Dism[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Dism.exe
Size

207KB
MD5

b6a37c8c64dc87031293357f06da1a7f
SHA1

a06147b003a4f8530944a77164499a82563b7a75
SHA256

c0551cbb37772545f50b00bde96b83d16f35ef146cf44cea124beda934d53300
SHA512

9927d9cd1827e1939548ab6a5e812a8a8063ea3550880ff7f14e96e94acf3fba5fe5c20f8fdb358b1a4eed6ea5c41f0030e6d966d306907c6b0cc94fd0208ed5
SSDEEP

6144:uqF5Zd6KaPKJxphyQtQVlmMMWfhovr2V:FGCFMu1Mho6V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Dism.exe

Files

Dism.exe
.exe windows x86

c32889e572eef3a734161be8e976fe00

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

_unlock
_lock
??1type_info@@UAE@XZ
wcsstr
iswalpha
_wcsnicmp
towlower
__dllonexit
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_onexit
__CxxFrameHandler3
_amsg_exit
__p__commode
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QAE@XZ
wcscpy_s
_errno
realloc
_except_handler4_common
memset
wcsrchr
calloc
malloc
_purecall
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
free
_vsnwprintf
towupper
_getwch
vswprintf_s
_vscwprintf
_controlfp
_wcslwr_s
_wcsicmp
wcschr
wprintf
memmove_s
memcpy_s
?terminate@@YAXXZ
memcmp
_ftol2
__RTDynamicCast
memcpy

api-ms-win-downlevel-kernel32-l1-1-0

OutputDebugStringW
GetCommandLineW
HeapFree
GetProcessHeap
SizeofResource
SetThreadUILanguage
LoadResource
FindResourceExW
Sleep
SetConsoleCtrlHandler
CloseHandle
GetCurrentProcess
LockResource
GetLastError
LeaveCriticalSection
SetEvent
DeleteCriticalSection
RaiseException
EnterCriticalSection
SetErrorMode
CompareStringW
InitializeCriticalSection
GetStdHandle
HeapAlloc
WriteConsoleW
WideCharToMultiByte
WriteFile
GetFileType
GetConsoleMode
GetModuleFileNameW
GetProcAddress
GetVersionExW
GetModuleHandleW
SearchPathW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
FindFirstFileW
CopyFileExW
FindClose
DeviceIoControl
FindNextFileW
IsWow64Process
FormatMessageW
GetFileAttributesW
SetLastError
CreateFileW
WaitForSingleObject
GetSystemInfo
HeapDestroy
HeapReAlloc
HeapSize
MultiByteToWideChar
LoadLibraryExW
FreeLibrary
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetModuleHandleExW
SetFileAttributesW
GetDriveTypeW
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
GetCurrentThreadId
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
ReadFile
SetFilePointer

api-ms-win-downlevel-advapi32-l1-1-1

GetLengthSid
IsValidSecurityDescriptor
GetAclInformation
AddAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetTraceEnableLevel
RegisterTraceGuidsW
TraceEvent
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
InitializeAcl
RegOpenKeyExW
IsValidSid
GetTraceEnableFlags
CopySid
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-downlevel-advapi32-l4-1-0

InitiateSystemShutdownExW
LookupPrivilegeValueW

api-ms-win-downlevel-ole32-l1-1-1

GetErrorInfo
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize

api-ms-win-downlevel-kernel32-l2-1-0

LocalFree
LocalAlloc

api-ms-win-downlevel-user32-l1-1-1

CharLowerBuffW

oleaut32

SysAllocString
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VarBstrCmp
VariantClear

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

ntdll

RtlNtStatusToDosError
RtlGetVersion
RtlAllocateHeap
RtlFreeHeap
NtSetInformationFile

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c32889e572eef3a734161be8e976fe00

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-downlevel-kernel32-l1-1-0

api-ms-win-downlevel-advapi32-l1-1-1

api-ms-win-downlevel-advapi32-l4-1-0

api-ms-win-downlevel-ole32-l1-1-1

api-ms-win-downlevel-kernel32-l2-1-0

api-ms-win-downlevel-user32-l1-1-1

oleaut32

api-ms-win-downlevel-version-l1-1-0

ntdll

Sections

.text Size: 148KB - Virtual size: 147KB

.data Size: 6KB - Virtual size: 7KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 31KB - Virtual size: 30KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 148KB - Virtual size: 147KB

.data
Size: 6KB - Virtual size: 7KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 31KB - Virtual size: 30KB

.reloc
Size: 15KB - Virtual size: 15KB