clokspl[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

clokspl.exe
Size

173KB
MD5

110970ec8701d771e5e5f2e006444933
SHA1

766ec536a10e68513138d1183705f5f19b9b8091
SHA256

460e7d7b6eec0cb6d8a807d7810da6c2bd3e9e12688a3245c55b9927cbcc5207
SHA512

190ffd84c1a85ff17a637eaf2fe808c1bbf8f2af50145e03e1d77b20875319b66666cf3c972ae432615fb549374f7df2b4ea33bbe602bebd869761512390d4cd
SSDEEP

3072:7NktzETbpWuR5sGUT9UmLk+ormMx+vSZpD51FvkkDFNNgy2X:xm8pZRcUsoK2YSZpD5XVJNv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
clokspl.exe

Files

clokspl.exe
.exe windows:4 windows x86 arch:x86

503b8663acf52579007e3ef9afa85466

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetACP
HeapDestroy
HeapCreate
HeapReAlloc
GetCPInfo
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
VirtualFree
VirtualAlloc
EnterCriticalSection
TerminateProcess
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
GetLocaleInfoA
GetLocaleInfoW
CloseHandle
MulDiv
InterlockedDecrement
GlobalFree
ExitProcess
RaiseException
GetStartupInfoA
GetModuleHandleA
HeapAlloc
HeapFree
RtlUnwind
SetErrorMode
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
WritePrivateProfileStringA
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
SetLastError
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
LeaveCriticalSection
GlobalReAlloc
FindResourceA
LoadResource
LCMapStringW
GlobalHandle
LockResource
GetCurrentThreadId
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
IsBadReadPtr
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
GetFileAttributesA
GlobalGetAtomNameA
GetModuleFileNameA
GetCommandLineA
GetVersion
GlobalAddAtomA
lstrcatA
GlobalUnlock
lstrcpynA
GlobalLock
lstrlenA
lstrcpyA

user32

EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
SetWindowTextA
LoadBitmapA
GetMenuCheckMarkDimensions
IsZoomed
OffsetRect
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
ValidateRect
TranslateMessage
GetMessageA
LoadStringA
PostQuitMessage
ShowOwnedPopups
MessageBoxA
GetClassNameA
PtInRect
ClientToScreen
GetSysColorBrush
FindWindowA
FillRect
IsRectEmpty
SetTimer
KillTimer
WindowFromPoint
SetRect
DeleteMenu
CharUpperA
InflateRect
GetDCEx
LockWindowUpdate
SetCapture
IntersectRect
SetParent
AppendMenuA
GetSystemMenu
InvertRect
DispatchMessageA
AdjustWindowRectEx
DeferWindowPos
GetClientRect
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
SetScrollInfo
ShowScrollBar
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
RegisterClassA
GetSysColor
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
IsDialogMessageA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
BringWindowToTop
IsWindowVisible
IsIconic
GetFocus
EqualRect
CopyRect
GetDlgItem
SetWindowLongA
wsprintfA
GetKeyState
SetWindowPos
GetDlgCtrlID
GetMenuItemCount
UnpackDDElParam
ReuseDDElParam
SetActiveWindow
WinHelpA
SetMenu
GetMenu
GetClassInfoA
DestroyMenu
SetFocus
GetParent
GetActiveWindow
ShowWindow
GetWindowLongA
IsWindow
GetWindow
IsWindowEnabled
SetCursor
PeekMessageA
PostMessageA
GetCapture
ReleaseCapture
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
RegisterWindowMessageA
LoadMenuA
GetSubMenu
GetCursorPos
GetMenuItemID
LoadIconA
InvalidateRect
LoadImageA
ReleaseDC
GetWindowRect
ScreenToClient
GetDesktopWindow
GetDC
LoadCursorA
UpdateWindow
EnableWindow
SetForegroundWindow
SendMessageA
GetNextDlgTabItem
EndDialog
GetSystemMetrics
CreateDialogIndirectParamA
SendDlgItemMessageA
SystemParametersInfoA
MapWindowPoints
SetWindowsHookExA
CallNextHookEx
DestroyWindow
GetForegroundWindow
UnhookWindowsHookEx
CreateWindowExA
UnregisterClassA

gdi32

GetObjectA
BitBlt
RealizePalette
CreateCompatibleDC
CreateHalftonePalette
DeleteDC
CreatePalette
GetDIBColorTable
SelectObject
SetTextColor
SetBkColor
CreateBitmap
GetTextExtentPointA
GetTextMetricsA
SaveDC
RestoreDC
GetStockObject
SelectPalette
DeleteObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
SetTextAlign
CreateRectRgn
CreateSolidBrush
CreatePatternBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateFontIndirectA
PatBlt
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetDeviceCaps
SetBkMode

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

shell32

DragQueryFileA
DragFinish

comctl32

ord17
ImageList_Destroy

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

503b8663acf52579007e3ef9afa85466

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 15KB - Virtual size: 28KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 15KB - Virtual size: 28KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 16KB - Virtual size: 16KB