Dism[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Dism.exe
Size

222KB
MD5

bb80f38ca9cf8223a52963895201eff0
SHA1

4cc8c64f9cd93ca1c1c5cd93e94711fec4ec1a08
SHA256

1ed94ad45c296cec81bfe9b48da467e6ec6e21a6c5a21a2ff3e398146f7d48a9
SHA512

d2dff3e40a81f14f843803e7200703031b1afe38018d70d6078fd5664275cea46aa4ade37c3ffd602aadac707e2bda167f3210cdf905a42adb5b4866ee31f146
SSDEEP

3072:i75uF5WefCmKWgjJv2xM1D0O0ryf0J8qOzr+4KiWtuo0aWXnr149BZ:2wF5nKi3CD0TyfW8qiKuWtuomryjZ

Score

1^/10

Malware Config

Signatures

Files

Dism.exe
.exe windows x86

bba5fa3ad9393573f80b611c29fb1405

Code Sign

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bc
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/08/2015, 17:15

Not After

18/11/2016, 17:15

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:62:43:d1:ef:60:14:d7:73:fd:2e:07:85:20:cf:64:30:b2:d7:cc:81:27:06:1a:86:67:53:24:70:ca:f3:18
Signer

Actual PE Digest

8d:62:43:d1:ef:60:14:d7:73:fd:2e:07:85:20:cf:64:30:b2:d7:cc:81:27:06:1a:86:67:53:24:70:ca:f3:18

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

_unlock
_lock
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
wcsstr
iswalpha
_wcsnicmp
towlower
memcpy_s
__dllonexit
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
realloc
_amsg_exit
_controlfp
__p__commode
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QAE@XZ
wcscpy_s
_onexit
__CxxFrameHandler3
__setusermatherr
memset
wcsrchr
calloc
malloc
_purecall
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
free
_vsnwprintf
towupper
_getwch
vswprintf_s
_vscwprintf
_wcsicmp
_except_handler4_common
_wcslwr_s
wcschr
wprintf
memmove_s
_errno
memcmp
_ftol2
__RTDynamicCast
memcpy

api-ms-win-downlevel-advapi32-l1-1-1

EventRegister
IsValidSecurityDescriptor
InitializeAcl
AddAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetSidLengthRequired
GetLengthSid
EventWriteTransfer
EventActivityIdControl
TraceEvent
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
GetAclInformation
RegOpenKeyExW
InitializeSid
RegisterTraceGuidsW
GetTraceEnableLevel
GetSidSubAuthority
GetTraceEnableFlags
GetTraceLoggerHandle
IsValidSid
CopySid
EventUnregister
UnregisterTraceGuids

api-ms-win-downlevel-kernel32-l1-1-0

SetConsoleCtrlHandler
GetLastError
OutputDebugStringW
GetCommandLineW
HeapFree
GetProcessHeap
SetErrorMode
LockResource
LoadResource
FindResourceExW
Sleep
SetThreadUILanguage
LeaveCriticalSection
SetEvent
SizeofResource
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
RaiseException
GetCurrentThreadId
FreeLibrary
CompareStringW
SetFilePointer
GetStdHandle
HeapAlloc
WriteConsoleW
ReadFile
WideCharToMultiByte
WriteFile
GetFileType
GetConsoleMode
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetVersionExW
CloseHandle
SearchPathW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
DeviceIoControl
SetFileAttributesW
CopyFileExW
IsWow64Process
FormatMessageW
GetFileAttributesW
SetLastError
CreateFileW
WaitForSingleObject
GetSystemInfo
HeapSize
HeapReAlloc
HeapDestroy
MultiByteToWideChar
LoadLibraryExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
GetDriveTypeW
GetCurrentProcess
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
FindClose
GetFileInformationByHandle
FindFirstFileW
FindNextFileW

api-ms-win-downlevel-advapi32-l4-1-0

InitiateSystemShutdownExW
LookupPrivilegeValueW

api-ms-win-downlevel-ole32-l1-1-1

GetErrorInfo
CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoInitializeEx

api-ms-win-downlevel-kernel32-l2-1-0

LocalFree
LocalAlloc

api-ms-win-downlevel-user32-l1-1-1

CharLowerBuffW

oleaut32

SysFreeString
VariantClear
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VarBstrCmp
SysAllocString

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

ntdll

RtlNtStatusToDosError
RtlGetVersion
RtlFreeHeap
RtlAllocateHeap
NtSetInformationFile

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bba5fa3ad9393573f80b611c29fb1405

Code Sign

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bcCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

8d:62:43:d1:ef:60:14:d7:73:fd:2e:07:85:20:cf:64:30:b2:d7:cc:81:27:06:1a:86:67:53:24:70:ca:f3:18Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-downlevel-advapi32-l1-1-1

api-ms-win-downlevel-kernel32-l1-1-0

api-ms-win-downlevel-advapi32-l4-1-0

api-ms-win-downlevel-ole32-l1-1-1

api-ms-win-downlevel-kernel32-l2-1-0

api-ms-win-downlevel-user32-l1-1-1

oleaut32

api-ms-win-downlevel-version-l1-1-0

ntdll

Sections

.text Size: 160KB - Virtual size: 159KB

.data Size: 6KB - Virtual size: 7KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 31KB - Virtual size: 30KB

.reloc Size: 11KB - Virtual size: 10KB

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bc
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

8d:62:43:d1:ef:60:14:d7:73:fd:2e:07:85:20:cf:64:30:b2:d7:cc:81:27:06:1a:86:67:53:24:70:ca:f3:18
Signer

.text
Size: 160KB - Virtual size: 159KB

.data
Size: 6KB - Virtual size: 7KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 31KB - Virtual size: 30KB

.reloc
Size: 11KB - Virtual size: 10KB