DYSMANTLE[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

DYSMANTLE.exe
Size

3.0MB
MD5

31a3a9329fc2f7b40bf6429d82fa849e
SHA1

cde85faaeb12b584829ac2a9446dfeeeec8463aa
SHA256

f893756654842df43d94fe553b8dc9de148cbb5d8ad72eda5f0767eeed4259e8
SHA512

f7cdc5293ac061dd5aab8745fabc300338d77f3260b81e694bb4642708a9f10c40c241bc28e1f610c74a21b268e0e6a1f174b7af00960ddde87dbc0b91855c51
SSDEEP

49152:xKWZighEGzIqUh+sMGdUdI6zjlNZbmp62y0pAIyeOk16lGj157:xlcqqj0d0CeO7kJZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DYSMANTLE.exe

Files

DYSMANTLE.exe
.exe windows:6 windows x64 arch:x64

5325dca86aeffb944098b528e88830d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GlobalAlloc
DeleteFileW
CloseHandle
LoadLibraryW
CreateThread
GetUserGeoID
GetProcAddress
GlobalLock
SetFilePointerEx
LocalFree
DeleteCriticalSection
GetCurrentProcessId
GlobalMemoryStatusEx
FreeLibrary
WideCharToMultiByte
FormatMessageA
CopyFileExW
GlobalUnlock
SetUnhandledExceptionFilter
FlushFileBuffers
ExitProcess
lstrlenA
GetCurrentThread
GetFileAttributesA
OpenMutexA
GetLastError
Sleep
MultiByteToWideChar
RtlCaptureStackBackTrace
GetModuleHandleA
GetCurrentThreadId
GetFileAttributesW
CreateFileW
LocalAlloc
CreateMutexA
FindClose
GetEnvironmentVariableA
InitializeCriticalSection
GlobalSize
LeaveCriticalSection
GetModuleFileNameW
LoadLibraryExA
RemoveDirectoryW
TerminateProcess
WriteFile
GetCurrentProcess
FindNextFileW
EnterCriticalSection
WriteConsoleW
GetStringTypeW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetEndOfFile
GetFileAttributesExW
GetTimeZoneInformation
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
SetFileInformationByHandle
SetLastError
GetGeoInfoA
SetThreadDescription
GetFileSizeEx
FindFirstFileW
TryEnterCriticalSection
GetModuleFileNameA
ReadFile
CreateDirectoryW
HeapSize
HeapReAlloc
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
QueryPerformanceCounter
QueryPerformanceFrequency
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
FormatMessageW
GetSystemDirectoryA
GetTickCount
VerifyVersionInfoW
SleepEx
MoveFileExA
GetStdHandle
WaitForMultipleObjects
PeekNamedPipe
GetFileType
CreateFileA
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW

user32

RegisterClassExA
SetForegroundWindow
SetCursor
PeekMessageA
EnumDisplaySettingsW
GetDesktopWindow
PostQuitMessage
SetRect
GetWindowLongPtrA
IsClipboardFormatAvailable
UpdateWindow
GetDlgItem
LoadIconA
SetCursorPos
GetCursorPos
SetWindowLongPtrA
ClipCursor
SetClipboardData
AdjustWindowRectEx
GetMessageA
EnumDisplayDevicesA
DispatchMessageA
GetWindowRect
LoadCursorA
DestroyWindow
SetWindowPos
ScreenToClient
EndDialog
GetSystemMetrics
DialogBoxParamA
ShowWindow
OpenClipboard
GetDlgItemTextA
ClientToScreen
CloseClipboard
CallWindowProcA
EmptyClipboard
GetWindowTextA
GetRawInputData
ValidateRect
SetWindowTextA
MapVirtualKeyA
MessageBoxA
EnumDisplaySettingsA
MoveWindow
EnumWindows
DefWindowProcA
CreateWindowExA
SetFocus
RegisterRawInputDevices
TranslateMessage
GetClipboardData
EnumDisplayDevicesW
SetDlgItemTextA
SendMessageA
GetClientRect

gdi32

GetStockObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

CryptDestroyKey
SetSecurityDescriptorDacl
SetEntriesInAclA
AllocateAndInitializeSid
GetUserNameA
FreeSid
InitializeSecurityDescriptor
CryptEncrypt
CryptImportKey
CryptCreateHash
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptAcquireContextA

shell32

ShellExecuteA
DragQueryFileA
ShellExecuteW
SHGetFolderPathW
DragAcceptFiles
DragQueryPoint

ole32

CoInitializeEx
CoUninitialize

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

netapi32

Netbios

ntdll

VerSetConditionMask
RtlGetVersion

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

d3d11

D3D11CreateDevice

dxgi

CreateDXGIFactory1

wldap32

ord22
ord45
ord26
ord27
ord200
ord301
ord33
ord41
ord217
ord60
ord143
ord50
ord30
ord35
ord32
ord211
ord79
ord46

crypt32

PFXImportCertStore
CertFreeCertificateContext
CryptStringToBinaryA
CertEnumCertificatesInStore
CertCloseStore
CertFindCertificateInStore
CertOpenStore
CryptDecodeObjectEx
CertGetCertificateChain
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CryptQueryObject
CertFreeCertificateChain
CertGetNameStringA
CertFindExtension
CertCreateCertificateChainEngine

ws2_32

__WSAFDIsSet
connect
getsockname
getpeername
bind
sendto
recvfrom
listen
accept
htonl
freeaddrinfo
getaddrinfo
ioctlsocket
gethostname
WSAStartup
WSACleanup
WSAEnumNetworkEvents
getsockopt
WSAWaitForMultipleEvents
send
WSAResetEvent
WSAEventSelect
WSACreateEvent
WSACloseEvent
inet_ntop
ntohs
WSASetLastError
WSAGetLastError
closesocket
inet_pton
setsockopt
WSAIoctl
htons
socket
select
recv

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 628KB - Virtual size: 627KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 883KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5325dca86aeffb944098b528e88830d6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

bcrypt

netapi32

ntdll

winmm

d3d11

dxgi

wldap32

crypt32

ws2_32

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 628KB - Virtual size: 627KB

.data Size: 13KB - Virtual size: 883KB

.pdata Size: 87KB - Virtual size: 86KB

_RDATA Size: 145KB - Virtual size: 145KB

.rsrc Size: 104KB - Virtual size: 103KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 628KB - Virtual size: 627KB

.data
Size: 13KB - Virtual size: 883KB

.pdata
Size: 87KB - Virtual size: 86KB

_RDATA
Size: 145KB - Virtual size: 145KB

.rsrc
Size: 104KB - Virtual size: 103KB

.reloc
Size: 9KB - Virtual size: 8KB