ApplySettingsTemplateCatalog[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ApplySettingsTemplateCatalog.exe
Size

1.1MB
MD5

8f5b9a4781a7dadd6c889a2bb09b6e44
SHA1

28196e9f7e4e3518717687be6c6563e868ee572e
SHA256

d1aefde42702f575d01ffeabc6432e82345e36b33d95f36bf24d1eb30f8f0b8a
SHA512

a1e23ad139d4de1aa2fb1bd2029cdc7c099ca9fa853b396d0296d87991959518980a6a6ccb8cdfc4c4a6abf65f2532f76df30f1414d9a6e1141e3cebb09c96e5
SSDEEP

24576:4L+Cn3og9M+uVkTl8FZPyGQCQ5ljB/uGwMEXWmXao:nWYgCk8/yDljB/uGwdXWmqo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ApplySettingsTemplateCatalog.exe

Files

ApplySettingsTemplateCatalog.exe
.exe windows:10 windows x64 arch:x64

3e780041691413f89f5a12897c62438f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ApplySettingsTemplateCatalog.pdb

Imports

advapi32

OpenProcessToken
EventSetInformation
EventRegister
EventWriteTransfer
RegCloseKey
RegDeleteKeyExW
EventUnregister
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegEnumValueW
RegGetValueW
RegCreateKeyExW
GetTokenInformation
EqualSid
CreateWellKnownSid
GetNamedSecurityInfoW
RegSetKeyValueW
RegQueryValueExW
RegDeleteTreeW
RegQueryInfoKeyW

kernel32

GetModuleFileNameW
lstrlenA
LoadLibraryExW
FreeLibrary
AcquireSRWLockShared
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LocalAlloc
TlsGetValue
SystemTimeToFileTime
TlsAlloc
TlsSetValue
ResetEvent
OpenEventA
AreFileApisANSI
GetCurrentDirectoryW
DeviceIoControl
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetFileTime
GetFileSize
DeleteFileW
SetEvent
SetFileAttributesW
GetComputerNameExW
GetFileAttributesW
CreateFileW
ExpandEnvironmentStringsW
WriteFile
CreateEventA
ReadFile
IsDebuggerPresent
DebugBreak
GetProcessHeap
CreateMutexExW
GetProcAddress
GetLocalTime
HeapAlloc
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
ProcessIdToSessionId
LocalUnlock
LocalFree
HeapSetInformation
CloseHandle
GetLastError
FormatMessageW
GetCurrentProcess
LocalLock
GetProcessMitigationPolicy
FormatMessageA
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
EncodePointer
DecodePointer
InitializeCriticalSectionEx
GetLocaleInfoW
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
TerminateProcess
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
ReleaseMutex

msvcrt

exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
isdigit
isalnum
memcmp
___lc_collate_cp_func
memchr
tolower
isspace
_Strftime
_Gettnames
__mb_cur_max
_Wcsftime
_W_Gettnames
_W_Getmonths
_W_Getdays
_Getmonths
_Getdays
memcpy_s
_wsetlocale
__crtLCMapStringA
__crtLCMapStringW
__crtCompareStringA
__crtCompareStringW
??8type_info@@QEBAHAEBV0@@Z
_wcsdup
memset
localeconv
strcspn
sprintf_s
ldexp
realloc
abort
islower
_ismbblead
___mb_cur_max_func
calloc
___lc_codepage_func
___lc_handle_func
_vsnwprintf
fputc
fflush
fclose
fgetc
fwrite
swprintf_s
_cexit
fgetpos
setvbuf
ungetc
fsetpos
_fseeki64
wcscmp
_wcsicmp
_stricmp
strerror
__uncaught_exception
fseek
_wfsopen
__setusermatherr
_initterm
__C_specific_handler
_wcmdln
_fmode
_commode
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
__CxxFrameHandler4
isupper
__pctype_func
setlocale
_unlock
_lock
_errno
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@XZ
_callnewh
malloc
free
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
_wtoi
strchr
memmove_s
time
_wcsnicmp
mbstowcs_s
wprintf
??_V@YAXPEAX@Z
_exit
_vsnprintf_s
?name@type_info@@QEBAPEBDXZ

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocString
VariantClear

ole32

OleRun
CoTaskMemFree
CLSIDFromString
CoUninitialize
CoInitializeEx
CoCreateInstance
CLSIDFromProgID

shell32

SHGetKnownFolderPath

activeds

ord3

Sections

.text
Size: 820KB - Virtual size: 819KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e780041691413f89f5a12897c62438f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

oleaut32

ole32

shell32

activeds

Sections

.text Size: 820KB - Virtual size: 819KB

.rdata Size: 200KB - Virtual size: 198KB

.data Size: 28KB - Virtual size: 33KB

.pdata Size: 32KB - Virtual size: 31KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 820KB - Virtual size: 819KB

.rdata
Size: 200KB - Virtual size: 198KB

.data
Size: 28KB - Virtual size: 33KB

.pdata
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB