poolmon[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

poolmon.exe
Size

48KB
MD5

80a1f432130bbb4e5e6b9efa57a33d4b
SHA1

3d629b3a37ce940c7806230fd0f868948563d93d
SHA256

e8d53e677facde47c6b1085953fa178595d1cfcf131d8d5cd14d01a1ce45d94e
SHA512

e842b1c1ba488cad029bee54d91806a2c11ad7bdaea560a6c7de9e8ae989e9a23434671952c2b8f11417fee76bdaed6f42423afee080f4e8e05f1c49b9edf84f
SSDEEP

384:3ffzI1c45EMNiUdwwWHaQABLkAijdkg6eWbqM6giuZ6zw5/8Sp10NU3PwvkYVNu4:3f7oc45EMgUHiGLkAijObqCt8Y3ofS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
poolmon.exe

Files

poolmon.exe
.exe windows x64

970052eb537cf268b4d3756f05ee86d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
SetPriorityClass
SetConsoleActiveScreenBuffer
GetCurrentProcess
SetConsoleScreenBufferSize
GetStdHandle
SetConsoleMode
WriteConsoleOutputCharacterA
CreateConsoleScreenBuffer
lstrlenA
WaitForSingleObject
GetConsoleMode
GetLastError
CreateFileA
ReadConsoleInputA
CloseHandle
FillConsoleOutputAttribute
GetPriorityClass
Beep
GetFileSize
ExitProcess
SetConsoleCursorPosition
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW

msvcrt

qsort
fprintf
_strnicmp
tolower
_snprintf_s
_fileno
strncmp
printf
free
atoi
isspace
isdigit
islower
malloc
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
memcpy
isupper
strncpy_s
fclose
_filelength
fopen
toupper
strncat_s
exit
puts
fgets
memset

ntdll

RtlCaptureContext
NtQuerySystemInformation
RtlLookupFunctionEntry
RtlVirtualUnwind

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

970052eb537cf268b4d3756f05ee86d4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 444B

.rsrc Size: 4KB - Virtual size: 984B

.reloc Size: 4KB - Virtual size: 108B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 444B

.rsrc
Size: 4KB - Virtual size: 984B

.reloc
Size: 4KB - Virtual size: 108B