KrampUI[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

KrampUI.exe
Size

16.9MB
MD5

4895023a734b9ed158e3c9abd3183e41
SHA1

c19ecd34798b2178bc3df1380226fbea3b3d6c36
SHA256

f53b6fc1294b0a20d5bf127c42f968a9c560df6bc4da073bfa0445b0dfc5de43
SHA512

e2296640a7294b89ae73cf3b7dffff06361f90f206ee77299825e0833bd36d1e9e8e1bc4d74fc85f82677407fa4eccf0eb5efc8b649259b2cdc9f16f7cf17254
SSDEEP

196608:a8My2G9U/ed3uu9MSuU68y8fbgvF+M5ZLelGt64UcxE7ZM9t:a8My2G9U0+1xqTCwML9d1Ee9t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
KrampUI.exe

Files

KrampUI.exe
.exe windows:6 windows x64 arch:x64

1f7417a48051ef81cb64d6becc5aaf98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtCancelIoFileEx
RtlNtStatusToDosError
NtQuerySystemInformation
NtCreateFile
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
NtReadFile
RtlGetNtVersionNumbers
NtQueryInformationProcess
RtlGetVersion
NtDeviceIoControlFile
RtlUnwindEx
NtWriteFile
RtlPcToFileHeader

kernel32

GlobalMemoryStatusEx
K32GetPerformanceInfo
GetTempPathW
GetSystemTimeAsFileTime
GetCurrentThread
CreateThread
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
CreateFileW
SleepConditionVariableSRW
TryAcquireSRWLockExclusive
LoadLibraryExA
GetProcAddress
FreeLibrary
GetWindowsDirectoryW
GetSystemDirectoryW
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
ReadFileEx
CreateNamedPipeW
FormatMessageW
GetFullPathNameW
ExitProcess
CancelIo
CopyFileExW
GetFinalPathNameByHandleW
ReleaseSRWLockShared
AcquireSRWLockShared
GetModuleHandleA
RemoveDirectoryW
lstrlenW
MoveFileExW
GetUserDefaultLocaleName
DeleteFileW
LoadLibraryA
GlobalUnlock
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
GlobalLock
GlobalSize
FindClose
GlobalAlloc
FindNextFileW
HeapReAlloc
QueryPerformanceFrequency
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
WakeConditionVariable
WaitForSingleObjectEx
WakeAllConditionVariable
GetProcessId
TerminateProcess
SleepEx
WriteFileEx
GetStdHandle
GetUserDefaultUILanguage
LCIDToLocaleName
SetFilePointerEx
LoadLibraryW
SetFileInformationByHandle
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
QueryPerformanceCounter
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
GetConsoleMode
GetFileInformationByHandle
SetFileCompletionNotificationModes
GetOverlappedResult
ReadFile
CreateMutexA
GetCurrentProcessId
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetHandleInformation
ReadProcessMemory
VirtualQueryEx
GetExitCodeProcess
GetProcessIoCounters
GetSystemTimes
GetProcessTimes
LocalFree
HeapAlloc
OpenProcess
HeapFree
GetProcessHeap
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
TlsFree
GetSystemInfo
GetLastError
LoadLibraryExW
CreateMutexW
GetEnvironmentVariableW
ReleaseMutex
GetCurrentThreadId
Sleep
GetCurrentProcess
DuplicateHandle
CreatePipe
GetModuleHandleW
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CloseHandle
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
RaiseException
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
OutputDebugStringW

