ApplySettingsTemplateCatalog[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ApplySettingsTemplateCatalog.exe
Size

1.1MB
MD5

f06e90419488ca0310c55681a6e81738
SHA1

a94e94d96e9bb006492b85c238cdaa93e2585774
SHA256

66d8bc3f6f0b5c57eeddcf3c9df701100613423b15e6a06d0f35cc7e002337ca
SHA512

a2800b0dbb86baf4413702b3e6ab4857f9c86460ec814dd2a8d7cff952d1176385482769391e70aa2d49258f3982ff4da14801e1a409221964279ef74844fa4c
SSDEEP

24576:E6lP3kQsKv5FSZw9BBb5zqfjv1NETP0LrMPrJ9f9Jcsq/nG6zaQVE9yMU1:E65xsc4wHBN+f71ZE97

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ApplySettingsTemplateCatalog.exe

Files

ApplySettingsTemplateCatalog.exe
.exe windows x64

1575278b212aeb557747c4f050f7dd68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
EventSetInformation
EventRegister
EventWriteTransfer
RegDeleteKeyExW
RegEnumKeyExW
EventUnregister
RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegOpenKeyExW
RegGetValueW
RegSetValueExW
GetTokenInformation
EqualSid
CreateWellKnownSid
GetNamedSecurityInfoW
RegEnumValueW
RegQueryValueExW
RegSetKeyValueW
RegDeleteTreeW

kernel32

LocalAlloc
GetProcessMitigationPolicy
GetModuleFileNameW
lstrlenA
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TlsGetValue
TlsAlloc
TlsSetValue
ResetEvent
OpenEventA
FormatMessageA
AreFileApisANSI
GetCurrentDirectoryW
DeviceIoControl
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetFileTime
SystemTimeToFileTime
GetFileSize
DeleteFileW
SetEvent
SetFileAttributesW
GetComputerNameExW
GetFileAttributesW
CreateFileW
ExpandEnvironmentStringsW
WriteFile
CreateEventA
ReadFile
IsDebuggerPresent
DebugBreak
GetProcessHeap
CreateMutexExW
GetProcAddress
GetLocalTime
HeapAlloc
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
ReleaseMutex
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
ProcessIdToSessionId
LocalUnlock
LocalFree
HeapSetInformation
CloseHandle
GetLastError
FormatMessageW
GetCurrentProcess
LocalLock
FreeLibrary
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
EncodePointer
DecodePointer
InitializeCriticalSectionEx
GetLocaleInfoW
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
TerminateProcess
GetModuleFileNameA

msvcrt

exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
isdigit
isalnum
memcmp
___lc_collate_cp_func
memchr
tolower
isspace
_Strftime
_Gettnames
__mb_cur_max
_Wcsftime
_W_Gettnames
_W_Getmonths
_W_Getdays
_Getmonths
_Getdays
memcpy_s
_free_locale
_get_current_locale
__crtLCMapStringA
__crtLCMapStringW
__crtCompareStringA
__crtCompareStringW
??8type_info@@QEBAHAEBV0@@Z
_wcsdup
localeconv
strcspn
sprintf_s
ldexp
realloc
abort
islower
memset
_ismbblead
___mb_cur_max_func
calloc
___lc_codepage_func
___lc_handle_func
isupper
__pctype_func
setlocale
_unlock
_lock
_errno
_cexit
fputc
fflush
fclose
fgetc
fwrite
swprintf_s
_vsnprintf_s
wcscmp
setvbuf
ungetc
fsetpos
_fseeki64
_wcsicmp
ldiv
?name@type_info@@QEBAPEBDXZ
_stricmp
strerror
__uncaught_exception
fseek
_wfsopen
__setusermatherr
_initterm
__C_specific_handler
_wcmdln
_fmode
_commode
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
__CxxFrameHandler3
memmove
memcpy
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@XZ
_callnewh
malloc
free
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
_wtoi
strchr
time
_wcsnicmp
mbstowcs_s
wprintf
??_V@YAXPEAX@Z
_exit
_vsnwprintf
fgetpos

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocString
VariantClear

ole32

OleRun
CoTaskMemFree
CLSIDFromString
CoUninitialize
CoInitializeEx
CoCreateInstance
CLSIDFromProgID

shell32

SHGetKnownFolderPath

activeds

ord3

Sections

.text
Size: 765KB - Virtual size: 765KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1575278b212aeb557747c4f050f7dd68

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

oleaut32

ole32

shell32

activeds

Sections

.text Size: 765KB - Virtual size: 765KB

.rdata Size: 272KB - Virtual size: 272KB

.data Size: 28KB - Virtual size: 35KB

.pdata Size: 29KB - Virtual size: 29KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 765KB - Virtual size: 765KB

.rdata
Size: 272KB - Virtual size: 272KB

.data
Size: 28KB - Virtual size: 35KB

.pdata
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB