Dism[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Dism.exe
Size

184KB
MD5

2aa8479f5a2e6615349a7c608136eb00
SHA1

d0c80799a249429746bfac43fb71e8ef24089da6
SHA256

cfad9419ac9f96b31d2d27addfde6c34f5c2746c714ce502770d3ec7076028a3
SHA512

4ed1b758d6ca286aa6b3b49d1953b6f293d79492f2a122a80b55dd9c7786e4795fd9cb24bc3c1722cab9180003636f84cbefb1ddc041b22958eee5f03283017b
SSDEEP

3072:p75GF5vcLONvxGijbHpIgWn38V11XGnwo6DtyaPpXEfhoOa3Qnr:1AF50LOV0i/WsH1XaETpXEfho0r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Dism.exe

Files

Dism.exe
.exe windows x86

0cf6d55b4df1e59affb77994838d2fc6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

_unlock
_lock
??1type_info@@UAE@XZ
wcsstr
_wcsnicmp
?terminate@@YAXXZ
__dllonexit
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_onexit
__CxxFrameHandler3
_amsg_exit
__p__commode
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QAE@XZ
_errno
realloc
_except_handler4_common
memset
wcsrchr
calloc
malloc
_purecall
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
free
_vsnwprintf
towupper
_getwch
vswprintf_s
_vscwprintf
_controlfp
_wcslwr_s
_wcsicmp
wcschr
wprintf
memmove_s
memcpy_s
_initterm
memcmp
_ftol2
__RTDynamicCast
memcpy

api-ms-win-downlevel-kernel32-l1-1-0

OutputDebugStringW
GetCommandLineW
HeapFree
GetProcessHeap
SizeofResource
SetThreadUILanguage
LoadResource
FindResourceExW
Sleep
SetConsoleCtrlHandler
CloseHandle
GetCurrentProcess
LockResource
GetLastError
LeaveCriticalSection
SetEvent
DeleteCriticalSection
RaiseException
EnterCriticalSection
SetErrorMode
CompareStringW
InitializeCriticalSection
GetStdHandle
HeapAlloc
WriteConsoleW
WideCharToMultiByte
WriteFile
GetFileType
GetConsoleMode
GetModuleFileNameW
GetProcAddress
GetVersionExW
GetModuleHandleW
SearchPathW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
IsWow64Process
FormatMessageW
GetFileAttributesW
SetLastError
CreateFileW
GetSystemInfo
HeapDestroy
HeapReAlloc
HeapSize
MultiByteToWideChar
LoadLibraryExW
FreeLibrary
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetModuleHandleExW
GetDriveTypeW
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
GetCurrentThreadId
GetTempFileNameW
GetFullPathNameW
ReadFile
SetFilePointer

api-ms-win-downlevel-advapi32-l1-1-1

GetLengthSid
IsValidSecurityDescriptor
GetAclInformation
AddAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetTraceEnableLevel
RegisterTraceGuidsW
TraceEvent
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
InitializeAcl
RegOpenKeyExW
IsValidSid
GetTraceEnableFlags
CopySid
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-downlevel-advapi32-l4-1-0

InitiateSystemShutdownExW
LookupPrivilegeValueW

api-ms-win-downlevel-ole32-l1-1-1

CoInitializeEx
GetErrorInfo
CoInitializeSecurity
CoCreateInstance
CoUninitialize

api-ms-win-downlevel-kernel32-l2-1-0

LocalFree
LocalAlloc

api-ms-win-downlevel-user32-l1-1-1

CharLowerBuffW

oleaut32

SysAllocString
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VarBstrCmp
VariantClear

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

ntdll

RtlNtStatusToDosError
RtlGetVersion
RtlAllocateHeap
RtlFreeHeap

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cf6d55b4df1e59affb77994838d2fc6

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-downlevel-kernel32-l1-1-0

api-ms-win-downlevel-advapi32-l1-1-1

api-ms-win-downlevel-advapi32-l4-1-0

api-ms-win-downlevel-ole32-l1-1-1

api-ms-win-downlevel-kernel32-l2-1-0

api-ms-win-downlevel-user32-l1-1-1

oleaut32

api-ms-win-downlevel-version-l1-1-0

ntdll

Sections

.text Size: 128KB - Virtual size: 127KB

.data Size: 6KB - Virtual size: 7KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 29KB - Virtual size: 29KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 128KB - Virtual size: 127KB

.data
Size: 6KB - Virtual size: 7KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 14KB - Virtual size: 14KB