CheckNetIsolation[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CheckNetIsolation.exe
Size

27KB
MD5

4d7db9c2dced9c634b8c27b87926f0fc
SHA1

70dbb48fbd283c608d99863cd4a589b69c5c304f
SHA256

a36892e480544b78981c04b26dd144f2c8db1430caa1b31a112ae6045b4e77a0
SHA512

5b9bb66712b9fdb7fa6f816b23d9b5ad5eb120acb191471f2b46a33607f2223cfcf946e169f787343fce570fb10db6bbb47d9915431b4a7dabbf8034cf67fc96
SSDEEP

768:5ao5bItbKbR7Ua2bxC11c40QLVMTlY97p:5aMbnR49qm4ZUlY97p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CheckNetIsolation.exe

Files

CheckNetIsolation.exe
.exe windows:6 windows x64

02f81a92654965be5000fd0a530636b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

ConvertSidToStringSidW
ConvertStringSidToSidW

kernel32

Sleep
ResolveDelayLoadedAPI
DelayLoadFailureHook
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LocalFree
lstrcmpiW
GetConsoleOutputCP
SetEvent
CreateEventW
SetConsoleCtrlHandler
WaitForSingleObjectEx
CloseHandle
GetModuleHandleW

msvcrt

wprintf
towupper
swprintf_s
_wsetlocale
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
memcpy
_cexit
memmove
memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlIsParentOfChildAppContainer
RtlFreeSid
RtlEqualSid
EtwTraceMessage

ws2_32

htonl

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

fwpuclnt

FwpmEngineClose0
FwpmEngineSetOption0
FwpmNetEventUnsubscribe0
FwpmEngineOpen0
FwpmFreeMemory0
FwpmNetEventSubscribe1
FwpmEngineGetOption0

firewallapi

FwAlloc
IsAddressesEmpty
FwEmptyWFAddresses
NetworkIsolationEnumAppContainers
FwSidAndAttributesFree
NetworkIsolationSetAppContainerConfig
NetworkIsolationGetAppContainerConfig
FwSidCopy
FwFree

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02f81a92654965be5000fd0a530636b9

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

ws2_32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

fwpuclnt

firewallapi

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 792B

.idata Size: 3KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 32B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 80B

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 792B

.idata
Size: 3KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 32B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 80B