tasklist[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

tasklist.exe
Size

104KB
MD5

d0a49a170e13d7f6aebbefed9df88aaa
SHA1

d61ffd641c2f6d45dadc26c02daeea8dabee8204
SHA256

be7241a74fe9a9d30e0631e41533a362b21c8f7aae3e5b6ad319cc15c024ec3f
SHA512

8fab3a6ed410c44e05f5cf13ad732be00a1d72db9a35124d385e1d7e3b081377b98b91715269bd858d3044d413dc7527e103c882a9bed9637f2b46f3247af9a9
SSDEEP

1536:yUI3KbhXflnknXNMT8ujZAJfLfkx4thxGU2Izjr5wiQ5PJAuhEaHxZGC:K3G9npXWDfkx4thxGiH5wdEaHxD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tasklist.exe

Files

tasklist.exe
.exe windows x64

4c8d21c644c980db3ff94e27bad14c18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegConnectRegistryW
RegCloseKey
LookupAccountSidW
OpenSCManagerW
EnumServicesStatusExW
CloseServiceHandle
RegQueryValueExW

kernel32

GetSystemDirectoryW
LoadLibraryW
GetProcAddress
GetCurrentProcess
CloseHandle
GetNumberFormatW
OpenProcess
GetLastError
HeapSetInformation
GetCurrentThreadId
WriteConsoleW
GetStdHandle
LocalAlloc
FormatMessageW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
SetLastError
GetModuleFileNameW
GetComputerNameExW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
ReadConsoleW
ReadFile
SetConsoleMode
MultiByteToWideChar
GetConsoleOutputCP
ExitProcess
CompareStringA
GetThreadLocale
CompareStringW
lstrlenA
GetConsoleMode
GetFileType
WideCharToMultiByte
VerSetConditionMask
SetThreadUILanguage
FileTimeToSystemTime
GetModuleHandleW
FreeLibrary
GetLocaleInfoW
GetTimeFormatW
QueryPerformanceCounter
LocalFree
Sleep
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
lstrlenW

msvcrt

memcpy
_CxxThrowException
__CxxFrameHandler3
wcschr
wcsstr
wcstok
fflush
fprintf
_get_osfhandle
_fileno
wcstoul
wcstol
wcstod
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
_wtoi64
_wcsicmp
_wcsdup
wcscpy_s
free
wcsrchr
__iob_func
_vsnwprintf
_memicmp
_errno
memset

user32

SetProcessWindowStation
EnumDesktopsW
wsprintfW
GetWindowTextW
IsHungAppWindow
GetWindow
GetWindowLongW
GetWindowThreadProcessId
OpenWindowStationW
EnumWindows
CloseDesktop
SetThreadDesktop
OpenDesktopW
CharUpperW
GetThreadDesktop
LoadStringW
EnumWindowStationsW
GetProcessWindowStation
FindWindowExW
CloseWindowStation

ntdll

NtQueryInformationProcess
RtlQueryPackageIdentity
RtlLookupFunctionEntry
RtlTimeToElapsedTimeFields
RtlVirtualUnwind
RtlCaptureContext
RtlNtStatusToDosError
RtlLargeIntegerToChar
RtlVerifyVersionInfo

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

mpr

WNetCancelConnection2W
WNetAddConnection2W
WNetGetLastErrorW

oleaut32

SysAllocStringByteLen
SysFreeString
VariantInit
VariantClear
VariantCopy
SysStringLen
SysAllocString
VariantChangeType

ws2_32

GetNameInfoW
GetAddrInfoW
WSAGetLastError
WSACleanup
WSAStartup
FreeAddrInfoW

framedynos

??0CHString@@QEAA@XZ
?Find@CHString@@QEBAHG@Z
?Format@CHString@@QEAAXPEBGZZ
?Compare@CHString@@QEBAHPEBG@Z
?Mid@CHString@@QEBA?AV1@H@Z
?Find@CHString@@QEBAHPEBG@Z
??4CHString@@QEAAAEBV0@PEBG@Z
?GetBuffer@CHString@@QEAAPEAGH@Z
??4CHString@@QEAAAEBV0@PEBD@Z
?Left@CHString@@QEBA?AV1@H@Z
??4CHString@@QEAAAEBV0@AEBV0@@Z
??YCHString@@QEAAAEBV0@PEBG@Z
??YCHString@@QEAAAEBV0@AEBV0@@Z
?FindOneOf@CHString@@QEBAHPEBG@Z
?ReleaseBuffer@CHString@@QEAAXH@Z
?Mid@CHString@@QEBA?AV1@HH@Z
??1CHString@@QEAA@XZ
?GetBufferSetLength@CHString@@QEAAPEAGH@Z
?GetData@CHString@@IEBAPEAUCHStringData@@XZ
?Empty@CHString@@QEAAXXZ

dbghelp

EnumerateLoadedModulesW64

shlwapi

StrChrIW
StrStrW
StrStrIW
StrChrW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

sspicli

GetUserNameExW

srvcli

NetServerGetInfo

netutils

NetApiBufferFree

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c8d21c644c980db3ff94e27bad14c18

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ntdll

version

mpr

oleaut32

ws2_32

framedynos

dbghelp

shlwapi

api-ms-win-core-com-l1-1-0

sspicli

srvcli

netutils

Sections

.text Size: 74KB - Virtual size: 73KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 48B

.text
Size: 74KB - Virtual size: 73KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 48B