
DeleteFiber
EncodePointer
EnterCriticalSection
ExpandEnvironmentStringsA
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FormatMessageA
FreeLibrary
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableW
GetExitCodeThread
GetFileAttributesW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount64
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LockResource
MultiByteToWideChar
OpenMutexW
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleA
ReadConsoleW
ReadFile
RemoveDirectoryW
ResetEvent
SetConsoleMode
SetEvent
SetLastError
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepEx
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoA
WaitForMultipleObjects
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
user32
BeginPaint
CreateWindowExW
DefWindowProcW
DispatchMessageW
EndPaint
EnumDisplaySettingsW
FindWindowW
FlashWindowEx
GetCursorPos
GetDC
GetKeyState
GetMessagePos
GetMessageW
GetProcessWindowStation
GetSystemMetrics
GetUserObjectInformationW
GetWindowLongW
GetWindowRect
InvalidateRect
KillTimer
LoadAcceleratorsW
LoadCursorW
LoadIconW
LoadStringW
MessageBoxA
MessageBoxW
PostQuitMessage
RegisterClassExW
ReleaseDC
ScreenToClient
SendMessageW
SetCursor
SetForegroundWindow
SetTimer
SetWindowLongW
SetWindowRgn
ShowWindow
TranslateAcceleratorW
TranslateMessage
UpdateWindow
gdi32
CreateRectRgn
GetDeviceCaps
GetStockObject
shell32
ShellExecuteExW
ShellExecuteW
ole32
CoInitialize
CreateStreamOnHGlobal
gdiplus
GdipAlloc
GdipCloneBrush
GdipCloneFontFamily
GdipCloneImage
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateCachedBitmap
GdipCreateFont
GdipCreateFromHDC
GdipCreatePen1
GdipCreateSolidFill
GdipCreateStringFormat
GdipDeleteBrush
GdipDeleteCachedBitmap
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeletePen
GdipDeletePrivateFontCollection
GdipDeleteStringFormat
GdipDisposeImage
GdipDrawCachedBitmap
GdipDrawImageRectI
GdipDrawLineI
GdipDrawRectangle
GdipDrawString
GdipFillPolygon
GdipFillRectangle
GdipFillRectangleI
GdipFree
GdipGetFontCollectionFamilyList
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImageWidth
GdipNewPrivateFontCollection
GdipPrivateAddMemoryFont
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdiplusShutdown
GdiplusStartup
ws2_32
WSACleanup
WSAGetLastError
WSAIoctl
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket
crypt32
CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
wldap32
ord301
ord22
ord32
ord26
ord30
ord35
ord143
ord200
ord41
ord33
ord27
ord50
ord211
ord60
ord46
ord79
normaliz
IdnToAscii
bcrypt
BCryptGenRandom
vcruntime140
_CxxThrowException
__CxxFrameHandler3
__current_exception
__current_exception_context
__std_exception_copy
__std_exception_destroy
__std_terminate
__uncaught_exception
_except_handler4_common
_purecall
memchr
memcmp
memcpy
memmove
memset
strchr
strrchr
strstr
wcsstr
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
___lc_locale_name_func
___mb_cur_max_func
__pctype_func
_configthreadlocale
_lock_locales
_unlock_locales
localeconv
setlocale
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
__p__commode
__stdio_common_vfprintf
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
_close
_fileno
_fseeki64
_get_stream_buffer_pointers
_lseeki64
_open
_read
_set_fmode
_setmode
_wfopen
_wfopen_s
_wfsopen
_wopen
_write
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fputc
fputs
fread
fseek
fsetpos
ftell
fwrite
rewind
setvbuf
ungetc
api-ms-win-crt-math-l1-1-0
__setusermatherr
frexp
api-ms-win-crt-string-l1-1-0
__strncnt
_strdup
_stricmp
_strnicmp
_wcsdup
isalnum
isalpha
isdigit
isgraph
islower
isprint
isspace
isupper
isxdigit
strcmp
strcspn
strlen
strncmp
strncpy
strpbrk
strspn
tolower
toupper
wcscmp
wcslen
wcsnlen
api-ms-win-crt-runtime-l1-1-0
__sys_nerr
_beginthreadex
_c_exit
_cexit
_configure_wide_argv
_controlfp_s
_crt_atexit
_errno
_exit
_get_wide_winmain_command_line
_getpid
_initialize_onexit_table
_initialize_wide_environment
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
abort
exit
raise
signal
strerror
strerror_s
terminate
api-ms-win-crt-heap-l1-1-0
_callnewh
_set_new_mode
calloc
free
malloc
realloc
api-ms-win-crt-time-l1-1-0
_ftime64_s
_gmtime64
_gmtime64_s
_time64
api-ms-win-crt-filesystem-l1-1-0
_fstat64
_lock_file
_stat64
_stat64i32
_unlock_file
_wremove
_wrename
_wsplitpath_s
api-ms-win-crt-convert-l1-1-0
atoi
strtol
strtoll
strtoul
wcstombs
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-utility-l1-1-0
qsort
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 439KB - Virtual size: 439KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2.6MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 61KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