Dism++x64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Dism++x64.exe
Size

1.0MB
MD5

a1a058ff98dc1f9320195b398aa06167
SHA1

d974136e6dc4b1726b50a770ec8d6f0f4fc859a7
SHA256

16bbdb339173d25b4332b377da96e80809aabfe6739cf35d5e70484f08cfdc42
SHA512

8517354f8579905a5ff1b581aee79ac4632d83bf1672490b653caf5807e902745ae1df109083ea895ac63f0a106786390d5e769a220dc21af8f8a7a9585dddc8
SSDEEP

12288:KU4qFPGYdX6h867AoanHh8HcMcv1mFwPxEeGzAS3pQYQYa8I1HwJVKC2+RQ:KRqFLqaB88F8SYzAS3dQYa8I1HGbi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Dism++x64.exe

Files

Dism++x64.exe
.exe windows:6 windows x64 arch:x64

d1e008c8cf1935eb6666ee1a9be8a2a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\用户数据\Documents\Visual Studio 2015\Projects\Dism++\Release\Dism++x64.pdb

Imports

kernel32

HeapReAlloc
HeapFree
InitOnceExecuteOnce
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
Sleep
TerminateProcess
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemDirectoryW
IsWow64Process
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetCurrentThreadId
HeapDestroy
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
VerifyVersionInfoW
VerSetConditionMask
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WritePrivateProfileSectionW
GetFileAttributesW
DeviceIoControl
GetVolumePathNameW
GetVolumeInformationByHandleW
GetModuleFileNameW
GetEnvironmentVariableW
UnmapViewOfFile
MoveFileExW
DeleteFileW
GetNativeSystemInfo
GlobalMemoryStatusEx
GetUserDefaultLCID
LCIDToLocaleName
GetThreadLocale
GetLocaleInfoEx
CreateProcessW
GetWindowsDirectoryW
FindClose
FindFirstFileW
FindNextFileW
IsValidLocaleName
MoveFileW
CreateDirectoryW
GetVolumeInformationW
SetVolumeLabelW
RemoveDirectoryW
DeleteCriticalSection
GetTickCount
CreateFileMappingW
MapViewOfFile
LocalFree
GetCurrentProcess
ReadFile
WriteFile
SetFilePointer
GetTempPathA
GetTempFileNameA
DeleteFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
lstrcpyA
lstrcpynA
ReleaseMutex
HeapAlloc
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
InitializeSRWLock
AcquireSRWLockExclusive
AcquireSRWLockShared
VirtualFreeEx
VirtualAllocEx
DuplicateHandle
WaitForMultipleObjects
ExpandEnvironmentStringsW
SetFilePointerEx
GetFileSizeEx
SetEnvironmentVariableW
GetVolumeNameForVolumeMountPointW
CreateMutexW
GetFullPathNameW
lstrcmpiA
CopyFileW
GetFileSize
GetLocaleInfoW
GetExitCodeProcess
WideCharToMultiByte
lstrcmpA
SystemTimeToFileTime
GetExitCodeThread
EnumUILanguagesW
CopyFileExW
FreeResource
SetThreadUILanguage
SetThreadLocale
LocaleNameToLCID
OpenProcess
DecodePointer
VirtualProtect
GetDiskFreeSpaceExW
GetCurrentProcessId
VirtualQuery
GetProcessId
GetSystemTime
LoadLibraryW
FormatMessageW
GetLongPathNameW
GetTempPathW
MultiByteToWideChar
GetDriveTypeW
SetFileAttributesW
ProcessIdToSessionId
GetShortPathNameW
GetLocalTime
GetStartupInfoW
WritePrivateProfileStringW
GetModuleHandleExW
GetDiskFreeSpaceW
GetPrivateProfileSectionW
GetVersionExW
GetPrivateProfileStringW
LocalFileTimeToFileTime
GetCurrentDirectoryW
DosDateTimeToFileTime
MulDiv
GetTickCount64
TerminateThread
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GlobalAlloc
GlobalLock
GlobalUnlock
CreateIoCompletionPort
ExitProcess
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
ReleaseSRWLockShared
CreateFileW
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
OutputDebugStringW
IsDebuggerPresent
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
AreFileApisANSI
RtlUnwindEx

comctl32

ord17
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ord345
InitCommonControlsEx
_TrackMouseEvent

