cleanmgr[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

cleanmgr.exe
Size

284KB
MD5

e104194adde3e0f65be2e39708ee6233
SHA1

41ea6d791b88d9c4d520306bc7ad28ae83aa668e
SHA256

bb275d566601cbe20ff378dbf4a3312dcd9ab923d6e0a3ee273774c2829f3b66
SHA512

9318f79aac69fc8b38b4738f5c95c513f23c211a9bfff4aac3c94cdf8637d788900d27c4ef978285bc6f183abdc1822d601bdfc632528f6de9b5503f16080460
SSDEEP

3072:exKuhW29s8VZinSWQDyg2j5pgkZyzIAEPGRvQhRkKqUa9antF5hvvJkuXpm:tSWQDynj59QzvE+ohSKq99UF5hvv/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cleanmgr.exe

Files

cleanmgr.exe
.exe windows x86

6534d04e7bf93e169722de4caa8b6ef9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

ExtTextOutW
GetLayout
SetBkMode
SetTextColor
SetBkColor
GetTextExtentPoint32W

user32

DestroyWindow
DialogBoxParamW
EndDialog
SetFocus
GetSysColor
DrawIconEx
DrawFocusRect
LoadIconW
PostMessageW
CreateDialogParamW
GetWindowTextW
SetForegroundWindow
DestroyIcon
EnableWindow
GetWindowLongW
GetSystemMetrics
GetClientRect
SetDlgItemTextW
GetParent
SendDlgItemMessageW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
EnumWindows
SetWindowLongW
GetDlgItem
SendMessageW
LoadStringW
ShowWindow
MessageBoxW

msvcrt

memcmp
_CIsqrt
memcpy_s
memmove_s
free
_vsnwprintf
_ftol2
realloc
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_i64toa_s
_wcsicmp
toupper
malloc
memset

comctl32

ImageList_Create
PropertySheetW
CreatePropertySheetPageW
ord345
ord17
ImageList_ReplaceIcon

shell32

SHGetFileInfoW
ord680
ExtractIconExW
ShellExecuteExW

shlwapi

StrCmpNW
StrCmpW
StrToIntW
StrStrIW
StrFormatByteSizeW
ord487
SHDeleteKeyW
PathStripToRootW
ord271

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
TerminateProcess
CreateThread
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW
FreeLibrary
GetModuleHandleW
GetProcAddress

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
SetEvent
OpenSemaphoreW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSemaphore
CreateEventW
CreateMutexExW
CreateSemaphoreExW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventUnregister

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoGetMalloc
CoInitializeEx
CoTaskMemAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount64
GetTickCount
GetWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceExW
GetVolumeInformationW
GetDriveTypeW
GetDiskFreeSpaceW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW
RegGetValueW
RegOpenKeyExW

oleaut32

VariantInit
SysStringLen
VariantClear

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

kernel32

CheckElevationEnabled
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
GetStartupInfoA
MulDiv
AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
CreateThreadpoolTimer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
lstrlenW

ntdll

RtlNtStatusToDosError
NtOpenThreadToken
NtClose
NtQueryInformationToken
NtOpenProcessToken
NtFsControlFile
NtCreateFile
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString

ole32

CoInitialize

vssapi

CreateVssBackupComponentsInternal
VssFreeSnapshotPropertiesInternal

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6534d04e7bf93e169722de4caa8b6ef9

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

msvcrt

comctl32

shell32

shlwapi

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-registry-l1-1-0

oleaut32

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-profile-l1-1-0

kernel32

ntdll

ole32

vssapi

api-ms-win-security-base-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

Sections

.text Size: 96KB - Virtual size: 95KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 175KB - Virtual size: 175KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 96KB - Virtual size: 95KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 175KB - Virtual size: 175KB

.reloc
Size: 4KB - Virtual size: 3KB