DismHost[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

DismHost.zip
Size

65KB
MD5

18ad2ceed958ecf22c33ab8eabd2260b
SHA1

304b2282215b4df76db1d0796112930f302c3ae6
SHA256

db07333568f6c5ed1c0c2b2f03a90e37781aca9f1e693696b7af94b9bbff9ab4
SHA512

40c6b8d9251e1c42dd486e9ba25213f27b1d0942d9173b11ee746452563f5958cd26c650f698cbb17eae9a2efed7d2b774af21ba06acaf70b2a7dcdd4de9a3d8
SSDEEP

1536:5VtLiUJinzp3jxAZhuXlzuPPR67A3t33dgAieh9wvSU:H4NzpxAvQzuHqIt3352KU

Score

1^/10

Malware Config

Signatures

Files

DismHost.zip
.zip
DismHost.exe
.exe windows:10 windows x64 arch:x64

1b31d5bf56f31446dc3caf847a3d3456

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:24:ff:3d:79:1a:d2:2d:1d:3f:8a:48:49:6b:1d:b1:1d:d8:37:c7:64:86:e1:52:b6:46:04:c0:02:ae:3f:24
Signer

Actual PE Digest

76:24:ff:3d:79:1a:d2:2d:1d:3f:8a:48:49:6b:1d:b1:1d:d8:37:c7:64:86:e1:52:b6:46:04:c0:02:ae:3f:24

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

??0exception@@QEAA@AEBQEBDH@Z
_wcsicmp
wcscpy_s
_beginthreadex
wcsstr
wcsrchr
__C_specific_handler
calloc
memmove_s
malloc
memcpy_s
_purecall
free
fgetws
_wfopen
wcstok_s
fclose
iswctype
toupper
strrchr
_vsnprintf
??1exception@@UEAA@XZ
__getmainargs
?what@exception@@UEBAPEBDXZ
exit
_exit
_cexit
__CxxFrameHandler3
_ismbblead
__setusermatherr
_initterm
_acmdln
_fmode
_commode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_wtoi
towlower
wcschr
_wcsnicmp
_vsnwprintf
_vscprintf
vsprintf_s
vswprintf_s
_vscwprintf
swscanf_s
_callnewh
??0exception@@QEAA@AEBV0@@Z
_CxxThrowException
_XcptFilter
_amsg_exit
__set_app_type
_lock
_unlock
__dllonexit
_onexit
feof
memmove
memcpy
memcmp
memset

advapi32

RegOpenKeyExW
EventWriteTransfer
EventRegister
EventProviderEnabled
EventUnregister
EqualSid
AddAccessAllowedAce
OpenThreadToken
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
IsValidSecurityDescriptor
GetAclInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
MakeAbsoluteSD
GetLengthSid
CopySid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorControl

kernel32

SetLastError
GetCurrentThread
GetLastError
CreateEventExW
CloseHandle
WaitForSingleObjectEx
SetErrorMode
GetCommandLineW
InitializeCriticalSection
SetThreadUILanguage
SetEvent
EnterCriticalSection
LeaveCriticalSection
OpenEventW
WaitForMultipleObjectsEx
ExitProcess
DeleteCriticalSection
OutputDebugStringW
GetModuleFileNameW
RaiseException
GetCurrentThreadId
GetModuleHandleW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
GetEnvironmentVariableW
MultiByteToWideChar
WideCharToMultiByte
Sleep
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetVersionExW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
TlsSetValue
TlsAlloc
DeviceIoControl
FreeLibrary
FlushFileBuffers
IsDebuggerPresent
GetWindowsDirectoryW
GetFileSizeEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LocalAlloc
DebugBreak
CreateFileMappingA
DeleteFileW
DeleteFileA
CreateFileA
GetVersion
ReleaseMutex
CreateMutexA
CreateMutexW
SetFilePointer
WriteFile
GetModuleFileNameA
VirtualQuery
FormatMessageA
TlsFree
TlsGetValue
GetFileSize
GetLocalTime
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
CreateFileW
FormatMessageW
FindResourceExW
LoadResource
LocalFree
LoadLibraryExW
GetProcAddress
GetTempFileNameW
WaitForSingleObject
GetModuleHandleExW
SearchPathW

ole32

CoRevokeClassObject
CoCreateInstance
CLSIDFromString
CoRegisterClassObject
CoTaskMemFree
ProgIDFromCLSID
CoUninitialize
CoRegisterPSClsid
CoInitializeEx
CoInitializeSecurity

user32

LoadStringW

oleaut32

SysFreeString
SysAllocString
SysStringLen
LoadRegTypeLi
LoadTypeLi
CreateErrorInfo
SetErrorInfo
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlGetVersion
RtlNtStatusToDosError

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b31d5bf56f31446dc3caf847a3d3456

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

76:24:ff:3d:79:1a:d2:2d:1d:3f:8a:48:49:6b:1d:b1:1d:d8:37:c7:64:86:e1:52:b6:46:04:c0:02:ae:3f:24Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

ole32

user32

oleaut32

ntdll

Sections

.text Size: 84KB - Virtual size: 84KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 468B

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

76:24:ff:3d:79:1a:d2:2d:1d:3f:8a:48:49:6b:1d:b1:1d:d8:37:c7:64:86:e1:52:b6:46:04:c0:02:ae:3f:24
Signer

.text
Size: 84KB - Virtual size: 84KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 468B