DismHost[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

DismHost.exe
Size

117KB
MD5

7e7bcca378567babee3195f9ccc5bf1b
SHA1

b28119e1b451fbd77862b6b06667eee96f8a237c
SHA256

864a4b835baa66b728a36c831c6ab25d798b8371cfe81d28c4321a3b4401f28f
SHA512

e0cc465b53be02039e9e4f65bb86808127457a800c2f1cfb6a47786cf47c9ad44258d334e4e2e277c68aa2c51409d24ef8e8c543630bea4b0f4710eff8383407
SSDEEP

3072:mpwa+p5StS5sDQtRTOQGlRFwwVrkcvqbu:S+p5SRq5ORdVrknu

Score

1^/10

Malware Config

Signatures

Files

DismHost.exe
.exe windows:10 windows x86

b7edeac46de1269b3a38297d98151730

Code Sign

33:00:00:00:ac:63:16:e7:e3:46:55:b3:1c:00:00:00:00:00:ac
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/05/2016, 17:13

Not After

03/08/2017, 17:13

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:54:f3:b0:66:5c:48:51:38:cb:64:b5:12:a3:61:20:3a:29:df:a5:d3:e6:e0:fd:5f:4b:49:d4:f5:49:a9:b2
Signer

Actual PE Digest

69:54:f3:b0:66:5c:48:51:38:cb:64:b5:12:a3:61:20:3a:29:df:a5:d3:e6:e0:fd:5f:4b:49:d4:f5:49:a9:b2

Digest Algorithm

sha256

PE Digest Matches

true

93:27:a6:aa:52:32:21:bb:87:c1:d3:7e:30:76:73:89:8a:a1:e8:6f
Signer

Actual PE Digest

93:27:a6:aa:52:32:21:bb:87:c1:d3:7e:30:76:73:89:8a:a1:e8:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

_wtoi
_wcsnicmp
towlower
wcschr
_vsnwprintf
_vscprintf
vsprintf_s
vswprintf_s
_vscwprintf
swscanf_s
_except_handler4_common
_controlfp
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_acmdln
_initterm
free
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
memset
_wcsicmp
wcscpy_s
_beginthreadex
_vsnprintf
wcsstr
strrchr
iswctype
wcsrchr
calloc
memmove_s
malloc
feof
memcpy_s
fgetws
_wfopen
wcstok_s
__setusermatherr
fclose
memcmp
_purecall
memcpy

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
SetEvent
CreateMutexW
InitializeCriticalSection
WaitForMultipleObjectsEx
OpenEventW
CreateEventExW
WaitForSingleObjectEx
WaitForSingleObject
CreateMutexA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
ProgIDFromCLSID
CoTaskMemFree
CoRegisterClassObject
CLSIDFromString
CoCreateInstance
CoInitializeSecurity
CoRegisterPSClsid
CoRevokeClassObject

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
GetAclInformation
MakeAbsoluteSD
InitializeAcl
GetSecurityDescriptorControl
FreeSid
GetSecurityDescriptorGroup
AddAccessAllowedAce
AllocateAndInitializeSid
EqualSid
CheckTokenMembership
GetLengthSid
CopySid
IsValidSid
AddAce
GetTokenInformation
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
IsValidSecurityDescriptor

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA
SearchPathW
GetCommandLineW

api-ms-win-core-localization-l1-2-0

FormatMessageW
FormatMessageA
SetThreadUILanguage

api-ms-win-core-processthreads-l1-1-0

TlsFree
OpenThreadToken
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
OpenProcessToken
TlsGetValue
GetCurrentThread
TlsSetValue
TlsAlloc
ExitProcess
GetCurrentThreadId

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-libraryloader-l1-1-0

GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameW
LoadResource
FindResourceExW
LoadLibraryExA
GetModuleFileNameA
FreeLibrary
LoadLibraryExW
GetModuleHandleA

api-ms-win-core-stringloader-l1-1-1

LoadStringW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
GetProcessHeap

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetTickCount
GetVersion
GetWindowsDirectoryW
GetLocalTime
GetSystemWindowsDirectoryW

api-ms-win-core-kernel32-legacy-l1-1-0

CreateFileMappingA
GetStartupInfoA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
SysAllocString
SysStringLen
LoadRegTypeLi
LoadTypeLi
SetErrorInfo
CreateErrorInfo
SysAllocStringLen

api-ms-win-core-file-l1-1-0

WriteFile
DeleteFileA
GetFileSizeEx
GetFileAttributesW
FlushFileBuffers
DeleteFileW
CreateFileA
GetTempFileNameW
SetFilePointer
GetFileSize
CreateFileW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
VirtualQuery

api-ms-win-core-io-l1-1-0

DeviceIoControl

ntdll

RtlGetVersion
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7edeac46de1269b3a38297d98151730

Code Sign

33:00:00:00:ac:63:16:e7:e3:46:55:b3:1c:00:00:00:00:00:acCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:efCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

69:54:f3:b0:66:5c:48:51:38:cb:64:b5:12:a3:61:20:3a:29:df:a5:d3:e6:e0:fd:5f:4b:49:d4:f5:49:a9:b2Signer

93:27:a6:aa:52:32:21:bb:87:c1:d3:7e:30:76:73:89:8a:a1:e8:6fSigner

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-stringloader-l1-1-1

api-ms-win-core-heap-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

oleaut32

api-ms-win-core-file-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-io-l1-1-0

ntdll

Sections

.text Size: 84KB - Virtual size: 83KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 5KB - Virtual size: 4KB

33:00:00:00:ac:63:16:e7:e3:46:55:b3:1c:00:00:00:00:00:ac
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

69:54:f3:b0:66:5c:48:51:38:cb:64:b5:12:a3:61:20:3a:29:df:a5:d3:e6:e0:fd:5f:4b:49:d4:f5:49:a9:b2
Signer

93:27:a6:aa:52:32:21:bb:87:c1:d3:7e:30:76:73:89:8a:a1:e8:6f
Signer

.text
Size: 84KB - Virtual size: 83KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 5KB - Virtual size: 4KB