Dism[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Dism.exe
Size

286KB
MD5

f0eff25394a958f21190de12948ec41d
SHA1

f80f566771b81bd420cf76b68a811dea8e8d2834
SHA256

3d2a664c2bda9d6c7820934ad9bdb1225a9f78cb1a958d9344693175157d673c
SHA512

61fdd6dfba6053c247ce657af3b10f7bc87728027b6658faf6c272b142217032037da18a940bc67c4b2f7e386153c665a686540e9315aeefcabc6a4b5e9314c1
SSDEEP

3072:JqYCgHianhb6snlyFX3uS4pcbgYdZy+uqnr5RWvnBO91byqgdff+L95MRJoVrqk:jZ7n6b6cbgwy+3rvWu1bPgdff+L9k4rl

Score

1^/10

Malware Config

Signatures

Files

Dism.exe
.exe windows x64

7c692d2000e42b0d973739316249b6ae

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:d7:af:3d:48:10:4b:15:b0:69:c8:45:42:f3:99:19:30:ba:a2:21:60:4c:7c:e5:79:46:9e:ef:a0:3d:ee:4d
Signer

Actual PE Digest

2a:d7:af:3d:48:10:4b:15:b0:69:c8:45:42:f3:99:19:30:ba:a2:21:60:4c:7c:e5:79:46:9e:ef:a0:3d:ee:4d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

wcsstr
wcsncmp
_wcsnicmp
iswalpha
??0exception@@QEAA@XZ
towlower
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
wcscpy_s
wcsrchr
calloc
malloc
_purecall
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
free
_vsnwprintf
towupper
_getwch
vswprintf_s
_vscwprintf
_wcsicmp
_wcslwr_s
wcschr
wprintf
memmove_s
memcpy_s
__C_specific_handler
_onexit
_errno
realloc
memset
__CxxFrameHandler3
memcpy
memcmp
__RTDynamicCast
wcscmp

advapi32

RegisterTraceGuidsW
IsValidSecurityDescriptor
GetAclInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
IsValidSid
CopySid
GetLengthSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
EventUnregister
EventRegister
EventWriteTransfer
EventActivityIdControl
UnregisterTraceGuids
InitiateSystemShutdownExW
OpenProcessToken
LookupPrivilegeValueW
TraceEvent

kernel32

WaitForSingleObject
ReadFile
SetFilePointer
SearchPathW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
DeviceIoControl
SetFileAttributesW
CopyFileExW
GetFinalPathNameByHandleW
GetDriveTypeW
GetVersionExW
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
FreeLibrary
InitializeCriticalSection
EnterCriticalSection
SetEvent
LeaveCriticalSection
GetLastError
CloseHandle
SetThreadUILanguage
SetErrorMode
SetConsoleCtrlHandler
OutputDebugStringW
GetCommandLineW
HeapFree
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceExW
Sleep
GetCurrentProcess
DeleteCriticalSection
RaiseException
GetCurrentThreadId
CompareStringW
GetStdHandle
HeapAlloc
WriteConsoleW
LocalAlloc
WideCharToMultiByte
WriteFile
LocalFree
GetFileType
GetConsoleMode
GetModuleFileNameW
IsWow64Process
FormatMessageW
GetFileAttributesW
SetLastError
CreateFileW
GetSystemInfo
HeapSize
HeapReAlloc
HeapDestroy
MultiByteToWideChar
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryExW

ole32

CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoCreateInstance

user32

CharLowerBuffW

oleaut32

SysStringByteLen
GetErrorInfo
SysAllocStringByteLen
LoadTypeLi
VarBstrCmp
LoadRegTypeLi
SysStringLen
VariantClear
SysAllocString
SysFreeString
SysAllocStringLen

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

ntdll

RtlGetVersion
RtlNtStatusToDosError
RtlFreeHeap
RtlAllocateHeap
NtSetInformationFile

Sections

.text
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c692d2000e42b0d973739316249b6ae

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

2a:d7:af:3d:48:10:4b:15:b0:69:c8:45:42:f3:99:19:30:ba:a2:21:60:4c:7c:e5:79:46:9e:ef:a0:3d:ee:4dSigner

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

ole32

user32

oleaut32

version

ntdll

Sections

.text Size: 146KB - Virtual size: 146KB

.rdata Size: 85KB - Virtual size: 84KB

.data Size: 7KB - Virtual size: 9KB

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 1024B - Virtual size: 656B

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

2a:d7:af:3d:48:10:4b:15:b0:69:c8:45:42:f3:99:19:30:ba:a2:21:60:4c:7c:e5:79:46:9e:ef:a0:3d:ee:4d
Signer

.text
Size: 146KB - Virtual size: 146KB

.rdata
Size: 85KB - Virtual size: 84KB

.data
Size: 7KB - Virtual size: 9KB

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 1024B - Virtual size: 656B