ntdll

ZwClose
NtCreateFile
NtQueryVolumeInformationFile
RtlGetLastNtStatus
LdrVerifyImageMatchesChecksum
NtShutdownSystem
NtReadFile
NtQueryInformationFile
RtlComputeCrc32
NtSetInformationFile
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
NtClose
ZwQueryDirectoryFile
NtOpenFile
NtReadVirtualMemory
NtDeleteKey
NtQuerySystemInformation
ZwAddBootEntry
ZwSetBootEntryOrder
NtTranslateFilePath
ZwEnumerateBootEntries
ZwQueryBootEntryOrder
RtlNtStatusToDosError
RtlAdjustPrivilege
RtlImageNtHeader
ZwOpenSymbolicLinkObject
RtlInitUnicodeString
NtWriteFile
ZwQuerySymbolicLinkObject
RtlImageRvaToVa
NtWriteVirtualMemory
NtQueryInformationProcess

msvcrt

??8type_info@@QEBAHAEBV0@@Z
memset
??3@YAXPEAX@Z
_purecall
??2@YAPEAX_K@Z
wcsnlen
memcpy
_errno
wcstoul
wcsncpy_s
wcslen
memmove
memcmp
_wcsnicmp
wcschr
towupper
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
wcsftime
_localtime64_s
_time64
_wcstoui64
_wcsicmp
_beginthreadex
_wcslwr_s
bsearch
free
malloc
strlen
strnlen
_mktime64
wcscpy
wcstol
_strtoui64
realloc
strcmp
strtoul
strtol
_wtoi
isdigit
??0exception@@QEAA@AEBV0@@Z
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
_wcsupr_s
wcsrchr
wcsstr
_mbschr
_mbslwr_s
iswspace
wcscmp
wcscpy_s
_mbscmp
__C_specific_handler
calloc
abs
toupper
wcsncpy
_itow
wcstod
wcscat
_strcmpi
qsort_s
_lrotl
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
_CxxThrowException
__CxxFrameHandler3
__setusermatherr
_initterm
_initterm_e
_set_fmode
_amsg_exit
__wgetmainargs
_strlwr
__DestructExceptionObject
_invalid_parameter
_msize
__set_app_type
_wcmdln
abort
_commode
_XcptFilter
?terminate@@YAXXZ
vswprintf_s
_vscwprintf
swscanf
sscanf
vsprintf_s
_vscprintf
swprintf_s

Exports

Exports

BcdGetCurrentEntryIdentifier
BcdGetFirmwareBootDevice
BcdGetFirmwareType
BcdGetSystemPartition
BcdIsWinPEBoot
BcdOpenStore
DismAddDriver
DismAddPackage
DismAppAssociationsDefaultExport
DismAppAssociationsDefaultImport
DismAppAssociationsDefaultRemove
DismAppAssociationsExport
DismAppAssociationsImport
DismAppAssociationsRemove
DismApplyDPI
DismApplyImage
DismAppxsCleanup
DismCaptureImage
DismCommitImage
DismCompactOs
DismComponentCleanup
DismCreateInterface
DismDeleteImage
DismDriverCleanup
DismExpandEnvironmentStrings
DismExportImage
DismFormatMessage
DismFreeMemory
DismGetAllUsersAppx
DismGetCapabilities
DismGetDrivers
DismGetFeatures
DismGetFileFilter
DismGetImageFileInfo
DismGetMountedImages
DismGetPackages
DismGetProvisionedAppxs
DismGetScratchDir
DismGetServices
DismGetSystemInfoByPath
DismGetSystemInfoBySession
DismHardLinkMerge
DismIsNoviceMode
DismMountImage
DismMultiLanguage
DismRegOpenKey
DismRegOpenKeyEx
DismRemoveAppx
DismRemoveCapability
DismRemoveDriver
DismRemovePackage
DismRemoveProvisionedAppx
DismRemoveService
DismRestoreHealth
DismScanHealth
DismSetBootImage
DismSetImageFileInfo
DismSetServiceStart
DismUnmountImage
DismWriteLog
IbsSetFirstBootCommandLine
WinREConfig2

Sections

.text
Size: 775KB - Virtual size: 774KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1e008c8cf1935eb6666ee1a9be8a2a5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

comctl32

ntdll

msvcrt

Exports

Exports

Sections

.text Size: 775KB - Virtual size: 774KB

.rdata Size: 193KB - Virtual size: 193KB

.data Size: 5KB - Virtual size: 9KB

.pdata Size: 25KB - Virtual size: 25KB

.rsrc Size: 46KB - Virtual size: 45KB

.text
Size: 775KB - Virtual size: 774KB

.rdata
Size: 193KB - Virtual size: 193KB

.data
Size: 5KB - Virtual size: 9KB

.pdata
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 46KB - Virtual size: 45KB