KrampUI (1)[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

KrampUI (1).exe
Size

12.5MB
MD5

287cf4d20a1745903f5036501def2ba3
SHA1

775d726e5345bfa1153722eb5f9bf7f0886341f0
SHA256

c1c42defd2b38333f15827403ceec00f72c88669b3915ba9ea8241f952bb71c7
SHA512

7f3743bdbb18ca496efde360553c3b1ec42457e45cfe55d1c9850b98bf818577b785ea0b4be6b3f5b550f80e3258c406ccd96488ea2016e50ec882ea35ee0b6d
SSDEEP

98304:AMvrD7hx7ss4MLxO4hZLfbXTDfq5BRoMgWrIik8R5puLefAC5cQzdjrrtuT1xFqT:xhRyqOYLefAsTLgnvR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
KrampUI (1).exe

Files

KrampUI (1).exe
.exe windows:6 windows x64 arch:x64

edcf2edafa57e54752cb6fb7d714271d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

SystemFunction036
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
OpenProcessToken
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW

ws2_32

getsockname
send
listen
shutdown
getsockopt
WSAIoctl
WSARecv
WSASend
getpeername
WSAGetOverlappedResult
bind
WSASocketW
recv
WSACleanup
closesocket
connect
ioctlsocket
WSAStartup
freeaddrinfo
getaddrinfo
setsockopt
WSAGetLastError

kernel32

TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
TlsFree
LoadLibraryExW
OutputDebugStringW
OutputDebugStringA
HeapFree
CreateIoCompletionPort
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
QueryPerformanceCounter
GetLastError
SetFileCompletionNotificationModes
SleepConditionVariableSRW
GetQueuedCompletionStatusEx
WakeConditionVariable
CloseHandle
SwitchToThread
CancelIoEx
FindClose
RemoveDirectoryW
MoveFileExW
CopyFileExW
GetStdHandle
GetConsoleMode
SetConsoleMode
CreateMutexW
GetModuleHandleW
FindFirstFileW
GetCurrentThreadId
lstrlenW
ReleaseMutex
WaitForMultipleObjects
GetOverlappedResult
WaitForSingleObject
GetExitCodeProcess
SetEnvironmentVariableW
CompareStringOrdinal
CreatePipe
TryAcquireSRWLockExclusive
CreateWaitableTimerExW
Sleep
SetWaitableTimer
AddVectoredExceptionHandler
SetThreadStackGuarantee
HeapReAlloc
GlobalFree
GlobalUnlock
GetFileType
GetFileInformationByHandleEx
PostQueuedCompletionStatus
SetHandleInformation
GetModuleHandleA
GetProcAddress
WakeAllConditionVariable
GetSystemInfo
QueryPerformanceFrequency
GetUserDefaultLocaleName
GetNativeSystemInfo
GlobalLock
GlobalSize
MultiByteToWideChar
GlobalAlloc
GetProcessId
TerminateProcess
GetCurrentThread
WriteConsoleW
SetLastError
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
CreateEventW
CancelIo
ReadFile
ExitProcess
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
ReadProcessMemory
VirtualQueryEx
LocalFree
GlobalMemoryStatusEx
K32GetPerformanceInfo
OpenProcess
LoadLibraryW
LoadLibraryExA
FreeLibrary
SetFilePointerEx
GetUserDefaultUILanguage
LCIDToLocaleName

ntdll

NtQueryInformationProcess
RtlGetVersion
NtReadFile
NtQuerySystemInformation
NtCancelIoFileEx
NtDeviceIoControlFile
RtlNtStatusToDosError
NtWriteFile
NtCreateFile
RtlGetNtVersionNumbers