user32

DispatchMessageA
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterWindowMessageA
EnumChildWindows
SetWindowDisplayAffinity
RegisterHotKey
CreateIcon
RegisterClipboardFormatW
DestroyIcon
CloseClipboard
UnregisterHotKey
GetDC
SetClipboardData
EmptyClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
SetWindowLongW
GetRawInputData
ShowWindow
GetSystemMenu
SendInput
GetKeyboardState
AttachThreadInput
EnableMenuItem
CallNextHookEx
ToUnicodeEx
PostQuitMessage
GetKeyboardLayout
CreateAcceleratorTableW
SetWindowsHookExA
AppendMenuW
CheckMenuItem
GetClipCursor
ClipCursor
SetForegroundWindow
TrackPopupMenu
CreatePopupMenu
EnumDisplayMonitors
MonitorFromPoint
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
GetWindowRect
AdjustWindowRectEx
CreateMenu
IsWindowVisible
SetMenuItemInfoW
SystemParametersInfoA
DestroyAcceleratorTable
VkKeyScanW
SetCapture
RedrawWindow
GetClientRect
GetCursorPos
ReleaseCapture
MapVirtualKeyExW
ShowCursor
GetAsyncKeyState
PostMessageW
SetMenu
IsIconic
GetKeyState
GetActiveWindow
GetWindowThreadProcessId
FlashWindowEx
ClientToScreen
GetForegroundWindow
SetCursorPos
SetWindowPos
InvalidateRgn
LoadCursorW
SetCursor
PeekMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
GetWindowLongPtrW
SetWindowLongPtrW
SendMessageW
FindWindowW
SetWindowPlacement
GetWindowPlacement
ChangeDisplaySettingsExW
GetMonitorInfoW
MonitorFromWindow
GetMenu
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
TrackMouseEvent
MonitorFromRect
GetWindowLongW
IsWindow
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
GetUpdateRect
PostThreadMessageW
ValidateRect
DefWindowProcW
RegisterClassExW
GetMessageA
RegisterClassW
DestroyWindow
IsProcessDPIAware
RegisterTouchWindow
GetSystemMetrics

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

ole32

CoTaskMemFree
OleInitialize
RegisterDragDrop
RevokeDragDrop
CoInitializeEx
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal

comctl32

DefSubclassProc
SetWindowSubclass
RemoveWindowSubclass
TaskDialogIndirect

shell32

SHAppBarMessage
Shell_NotifyIconGetRect
Shell_NotifyIconW
CommandLineToArgvW
ShellExecuteW
SHGetKnownFolderPath
SHCreateItemFromParsingName
DragQueryFileW
DragFinish

pdh

PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhOpenQueryA
PdhCollectQueryData

powrprof

CallNtPowerInformation

advapi32

RegOpenKeyExW
RegCloseKey
CopySid
GetLengthSid
IsValidSid
RegQueryValueExW
RegGetValueW
GetTokenInformation
OpenProcessToken
EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation
SystemFunction036

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

secur32

QueryContextAttributesW
AcquireCredentialsHandleA
EncryptMessage
FreeContextBuffer
FreeCredentialsHandle
ApplyControlToken
AcceptSecurityContext
DeleteSecurityContext
DecryptMessage
InitializeSecurityContextW

oleaut32

SetErrorInfo
SysFreeString
GetErrorInfo
SysStringLen

uxtheme

SetWindowTheme

bcrypt

BCryptGenRandom

ws2_32

bind
ioctlsocket
getpeername
connect
WSASocketW
getsockopt
getsockname
shutdown
recv
send
WSASend
setsockopt
WSAIoctl
closesocket
WSAGetLastError
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo

crypt32

CertOpenStore
CertCloseStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertDuplicateStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateCertificateContext
CertFreeCertificateContext

api-ms-win-crt-string-l1-1-0

strcpy_s
wcslen
_wcsicmp
strlen
wcsncmp

api-ms-win-crt-math-l1-1-0

round
pow
__setusermatherr
trunc
floor

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
calloc
_callnewh
malloc

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
abort
strerror
_crt_atexit
terminate
_register_onexit_function
_register_thread_local_exe_atexit_callback
_c_exit
_seh_filter_exe
_cexit
__p___argv
__p___argc
_set_app_type
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9.8MB - Virtual size: 9.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f7417a48051ef81cb64d6becc5aaf98

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

gdi32

dwmapi

ole32

comctl32

shell32

pdh

powrprof

advapi32

psapi

secur32

oleaut32

uxtheme

bcrypt

ws2_32

crypt32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 6.6MB - Virtual size: 6.6MB

.rdata Size: 9.8MB - Virtual size: 9.8MB

.data Size: 13KB - Virtual size: 25KB

.pdata Size: 349KB - Virtual size: 348KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 65KB - Virtual size: 64KB

.text
Size: 6.6MB - Virtual size: 6.6MB

.rdata
Size: 9.8MB - Virtual size: 9.8MB

.data
Size: 13KB - Virtual size: 25KB

.pdata
Size: 349KB - Virtual size: 348KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 65KB - Virtual size: 64KB