Dolwin[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Dolwin.exe
Size

512KB
MD5

3368b60cc1f91fce131de3e936f394ef
SHA1

e3c9a1e91502d4a9b377a5a5a509639132045c63
SHA256

4c13b7196f733c40ed100e748bead62e2d43af5c09b814cbf3d5d6e8101a93bb
SHA512

55200435732cc0af0ea0881696d42ce02466d37544a0d71b3bf455764e0127b9c8236e5db1914e3a7e473bedcd221763bc0cf95c8becacad00f3dfd34ba1724c
SSDEEP

12288:+0eLtxV+n37L8kM230Mz69IsNQDXCNxmW9a/7lGXZ:7MyDXCU/7O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Dolwin.exe

Files

Dolwin.exe
.exe windows x86

5a6f76051fe9db8d066a1ab00f31c00a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_Create
ImageList_Remove
ImageList_Destroy
ImageList_Draw
ord6
PropertySheetA
ImageList_Add

winmm

PlaySoundA

kernel32

PeekConsoleInputA
WriteConsoleOutputA
SetConsoleCursorPosition
GetModuleHandleA
GetPrivateProfileSectionA
GetPrivateProfileStringA
WritePrivateProfileStringA
FindNextFileA
FindFirstFileA
LoadModule
CreateSemaphoreA
CreateMutexA
CreateDirectoryA
SetCurrentDirectoryA
GetModuleFileNameA
GetProcAddress
FreeLibrary
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
FindClose
FileTimeToSystemTime
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
SetEnvironmentVariableA
SetEndOfFile
GetLocaleInfoA
VirtualQuery
GetSystemInfo
VirtualProtect
GetCurrentThreadId
ReadConsoleInputA
GetStringTypeW
GetStringTypeA
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
RaiseException
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
FlushFileBuffers
GetCPInfo
GetOEMCP
GetACP
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
SetFilePointer
GetLastError
GetVersionExA
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
RtlUnwind
GetFullPathNameA
GetCurrentDirectoryA
GetDriveTypeA
GetCurrentProcess
TerminateProcess
ExitProcess
CompareStringW
HeapReAlloc
HeapAlloc
HeapFree
FreeConsole
AllocConsole
GetStdHandle
GetConsoleCursorInfo
GetConsoleMode
SetConsoleMode
SetConsoleWindowInfo
SetConsoleScreenBufferSize
SetConsoleTitleA
lstrcmpA
GetCurrentProcessId
GetTickCount
Sleep
CreateFileA
CreateNamedPipeA
WriteFile
ReadFile
DisconnectNamedPipe
CloseHandle
GetTimeZoneInformation
CompareStringA
HeapSize

user32

LoadAcceleratorsA
LoadMenuA
DefWindowProcA
PeekMessageA
DispatchMessageA
TranslateAcceleratorA
SendMessageA
LoadCursorA
SetCursor
RegisterClassA
GetDC
ReleaseDC
SetMenuItemInfoA
TranslateMessage
GetMessageA
AdjustWindowRect
GetMenu
DeleteMenu
AppendMenuA
DrawMenuBar
GetMenuItemCount
GetMenuStringA
GetDlgItemTextA
CreateWindowExA
GetClientRect
UpdateWindow
SetFocus
GetSubMenu
EnableMenuItem
GetCursorPos
TrackPopupMenu
FillRect
DrawIcon
DrawTextW
DrawTextA
MoveWindow
GetSysColor
IsWindow
SetWindowTextA
IsDlgButtonChecked
CheckRadioButton
GetDlgItem
EnableWindow
CheckDlgButton
MessageBoxA
DialogBoxParamA
EndDialog
SendDlgItemMessageA
CreateDialogParamA
DestroyWindow
ShowWindow
LoadIconA
GetParent
SetDlgItemTextA
PostMessageA
GetWindowRect
GetSystemMetrics
SetWindowPos
EnumWindows
GetClassNameA
GetWindowThreadProcessId
CheckMenuItem

gdi32

CreateCompatibleBitmap
SetBitmapBits
DeleteObject
CreateDIBSection
BitBlt
StretchBlt
GetDeviceCaps
CreateDCA
SetBkMode
SetTextColor
GetStockObject
SelectObject
DeleteDC
CreateCompatibleDC

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

shell32

DragFinish
DragAcceptFiles
SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
DragQueryFileA

Sections

.text
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a6f76051fe9db8d066a1ab00f31c00a

Headers

File Characteristics

Imports

comctl32

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 252KB - Virtual size: 251KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 144KB - Virtual size: 1.4MB

.rsrc Size: 44KB - Virtual size: 42KB

.text
Size: 252KB - Virtual size: 251KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 144KB - Virtual size: 1.4MB

.rsrc
Size: 44KB - Virtual size: 42KB