dcgpofix[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

dcgpofix.exe
Size

50KB
MD5

c951e39472f23c24f3276a07f5deb437
SHA1

965c60463667d32c88f30aeb7f3731a6adc4c978
SHA256

fd33a9577819dd4c2d908deff12a03bbf6967b69bff32ee2e7e52053375d0f7a
SHA512

44e385bce7ab5a59269a717beef245e76cdfbfded2aaee51cac7fb6d0c72059fc7ea69fac8c0e6b0d2b22c6455d3504f5c00afc0b54becf237332e175827842d
SSDEEP

768:qayOlU2RpgAXlnL6eipnNBD/3/7A89d/rTP7rPBIij:J+2gulOeCnNVP/7A89xrTj7BIij

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcgpofix.exe

Files

dcgpofix.exe
.exe windows x86

b5500331caf7036be2a13007077a0bb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
CheckTokenMembership
SetThreadToken
OpenProcessToken
RegEnumKeyExW
GetSecurityDescriptorOwner
DuplicateTokenEx
SetNamedSecurityInfoW
GetSecurityDescriptorGroup
RegQueryInfoKeyW
RegCloseKey
GetSecurityDescriptorDacl
AdjustTokenPrivileges
GetSecurityDescriptorSacl
OpenThreadToken
ConvertStringSidToSidW
RegQueryValueExW

kernel32

SetConsoleTextAttribute
FindNextFileW
GetCurrentProcess
GetConsoleOutputCP
ReadFile
WriteFile
RemoveDirectoryW
SetThreadUILanguage
SetEndOfFile
FindClose
LocalAlloc
CreateFileW
SetFileAttributesW
GetConsoleScreenBufferInfo
FormatMessageW
GetLastError
GetCurrentThread
DeleteFileW
CloseHandle
RaiseException
HeapSetInformation
GetWindowsDirectoryW
WriteConsoleW
LocalFree
GetFileSize
GetModuleHandleW
CompareStringW
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateDirectoryW
FindFirstFileW
GetStdHandle

msvcrt

_exit
__set_app_type
__wgetmainargs
??3@YAXPAX@Z
_amsg_exit
__p__commode
_cexit
_XcptFilter
__p__fmode
__setusermatherr
memmove
_initterm
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
memcpy
__CxxFrameHandler3
_controlfp
_except_handler4_common
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
exit
__iob_func
??_V@YAXPAX@Z
_vsnwprintf
fclose
_purecall
_callnewh
malloc
_wsetlocale
_wfopen
fgetwc
iswdigit
_ultow
wprintf_s

oleaut32

VariantInit
SysAllocString
VariantClear
VariantChangeType
SysFreeString

srvcli

NetShareGetInfo

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

api-ms-win-core-com-l1-1-0

CoCreateInstance
CLSIDFromString
CoUninitialize
CoInitializeEx

logoncli

DsGetDcNameW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

netutils

NetApiBufferFree

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
AcquireSRWLockExclusive
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
LeaveCriticalSection

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-security-base-l1-1-0

InitializeAcl
GetLengthSid
AddAuditAccessObjectAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAccessAllowedAceEx
GetAce
AddAccessAllowedObjectAce
CopySid

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

activeds

ord3
ord9

ntdsapi

DsFreeNameResultW
DsCrackNamesW

scecli

SceOpenProfile
SceDcPromoCreateGPOsInSysvol
SceGetSecurityProfileInfo
SceWriteSecurityProfileInfo
SceCloseProfile
SceFreeProfileMemory

user32

MessageBeep

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5500331caf7036be2a13007077a0bb2

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

oleaut32

srvcli

dsrole

api-ms-win-core-com-l1-1-0

logoncli

api-ms-win-core-libraryloader-l1-2-0

netutils

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-security-sddl-l1-1-0

activeds

ntdsapi

scecli

user32

Sections

.text Size: 38KB - Virtual size: 37KB

.data Size: 512B - Virtual size: 3KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 38KB - Virtual size: 37KB

.data
Size: 512B - Virtual size: 3KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB