KrampUI[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

KrampUI.exe
Size

19.8MB
MD5

8cf778face3c9f5729d5c47a8f09c85b
SHA1

26df06a7827cb32526925c4f3ccdb5e74d9b53af
SHA256

edcd285331c398df72997e4b97f8443db1be232a51e5d9e5f39dd2b54dc91fdb
SHA512

880406fcda4bf7b936ac712a8572f7def6e27b3ce942ec0a8cd12a3bad6da569c586cd5703a4f3b7b0304e248df1a08e8df4718d4d5204f52390c3732269e886
SSDEEP

196608:4tNyafEM878Hb0R4be4V3M0SxLecEFeKqNcc4UcOwi2bUKECy8m9/Zw:6NyafEM8AHb0RMMZObThi2bVEYu/Zw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
KrampUI.exe

Files

KrampUI.exe
.exe windows:6 windows x64 arch:x64

0036a8dc347bc42acd562060f07c0be4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\Projects\KrampUI\src-tauri\target\release\deps\krampui.pdb

Imports

advapi32

SystemFunction036
OpenProcessToken
GetTokenInformation
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
IsValidSid
GetLengthSid
CopySid
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW

ws2_32

getaddrinfo
freeaddrinfo
WSACleanup
WSAStartup
shutdown
WSAIoctl
closesocket
WSAGetLastError
WSARecv
WSASend
WSAGetOverlappedResult
setsockopt
getsockopt
ioctlsocket
listen
getpeername
getsockname
bind
connect
send
recv
WSASocketW

kernel32

TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
TlsFree
CreateMutexA
WaitForSingleObjectEx
GetTempPathW
GetSystemTimeAsFileTime
GetCurrentThread
CreateThread
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
CloseHandle
GetModuleHandleW
GetLastError
ReleaseMutex
CreateMutexW
SetFileCompletionNotificationModes
CancelIoEx
SleepConditionVariableSRW
ReadFile
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetHandleInformation
GetProcessHeap
HeapFree
OpenProcess
HeapAlloc
LocalFree
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
GetExitCodeProcess
VirtualQueryEx
ReadProcessMemory
GetSystemInfo
GetCurrentProcessId
CreateFileW
GlobalMemoryStatusEx
K32GetPerformanceInfo
LoadLibraryExA
GetProcAddress
FreeLibrary
CreateEventW
WaitForSingleObject
FormatMessageW
GetStdHandle
GetConsoleMode
SetConsoleMode
ReleaseSRWLockShared
AcquireSRWLockShared
GetModuleHandleA
GetNativeSystemInfo
lstrlenW
GetUserDefaultLocaleName
LoadLibraryA
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
GetUserDefaultUILanguage
LCIDToLocaleName
LoadLibraryW
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
LoadLibraryExW
GetEnvironmentVariableW
Sleep
GetCurrentProcess
DuplicateHandle
CreatePipe
GetOverlappedResult
GetFileInformationByHandle
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
SetEnvironmentVariableW
GetCommandLineW
SetFileInformationByHandle
SetFilePointerEx
WriteFileEx
SleepEx
TerminateProcess
GetProcessId
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceFrequency
HeapReAlloc
FindNextFileW
FindClose
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
MoveFileExW
RemoveDirectoryW
GetFinalPathNameByHandleW
CopyFileExW
CancelIo
GetFileType
ExitProcess
GetFullPathNameW
CreateNamedPipeW
ReadFileEx
WaitForMultipleObjects

ntdll

RtlNtStatusToDosError
RtlGetNtVersionNumbers
NtQuerySystemInformation
NtQueryInformationProcess
NtCreateFile
NtReadFile
NtCancelIoFileEx
NtWriteFile
NtDeviceIoControlFile
RtlGetVersion