user32

AdjustWindowRectEx
SystemParametersInfoA
DestroyWindow
GetDC
IsProcessDPIAware
GetClipboardData
IsClipboardFormatAvailable
RegisterTouchWindow
GetSystemMetrics
AppendMenuW
TrackPopupMenu
SetMenuItemInfoW
PostQuitMessage
CreateMenu
CreatePopupMenu
UnregisterHotKey
RegisterHotKey
ClipCursor
DispatchMessageA
GetClipCursor
GetSystemMenu
ShowWindow
SetWindowLongW
CreateIcon
EnumChildWindows
RegisterWindowMessageA
ShowCursor
GetKeyboardState
AttachThreadInput
GetKeyState
CallNextHookEx
VkKeyScanW
MapVirtualKeyExW
GetAsyncKeyState
EmptyClipboard
PostMessageW
ToUnicodeEx
GetKeyboardLayout
GetWindowThreadProcessId
SetClipboardData
OpenClipboard
DestroyAcceleratorTable
DestroyIcon
MsgWaitForMultipleObjectsEx
GetMessageA
SetWindowsHookExA
SetCursorPos
GetWindowTextW
SetWindowDisplayAffinity
GetWindowTextLengthW
SendInput
SetForegroundWindow
GetForegroundWindow
SetWindowTextW
IsIconic
IsWindowVisible
GetMenu
GetActiveWindow
SetMenu
EnumDisplayMonitors
MonitorFromPoint
CheckMenuItem
EnableMenuItem
CloseClipboard
IsWindow
RegisterClassW
CreateAcceleratorTableW
GetCursorPos
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
ReleaseCapture
TrackMouseEvent
SetCapture
MonitorFromRect
GetWindowRect
ClientToScreen
GetWindowLongPtrW
InvalidateRgn
SetWindowPos
MonitorFromWindow
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
GetMonitorInfoW
SetCursor
LoadCursorW
FlashWindowEx
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
MapVirtualKeyW
GetUpdateRect
PeekMessageW
PostThreadMessageW
ValidateRect
GetRawInputData
RegisterRawInputDevices
GetMessageW
DefWindowProcW
SendMessageW
SetWindowLongPtrW
CreateWindowExW
RegisterClassExW
FindWindowW
GetClientRect
RedrawWindow
MessageBoxW
GetWindowLongW

shell32

SHGetKnownFolderPath
ShellExecuteW
Shell_NotifyIconGetRect
Shell_NotifyIconW
CommandLineToArgvW
DragQueryFileW
DragFinish
SHCreateItemFromParsingName
SHAppBarMessage

crypt32

CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateStore
CertFreeCertificateContext
CertGetCertificateChain
CertDuplicateCertificateChain
CertAddCertificateContextToStore
CertOpenStore
CertDuplicateCertificateContext
CertCloseStore
CertEnumCertificatesInStore

bcrypt

BCryptGenRandom

comctl32

RemoveWindowSubclass
SetWindowSubclass
DefSubclassProc
TaskDialogIndirect

ole32

RevokeDragDrop
RegisterDragDrop
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
OleInitialize
CoInitializeEx
CoCreateInstance
CreateStreamOnHGlobal

secur32

AcquireCredentialsHandleA
DecryptMessage
QueryContextAttributesW
AcceptSecurityContext
FreeContextBuffer
FreeCredentialsHandle
DeleteSecurityContext
ApplyControlToken
EncryptMessage
InitializeSecurityContextW

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

pdh

PdhCloseQuery
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhRemoveCounter
PdhOpenQueryA
PdhCollectQueryData

powrprof

CallNtPowerInformation

uxtheme

SetWindowTheme

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

oleaut32

SetErrorInfo
SysFreeString
SysStringLen
GetErrorInfo

api-ms-win-crt-string-l1-1-0

wcsncmp
strlen
wcslen
_wcsicmp
strcpy_s

api-ms-win-crt-math-l1-1-0

pow
floor
trunc
round
__setusermatherr

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
exit
_initterm_e
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_get_initial_narrow_environment
_set_app_type
_initialize_narrow_environment
_seh_filter_exe
abort
_exit
_initialize_onexit_table
_configure_narrow_argv
terminate
_crt_atexit
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
calloc
free
_callnewh

Sections

.text
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 359KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edcf2edafa57e54752cb6fb7d714271d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ws2_32

kernel32

ntdll

user32

shell32

crypt32

bcrypt

comctl32

ole32

secur32

psapi

pdh

powrprof

uxtheme

gdi32

dwmapi

oleaut32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 8.0MB - Virtual size: 8.0MB

.rdata Size: 4.0MB - Virtual size: 4.0MB

.data Size: 2KB - Virtual size: 14KB

.pdata Size: 359KB - Virtual size: 358KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 8.0MB - Virtual size: 8.0MB

.rdata
Size: 4.0MB - Virtual size: 4.0MB

.data
Size: 2KB - Virtual size: 14KB

.pdata
Size: 359KB - Virtual size: 358KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 44KB - Virtual size: 43KB