dcgpofix[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

dcgpofix.exe
Size

80KB
MD5

bc83a44f0693215c17a7baa27888e60a
SHA1

61ebfc409ea0a2d459e9df9a3e33a25791ef67cf
SHA256

6c5dee4c236c92f1b9c409dd2fcb17a58a1a5cd15fa13dda4e637d41716e744a
SHA512

f85491aa4cae3cf34b8780c18f235f76f9bf702c9ee2b6f7a024cd707ef048e59bce7733935d98ada81dc96b81144febca9fc9cd298a322615227495ca89f1bd
SSDEEP

1536:4JPbEpRrebdHsfxmiPWwGe3g7sOhmsuaQA+6VQDpmDFIIdZT:sbEplMsZmiPWwOFhmsZ5+6VQDpmDFfd1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcgpofix.exe

Files

dcgpofix.exe
.exe windows:10 windows x64 arch:x64

e234477cbbf02e6cbbc82d9abe9c96a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dcgpofix.pdb

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
CheckTokenMembership
SetThreadToken
OpenProcessToken
RegEnumKeyExW
GetSecurityDescriptorOwner
DuplicateTokenEx
SetNamedSecurityInfoW
GetSecurityDescriptorGroup
RegQueryInfoKeyW
RegCloseKey
GetSecurityDescriptorDacl
AdjustTokenPrivileges
GetSecurityDescriptorSacl
OpenThreadToken
ConvertStringSidToSidW
RegQueryValueExW

kernel32

SetConsoleTextAttribute
FindNextFileW
GetCurrentProcess
GetConsoleOutputCP
ReadFile
WriteFile
RemoveDirectoryW
SetThreadUILanguage
SetEndOfFile
FindClose
LocalAlloc
CreateFileW
SetFileAttributesW
GetConsoleScreenBufferInfo
FormatMessageW
GetLastError
GetCurrentThread
DeleteFileW
CloseHandle
RaiseException
HeapSetInformation
GetWindowsDirectoryW
WriteConsoleW
LocalFree
GetFileSize
GetModuleHandleW
CompareStringW
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateDirectoryW
FindFirstFileW
GetStdHandle

msvcrt

__set_app_type
??3@YAXPEAX@Z
__wgetmainargs
_amsg_exit
_exit
_XcptFilter
_cexit
__setusermatherr
_initterm
memmove
__C_specific_handler
_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
memcpy
__CxxFrameHandler3
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
exit
__CxxFrameHandler4
__iob_func
??_V@YAXPEAX@Z
_vsnwprintf
_purecall
_callnewh
malloc
_wsetlocale
_wfopen
fgetwc
iswdigit
_ultow
wprintf_s
fclose

oleaut32

VariantInit
SysFreeString
VariantClear
VariantChangeType
SysAllocString

srvcli

NetShareGetInfo

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoCreateInstance
CoInitializeEx
CoUninitialize

logoncli

DsGetDcNameW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

netutils

NetApiBufferFree

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-security-base-l1-1-0

InitializeAcl
GetLengthSid
AddAuditAccessObjectAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAccessAllowedAceEx
GetAce
AddAccessAllowedObjectAce
CopySid

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

activeds

ord3
ord9

ntdsapi

DsFreeNameResultW
DsCrackNamesW

scecli

SceOpenProfile
SceDcPromoCreateGPOsInSysvol
SceGetSecurityProfileInfo
SceWriteSecurityProfileInfo
SceCloseProfile
SceFreeProfileMemory

user32

MessageBeep

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e234477cbbf02e6cbbc82d9abe9c96a8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

oleaut32

srvcli

dsrole

api-ms-win-core-com-l1-1-0

logoncli

api-ms-win-core-libraryloader-l1-2-0

netutils

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-security-sddl-l1-1-0

activeds

ntdsapi

scecli

user32

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 4KB

.pdata Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 468B

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 468B