ApplySettingsTemplateCatalog[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ApplySettingsTemplateCatalog.exe
Size

1.1MB
MD5

90dde506a0e86e03c0a52d80a9d1e36b
SHA1

b7bc7fa9d74b5dcbfaab5f26cb685ff87252244f
SHA256

9b259673b54169971e8807535e9d2965c88ac036a4787b80d27b6aeecf718738
SHA512

bb1a044a8a29411f5f83ab44dc430408de9f9b8370e7ffd77913a13419732d6b0973fe13ac921bb6d7432aa090e340e38a496833857c854226fe27e7e9160076
SSDEEP

24576:+GCn178dMIN9SpWCEX5inUqtHDjCcvXc9fKiFBBB4hlwduhwIcc4EQx:5C1wdVSpzWiUJWw8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ApplySettingsTemplateCatalog.exe

Files

ApplySettingsTemplateCatalog.exe
.exe windows x64

e05e53f99382230b9270fd1bfcf293c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
EventSetInformation
EventRegister
EventWriteTransfer
RegCloseKey
RegDeleteKeyExW
EventUnregister
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegEnumValueW
RegGetValueW
RegCreateKeyExW
GetTokenInformation
EqualSid
CreateWellKnownSid
GetNamedSecurityInfoW
RegSetKeyValueW
RegQueryValueExW
RegDeleteTreeW
RegQueryInfoKeyW

kernel32

GetModuleFileNameW
lstrlenA
LoadLibraryExW
FreeLibrary
AcquireSRWLockShared
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LocalAlloc
TlsGetValue
SystemTimeToFileTime
TlsAlloc
TlsSetValue
ResetEvent
OpenEventA
AreFileApisANSI
GetCurrentDirectoryW
DeviceIoControl
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetFileTime
GetFileSize
DeleteFileW
SetEvent
SetFileAttributesW
GetComputerNameExW
GetFileAttributesW
CreateFileW
ExpandEnvironmentStringsW
WriteFile
CreateEventA
ReadFile
IsDebuggerPresent
DebugBreak
GetProcessHeap
CreateMutexExW
GetProcAddress
GetLocalTime
HeapAlloc
OpenSemaphoreW
WaitForSingleObjectEx
ProcessIdToSessionId
LocalUnlock
LocalFree
HeapSetInformation
CloseHandle
GetLastError
FormatMessageW
GetCurrentProcess
LocalLock
GetProcessMitigationPolicy
FormatMessageA
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
EncodePointer
DecodePointer
InitializeCriticalSectionEx
GetLocaleInfoW
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
TerminateProcess
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
ReleaseMutex
OutputDebugStringW

msvcrt

exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
isdigit
isalnum
memcmp
___lc_collate_cp_func
memchr
tolower
isspace
_Strftime
_Gettnames
__mb_cur_max
_Wcsftime
_W_Gettnames
_W_Getmonths
_W_Getdays
_Getmonths
_Getdays
memcpy_s
_wsetlocale
__crtLCMapStringA
__crtLCMapStringW
__crtCompareStringA
__crtCompareStringW
??8type_info@@QEBAHAEBV0@@Z
_wcsdup
memset
localeconv
strcspn
sprintf_s
ldexp
realloc
abort
islower
_ismbblead
___mb_cur_max_func
calloc
___lc_codepage_func
_vsnwprintf
fputc
fflush
fclose
fgetc
fwrite
swprintf_s
_vsnprintf_s
_cexit
setvbuf
ungetc
fsetpos
_fseeki64
ldiv
wcscmp
_wcsicmp
_stricmp
strerror
__uncaught_exception
fseek
_wfsopen
__setusermatherr
_initterm
__C_specific_handler
_wcmdln
_fmode
_commode
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
__CxxFrameHandler3
___lc_handle_func
isupper
__pctype_func
setlocale
_unlock
_lock
_errno
memmove
memcpy
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@XZ
_callnewh
malloc
free
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
_wtoi
strchr
memmove_s
time
_wcsnicmp
mbstowcs_s
wprintf
??_V@YAXPEAX@Z
_exit
fgetpos
?name@type_info@@QEBAPEBDXZ

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocString
VariantClear

ole32

OleRun
CoTaskMemFree
CLSIDFromString
CoUninitialize
CoInitializeEx
CoCreateInstance
CLSIDFromProgID

shell32

SHGetKnownFolderPath

activeds

ord3

Sections

.text
Size: 789KB - Virtual size: 789KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e05e53f99382230b9270fd1bfcf293c4

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

oleaut32

ole32

shell32

activeds

Sections

.text Size: 789KB - Virtual size: 789KB

.rdata Size: 274KB - Virtual size: 273KB

.data Size: 28KB - Virtual size: 34KB

.pdata Size: 31KB - Virtual size: 30KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 789KB - Virtual size: 789KB

.rdata
Size: 274KB - Virtual size: 273KB

.data
Size: 28KB - Virtual size: 34KB

.pdata
Size: 31KB - Virtual size: 30KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB