Dism[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Dism.exe
Size

287KB
MD5

4df5f1072a21a2ce50a4bc1c2e8ba2de
SHA1

133e3902a6fd1b83a2a362b24ec27a07f04a0b2d
SHA256

2fbff06b431e9b0144bfc689e94257b77f9a8f91f03af4851bd100278415a667
SHA512

7ecb0f33b486a4138b61c1ce4dcbf8b30f4f6d819729955b14fb1b87b6b80d5f46306aaadc25c8a854c6cc776810f2d2b4bf0d1ae03313c69e5c56684b70d9ad
SSDEEP

3072:dr5BWjxg0uMYjLKntkyPmw9JxEDRI5BaPrdpQa5s7Phoua+anr:xvWjxHuMYKtkytbgKDaPrdaa0Pho5r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Dism.exe

Files

Dism.exe
.exe windows:6 windows x64

f547ba60f2bf02ab42819507881ac9e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
wcsstr
iswalpha
_wcsnicmp
memcmp
towlower
__CxxFrameHandler3
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_CxxThrowException
memcpy
realloc
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
wcscpy_s
__C_specific_handler
memset
wcsrchr
calloc
_errno
__RTDynamicCast
malloc
_purecall
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
free
_vsnwprintf
towupper
_getwch
vswprintf_s
_vscwprintf
_wcslwr_s
_wcsicmp
wcschr
wprintf
memcpy_s
memmove_s
??0exception@@QEAA@XZ
wcscmp

api-ms-win-downlevel-kernel32-l1-1-0

SizeofResource
LockResource
LoadResource
FindResourceExW
Sleep
GetProcessHeap
SetConsoleCtrlHandler
GetCurrentProcess
HeapFree
SetErrorMode
SetThreadUILanguage
GetCurrentThreadId
DeleteCriticalSection
RaiseException
CloseHandle
GetCommandLineW
GetStdHandle
HeapAlloc
WriteConsoleW
WideCharToMultiByte
WriteFile
WaitForSingleObject
GetFileType
GetConsoleMode
GetModuleFileNameW
GetLastError
LeaveCriticalSection
SetEvent
EnterCriticalSection
InitializeCriticalSection
GetProcAddress
GetVersionExW
GetModuleHandleW
CompareStringW
SearchPathW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
FindFirstFileW
CopyFileExW
IsWow64Process
FormatMessageW
GetFileAttributesW
SetLastError
CreateFileW
GetSystemInfo
HeapDestroy
HeapReAlloc
HeapSize
LoadLibraryExW
FreeLibrary
MultiByteToWideChar
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetModuleHandleExW
FindClose
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
DeviceIoControl
FindNextFileW
SetFileAttributesW
GetDriveTypeW
GetTempFileNameW
GetFullPathNameW
OutputDebugStringW
SetUnhandledExceptionFilter
SetFilePointer
CreateDirectoryW
ReadFile
GetFileInformationByHandle

api-ms-win-downlevel-advapi32-l1-1-1

RegOpenKeyExW
RegCloseKey
IsValidSecurityDescriptor
GetAclInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSidSubAuthority
IsValidSid
CopySid
GetLengthSid
TraceEvent
AdjustTokenPrivileges
OpenProcessToken
InitializeSid
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetTraceEnableFlags
SetSecurityDescriptorOwner
GetTraceLoggerHandle
GetSidLengthRequired
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-downlevel-advapi32-l4-1-0

LookupPrivilegeValueW
InitiateSystemShutdownExW

api-ms-win-downlevel-ole32-l1-1-1

GetErrorInfo
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize

api-ms-win-downlevel-kernel32-l2-1-0

LocalFree
LocalAlloc

api-ms-win-downlevel-user32-l1-1-1

CharLowerBuffW

ntdll

RtlFreeHeap
RtlAllocateHeap
NtSetInformationFile
RtlNtStatusToDosError
RtlGetVersion
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

oleaut32

SysFreeString
VariantClear
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VarBstrCmp
SysAllocString

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

Sections

.text
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f547ba60f2bf02ab42819507881ac9e0

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-downlevel-kernel32-l1-1-0

api-ms-win-downlevel-advapi32-l1-1-1

api-ms-win-downlevel-advapi32-l4-1-0

api-ms-win-downlevel-ole32-l1-1-1

api-ms-win-downlevel-kernel32-l2-1-0

api-ms-win-downlevel-user32-l1-1-1

ntdll

oleaut32

api-ms-win-downlevel-version-l1-1-0

Sections

.text Size: 233KB - Virtual size: 233KB

.data Size: 6KB - Virtual size: 9KB

.pdata Size: 7KB - Virtual size: 6KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 31KB - Virtual size: 30KB

.reloc Size: 1024B - Virtual size: 688B

.text
Size: 233KB - Virtual size: 233KB

.data
Size: 6KB - Virtual size: 9KB

.pdata
Size: 7KB - Virtual size: 6KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 31KB - Virtual size: 30KB

.reloc
Size: 1024B - Virtual size: 688B