ApplySettingsTemplateCatalog[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ApplySettingsTemplateCatalog.exe
Size

1.1MB
MD5

1aa89000cff2ef3a33c110bd0a17e010
SHA1

068cb2a43f0d2ec10a9d6af429eee5d09b6e770d
SHA256

96a3abbd2f6fe4528300e9456006d0b9e00e96872d260b104830167465af7455
SHA512

3e722ca9913004ff9144898e910e8a219e53a499b780896121e023d7be18248252a892ac3f226a51b1ecac32fa93eb9ac7909e82a91b9f0c6f4f7984d3b93b72
SSDEEP

24576:JRyKMq2+uh5ySvwH4OEK/5E4Faat0MwCsDy:qK1DuoH4O5/m4Mat0Mw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ApplySettingsTemplateCatalog.exe

Files

ApplySettingsTemplateCatalog.exe
.exe windows:10 windows x64 arch:x64

6fcd43bb20eae577b31744afb494be3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
EventSetInformation
EventRegister
EventWriteTransfer
RegCloseKey
RegDeleteKeyExW
EventUnregister
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegEnumValueW
RegGetValueW
RegCreateKeyExW
GetTokenInformation
EqualSid
CreateWellKnownSid
GetNamedSecurityInfoW
RegSetKeyValueW
RegQueryValueExW
RegDeleteTreeW
RegQueryInfoKeyW

kernel32

LocalAlloc
GetProcessMitigationPolicy
GetModuleFileNameW
lstrlenA
LoadLibraryExW
FreeLibrary
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TlsGetValue
SystemTimeToFileTime
TlsAlloc
TlsSetValue
ResetEvent
OpenEventA
FormatMessageA
AreFileApisANSI
GetCurrentDirectoryW
DeviceIoControl
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetFileTime
GetFileSize
DeleteFileW
SetEvent
SetFileAttributesW
GetComputerNameExW
GetFileAttributesW
CreateFileW
ExpandEnvironmentStringsW
WriteFile
CreateEventA
ReadFile
IsDebuggerPresent
DebugBreak
GetProcessHeap
CreateMutexExW
GetProcAddress
GetLocalTime
HeapAlloc
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
ReleaseMutex
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
ProcessIdToSessionId
LocalUnlock
LocalFree
HeapSetInformation
CloseHandle
GetLastError
FormatMessageW
GetCurrentProcess
LocalLock
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
EncodePointer
DecodePointer
InitializeCriticalSectionEx
GetLocaleInfoW
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
TerminateProcess
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError

msvcrt

exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
isdigit
isalnum
memcmp
___lc_collate_cp_func
memchr
tolower
isspace
_Strftime
_Gettnames
__mb_cur_max
_Wcsftime
_W_Gettnames
_W_Getmonths
_W_Getdays
_Getmonths
_Getdays
memcpy_s
_wsetlocale
__crtLCMapStringA
__crtLCMapStringW
__crtCompareStringA
__crtCompareStringW
??8type_info@@QEBAHAEBV0@@Z
_wcsdup
memset
localeconv
strcspn
sprintf_s
ldexp
realloc
abort
islower
_ismbblead
___mb_cur_max_func
calloc
___lc_codepage_func
___lc_handle_func
isupper
__pctype_func
setlocale
_unlock
_vsnwprintf
fputc
_cexit
fclose
fgetc
fwrite
swprintf_s
_vsnprintf_s
fgetpos
setvbuf
wcscmp
fsetpos
_fseeki64
?name@type_info@@QEBAPEBDXZ
_wcsicmp
_stricmp
strerror
__uncaught_exception
fseek
_wfsopen
__setusermatherr
_initterm
__C_specific_handler
_wcmdln
_fmode
_commode
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
__CxxFrameHandler4
_lock
_errno
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@XZ
_callnewh
malloc
free
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
_wtoi
strchr
time
_wcsnicmp
mbstowcs_s
wprintf
??_V@YAXPEAX@Z
_exit
fflush
ungetc

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocString
VariantClear

ole32

OleRun
CoTaskMemFree
CLSIDFromString
CoUninitialize
CoInitializeEx
CoCreateInstance
CLSIDFromProgID

shell32

SHGetKnownFolderPath

activeds

ord3

Sections

.text
Size: 816KB - Virtual size: 813KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fcd43bb20eae577b31744afb494be3e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

oleaut32

ole32

shell32

activeds

Sections

.text Size: 816KB - Virtual size: 813KB

.rdata Size: 200KB - Virtual size: 197KB

.data Size: 28KB - Virtual size: 33KB

.pdata Size: 32KB - Virtual size: 30KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 816KB - Virtual size: 813KB

.rdata
Size: 200KB - Virtual size: 197KB

.data
Size: 28KB - Virtual size: 33KB

.pdata
Size: 32KB - Virtual size: 30KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB