TSTheme[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TSTheme.exe
Size

46KB
MD5

bcfbded6a81c7119089e1454997f44c3
SHA1

a49a0cf948155bd866d88253da3e443086d2977a
SHA256

b220104b36a01f1202efe45beaeec3227927dcdaf364239cff90724430b2bca0
SHA512

2ea9c45ab610163c78d07ff54f3278cceeb59dac92435619ed49481d0d9c7b011a82af1daec71577f941a506486e81ba318e4e1235064855247efa61921f3102
SSDEEP

768:PMoZrjHpb3tbZ5+2cSi+/pC6S9nJg+jfoghjjoiSi6nfkunHdofjaEObi:PMcrjHlgd+/peg+Loghjanfksdofjax

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TSTheme.exe

Files

TSTheme.exe
.exe windows x86

dd58c6ec7d8409dcbc491678b5b70212

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
OpenProcessToken
RegQueryValueExW
RegDeleteKeyW
RegOpenCurrentUser

kernel32

SetEvent
WaitForSingleObject
CloseHandle
CreateEventW
CreateThread
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineW
GetCurrentThreadId
Sleep
LocalFree
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
GetCurrentProcess
OutputDebugStringA
QueryPerformanceCounter
GetModuleHandleA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
RaiseException
lstrcmpiW
GetModuleHandleW
LoadLibraryExW
GetProcAddress
GetLastError
FreeLibrary
EnterCriticalSection
GetSystemTimeAsFileTime
GetTickCount
LocalAlloc
GetCurrentProcessId
GetExitCodeThread
ProcessIdToSessionId
LoadLibraryW

user32

UnregisterClassA
CharNextW
UpdatePerUserSystemParameters
DispatchMessageW
GetMessageW
PostThreadMessageW

msvcrt

__set_app_type
__wgetmainargs
_amsg_exit
_exit
_cexit
__p__fmode
_vsnwprintf
__CxxFrameHandler3
_except_handler4_common
_controlfp
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
__p__commode
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
memset
_vsnprintf
_purecall
wcscat_s
wcscpy_s
memcpy_s
free
malloc
wcsncpy_s
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
exit
memcmp

ole32

CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarUI4FromStr
UnRegisterTypeLi
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
LoadRegTypeLi
SysFreeString

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd58c6ec7d8409dcbc491678b5b70212

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ole32

oleaut32

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 2KB