dcpromo[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dcpromo.exe
Size

220KB
MD5

6013ee887bef7b640705c2ffe8af3916
SHA1

f78cad19f1e4ea67570e58c4af9de60433720241
SHA256

008fa2b9697f9a173e40572face100410e51975e34a5cef2be08dfa8e04ed3c0
SHA512

61cca407a0749e904df0116905a8a1cfd59bb24368134003350a3f33d41447960fb438f8047c089d96dde6dd1abf1be0b4bc3b60eb3a53ce0e6aaf84c6266d89
SSDEEP

3072:fK8SUAf7wvvwc1rMo1Nm6pvMIoY+egFpIrl0Ivz8JDiO8np6awjhIrvD:8fcHwy3y6pk2+eghIvz8XZaghY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcpromo.exe

Files

dcpromo.exe
.exe windows:6 windows x64

3f696a00386b5a7034577b77ac9168a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileType
GetExitCodeProcess
CreateProcessW
CreateMutexW
WaitForSingleObject
ExpandEnvironmentStringsA
LoadLibraryExW
CompareStringW
LocalFree
FormatMessageW
MultiByteToWideChar
lstrlenA
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
TlsSetValue
TlsGetValue
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesExW
TlsAlloc
InitializeCriticalSection
MoveFileW
GetFileAttributesW
SetFilePointerEx
CreateFileW
WriteFile
FindClose
FindNextFileW
FindFirstFileW
TlsFree
DeleteCriticalSection
OutputDebugStringW
SetWaitableTimer
CreateWaitableTimerW
SetErrorMode
LoadLibraryExA
HeapAlloc
HeapFree
GetProcessHeap
LocalAlloc
SetThreadPreferredUILanguages
GetConsoleOutputCP
FindActCtxSectionStringW
OutputDebugStringA
IsWow64Process
GetProcAddress
SetLastError
GetLastError
FreeLibrary
GetStdHandle
DeactivateActCtx
GetModuleFileNameW
SetConsoleMode
GetConsoleMode
LoadLibraryW
ActivateActCtx
CreateActCtxW
QueryActCtxW
ReadConsoleW
GetModuleHandleExW
GetCurrentProcess
RaiseException
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
UnhandledExceptionFilter
TerminateProcess
DeleteFileW
CloseHandle

msvcrt

strchr
memcpy
memset
strcmp
_vsnwprintf
_errno
_beginthreadex
_beginthread
wcstol
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
malloc
free
__CxxFrameHandler3
_CxxThrowException
_stricmp
_wsetlocale
swprintf_s
memcpy_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memmove_s
_wcsicmp
_purecall
wprintf
wcscmp

netapi32

NetpwPathType
DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

ole32

CoCreateInstance
CoGetMalloc
CoInitializeSecurity
CoUninitialize
CoInitialize

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemWindowsDirectoryW
GetLocalTime
GetVersionExW
GetSystemDirectoryW
GetSystemTimeAsFileTime

advapi32

RegOpenKeyExA
RegQueryValueExA
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f696a00386b5a7034577b77ac9168a3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

netapi32

ole32

ntdll

api-ms-win-core-sysinfo-l1-2-1

advapi32

Sections

.text Size: 177KB - Virtual size: 176KB

.data Size: 3KB - Virtual size: 6KB

.pdata Size: 4KB - Virtual size: 3KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 177KB - Virtual size: 176KB

.data
Size: 3KB - Virtual size: 6KB

.pdata
Size: 4KB - Virtual size: 3KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 1KB - Virtual size: 1KB