krampui-rewrite[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

krampui-rewrite.exe
Size

13.6MB
MD5

fda4256bed21eb13ec54420d79cf51e4
SHA1

ae5d0619e4ceedb99366d519c6b6dfbde012ba65
SHA256

6fa55ce6df381aababf26264dadbd7747d7e7b088cf56b4a61809650597403db
SHA512

05edc2f9359529f81affaae1e1b94f6bd93f1e8935e7eae5e82c49d567a1733a05e951c9353cee40e33cac06b22ad1078523b1dc7fbe37209bdcd78c4ac9fe6e
SSDEEP

196608:4Z9ntlQRbgUUHLenCucW+ylIxnc/imV3LxDxY:4ZBtGRbz4Buvqn8imV3Lhm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
krampui-rewrite.exe

Files

krampui-rewrite.exe
.exe windows:6 windows x64 arch:x64

88e3a0d84453c6065b1a18395ae6e1f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

ImpersonateAnonymousToken
RevertToSelf
SystemFunction036
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW

ws2_32

getsockname
send
WSACleanup
getpeername
listen
WSAStartup
freeaddrinfo
getaddrinfo
shutdown
getsockopt
connect
WSARecv
WSASend
WSASocketW
ioctlsocket
setsockopt
WSAGetOverlappedResult
WSAIoctl
bind
closesocket
WSAGetLastError
recv

kernel32

TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
TlsFree
LoadLibraryExW
OutputDebugStringW
OutputDebugStringA
HeapFree
HeapReAlloc
GetLastError
GlobalFree
GlobalUnlock
GetCurrentThread
CreateWaitableTimerExW
Sleep
SetWaitableTimer
CloseHandle
WaitForSingleObject
lstrlenW
QueryPerformanceCounter
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SwitchToThread
ReleaseMutex
CreateMutexW
GetModuleHandleW
GetCurrentThreadId
CompareStringOrdinal
CreatePipe
TryAcquireSRWLockExclusive
WaitForMultipleObjects
GetOverlappedResult
GetExitCodeProcess
SetFileCompletionNotificationModes
GlobalLock
GlobalSize
MultiByteToWideChar
GlobalAlloc
GetModuleHandleA
GetProcAddress
GetUserDefaultLocaleName
GetSystemInfo
GetNativeSystemInfo
CreateIoCompletionPort
SleepConditionVariableSRW
GetQueuedCompletionStatusEx
WakeConditionVariable
CancelIoEx
FindFirstFileW
FindClose
AddVectoredExceptionHandler
SetThreadStackGuarantee
SetEnvironmentVariableW
RemoveDirectoryW
CopyFileExW
PostQueuedCompletionStatus
SetHandleInformation
GetProcessHeap
WakeAllConditionVariable
QueryPerformanceFrequency
GetProcessId
TerminateProcess
GetStdHandle
GetConsoleMode
WriteConsoleW
SetLastError
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
CreateEventW
CancelIo
ReadFile
ExitProcess
GetSystemTimeAsFileTime
HeapAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
MoveFileExW
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
ReadProcessMemory
VirtualQueryEx
LocalFree
GlobalMemoryStatusEx
K32GetPerformanceInfo
OpenProcess
LoadLibraryW
SetFilePointerEx
FreeLibrary
LoadLibraryExA
GetUserDefaultUILanguage
LCIDToLocaleName

ntdll

NtQuerySystemInformation
NtCancelIoFileEx
NtDeviceIoControlFile
NtQueryInformationProcess
NtWriteFile
RtlGetVersion
RtlNtStatusToDosError
NtReadFile
NtCreateFile