user32

UnregisterHotKey
GetRawInputData
TrackPopupMenu
GetWindowThreadProcessId
SetWindowsHookExA
DispatchMessageA
SetForegroundWindow
AdjustWindowRectEx
ShowCursor
SetCapture
MsgWaitForMultipleObjectsEx
GetClipCursor
ToUnicodeEx
ClipCursor
GetWindowTextW
GetWindowTextLengthW
RegisterRawInputDevices
SetWindowTextW
MonitorFromPoint
RegisterWindowMessageA
EnumChildWindows
EnumDisplayMonitors
RegisterClipboardFormatW
SetWindowDisplayAffinity
GetWindowRect
GetSystemMenu
SetWindowLongW
CreateIcon
PostQuitMessage
ShowWindow
CreateAcceleratorTableW
CloseClipboard
GetDC
SetClipboardData
EmptyClipboard
GetClipboardData
IsClipboardFormatAvailable
AppendMenuW
CreatePopupMenu
CreateMenu
CheckMenuItem
SetMenuItemInfoW
EnableMenuItem
DestroyAcceleratorTable
RegisterHotKey
VkKeyScanW
MapVirtualKeyExW
GetAsyncKeyState
GetWindowLongPtrW
SetWindowLongPtrW
SendMessageW
RegisterClassExW
FindWindowW
MessageBoxW
GetMessageA
OpenClipboard
DestroyIcon
GetKeyboardLayout
RegisterTouchWindow
GetSystemMetrics
SetCursorPos
GetForegroundWindow
GetActiveWindow
IsIconic
SetMenu
ReleaseCapture
IsWindow
CreateWindowExW
RegisterClassW
InvalidateRgn
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
IsWindowVisible
SetCursor
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
TrackMouseEvent
MonitorFromRect
LoadCursorW
ClientToScreen
GetClientRect
GetWindowLongW
IsProcessDPIAware
FlashWindowEx
DefWindowProcW
PostMessageW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
GetUpdateRect
PeekMessageW
PostThreadMessageW
ValidateRect
RedrawWindow
DestroyWindow
SendInput
GetKeyboardState
AttachThreadInput
GetKeyState
CallNextHookEx
SystemParametersInfoA
GetMenu

comctl32

RemoveWindowSubclass
DefSubclassProc
SetWindowSubclass
TaskDialogIndirect

ole32

CoInitializeEx
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
OleInitialize
CoTaskMemFree
RevokeDragDrop
RegisterDragDrop

shell32

CommandLineToArgvW
DragFinish
Shell_NotifyIconW
DragQueryFileW
SHCreateItemFromParsingName
SHGetKnownFolderPath
SHAppBarMessage
ShellExecuteW
Shell_NotifyIconGetRect

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

pdh

PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhCollectQueryData
PdhOpenQueryA

powrprof

CallNtPowerInformation

secur32

AcceptSecurityContext
InitializeSecurityContextW
FreeCredentialsHandle
EncryptMessage
QueryContextAttributesW
FreeContextBuffer
DecryptMessage
AcquireCredentialsHandleA
ApplyControlToken
DeleteSecurityContext

oleaut32

SysStringLen
SetErrorInfo
SysFreeString
GetErrorInfo

crypt32

CertDuplicateCertificateChain
CertFreeCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateContext
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext

uxtheme

SetWindowTheme

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

__setusermatherr
floor
round
trunc
pow

api-ms-win-crt-string-l1-1-0

wcsncmp
wcslen
strlen
strcpy_s
_wcsicmp

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
calloc
free
malloc

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_crt_atexit
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_register_onexit_function
__p___argc
abort
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
__p___argv
_configure_narrow_argv
_set_app_type
_seh_filter_exe
strerror

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.6MB - Virtual size: 10.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 433KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0036a8dc347bc42acd562060f07c0be4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

ws2_32

kernel32

ntdll

user32

comctl32

ole32

shell32

gdi32

dwmapi

psapi

pdh

powrprof

secur32

oleaut32

crypt32

uxtheme

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 8.6MB - Virtual size: 8.6MB

.rdata Size: 10.6MB - Virtual size: 10.6MB

.data Size: 21KB - Virtual size: 33KB

.pdata Size: 433KB - Virtual size: 433KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 80KB - Virtual size: 79KB

.text
Size: 8.6MB - Virtual size: 8.6MB

.rdata
Size: 10.6MB - Virtual size: 10.6MB

.data
Size: 21KB - Virtual size: 33KB

.pdata
Size: 433KB - Virtual size: 433KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 80KB - Virtual size: 79KB