user32

PostQuitMessage
EnumDisplayMonitors
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
AdjustWindowRectEx
SystemParametersInfoA
OpenClipboard
GetDC
IsProcessDPIAware
AppendMenuW
TrackPopupMenu
CreateMenu
CreatePopupMenu
UnregisterHotKey
RegisterHotKey
SetMenuItemInfoW
DispatchMessageA
DestroyAcceleratorTable
ShowCursor
ClipCursor
GetClipCursor
EnumChildWindows
CloseClipboard
CreateAcceleratorTableW
GetKeyboardState
AttachThreadInput
GetKeyState
CallNextHookEx
ToUnicodeEx
GetKeyboardLayout
GetWindowThreadProcessId
TranslateAcceleratorW
GetSystemMenu
ShowWindow
SetWindowLongW
CreateIcon
GetAsyncKeyState
GetAncestor
GetUpdateRect
ValidateRect
GetRawInputData
RegisterWindowMessageA
ChangeDisplaySettingsExW
RegisterTouchWindow
IsWindow
RegisterClassW
SetCursorPos
SendInput
MapVirtualKeyW
SetForegroundWindow
GetForegroundWindow
InvalidateRgn
FlashWindowEx
GetActiveWindow
SetWindowDisplayAffinity
IsIconic
IsWindowVisible
GetMenu
SetMenu
MonitorFromPoint
CheckMenuItem
EnableMenuItem
VkKeyScanW
RegisterRawInputDevices
DestroyIcon
GetSystemMetrics
SetClipboardData
EmptyClipboard
GetClipboardData
IsClipboardFormatAvailable
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
SetCursor
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
RedrawWindow
ReleaseCapture
TrackMouseEvent
SetCapture
MonitorFromRect
LoadCursorW
GetWindowPlacement
GetWindowRect
ClientToScreen
GetClientRect
GetWindowLongW
MapVirtualKeyExW
GetMessageA
SetWindowsHookExA
PostMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
PeekMessageW
DispatchMessageW
GetMessageW
PostThreadMessageW
DefWindowProcW
GetWindowLongPtrW
SendMessageW
SetWindowLongPtrW
CreateWindowExW
RegisterClassExW
FindWindowW
DestroyWindow
SetWindowPlacement

shell32

SHAppBarMessage
Shell_NotifyIconW
ShellExecuteW
SHGetKnownFolderPath
Shell_NotifyIconGetRect
SHCreateItemFromParsingName
DragQueryFileW
DragFinish
CommandLineToArgvW

ole32

RevokeDragDrop
CreateStreamOnHGlobal
CoInitializeEx
OleInitialize
CoUninitialize
RegisterDragDrop
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoIncrementMTAUsage

comctl32

DefSubclassProc
TaskDialogIndirect
RemoveWindowSubclass
SetWindowSubclass

crypt32

CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertDuplicateStore
CertGetCertificateChain
CertOpenStore
CertAddCertificateContextToStore
CertFreeCertificateChain
CertCloseStore
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertDuplicateCertificateChain

gdi32

CreateRectRgn
GetDeviceCaps
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

oleaut32

SetErrorInfo
GetErrorInfo
SysFreeString
SysStringLen

bcrypt

BCryptGenRandom

secur32

FreeCredentialsHandle
DecryptMessage
DeleteSecurityContext
QueryContextAttributesW
FreeContextBuffer
InitializeSecurityContextW
AcquireCredentialsHandleA
EncryptMessage
ApplyControlToken
AcceptSecurityContext

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

pdh

PdhAddEnglishCounterW
PdhCloseQuery
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhOpenQueryA
PdhCollectQueryData

powrprof

CallNtPowerInformation

uxtheme

SetWindowTheme

api-ms-win-crt-string-l1-1-0

wcsncmp
_wcsicmp
wcslen
strlen
strcpy_s

api-ms-win-crt-math-l1-1-0

round
__setusermatherr
floor
pow
trunc

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

_exit
_initterm_e
__p___argc
__p___argv
_initterm
_cexit
abort
exit
_configure_narrow_argv
terminate
_crt_atexit
_get_initial_narrow_environment
_register_onexit_function
_initialize_onexit_table
_seh_filter_exe
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

malloc
calloc
_set_new_mode
_callnewh
free

Sections

.text
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88e3a0d84453c6065b1a18395ae6e1f5

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ws2_32

kernel32

ntdll

user32

shell32

ole32

comctl32

crypt32

gdi32

dwmapi

api-ms-win-core-winrt-l1-1-0

oleaut32

bcrypt

secur32

psapi

pdh

powrprof

uxtheme

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 7.0MB - Virtual size: 7.0MB

.rdata Size: 6.2MB - Virtual size: 6.2MB

.data Size: 1KB - Virtual size: 13KB

.pdata Size: 309KB - Virtual size: 309KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 38KB - Virtual size: 37KB

.text
Size: 7.0MB - Virtual size: 7.0MB

.rdata
Size: 6.2MB - Virtual size: 6.2MB

.data
Size: 1KB - Virtual size: 13KB

.pdata
Size: 309KB - Virtual size: 309KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 38KB - Virtual size: 37KB