krampui-rewrite[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

krampui-rewrite.exe
Size

14.9MB
MD5

838a0431974cdeb477c998f4a39c8b29
SHA1

faaccc4d0181fb9c6e6b1a73e1fee77c57824da0
SHA256

d714bd1458fcb68b2fd137445b66e6d7ca5d905b87a255f8b4378da02b94b5a6
SHA512

a08c0811233fb0d40fce1c918d867b1448a0ff73c3ceed1c5c9609ef6a9a90c58bc94d18d3c67271de5d75fe035886f87a2e240020de715778198516075d762e
SSDEEP

196608:WQJA6qLex78xbXslIxnc/imV3y8kVrH1MEWM:HA66vmqn8imV3y8kVrQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
krampui-rewrite.exe

Files

krampui-rewrite.exe
.exe windows:6 windows x64 arch:x64

74a6cf978c31181068f366186856ac3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

ImpersonateAnonymousToken
RevertToSelf
RegOpenKeyExW
RegQueryValueExW
SystemFunction036
RegCloseKey
OpenProcessToken
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW

ws2_32

getsockname
send
WSAGetOverlappedResult
WSASocketW
ioctlsocket
bind
closesocket
setsockopt
recv
WSAGetLastError
listen
WSACleanup
WSASend
WSARecv
WSAIoctl
connect
getsockopt
getpeername
shutdown
getaddrinfo
freeaddrinfo
WSAStartup

kernel32

TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
TlsFree
LoadLibraryExW
OutputDebugStringW
OutputDebugStringA
HeapFree
HeapReAlloc
GetLastError
GlobalFree
GlobalUnlock
GetCurrentThread
CreateWaitableTimerExW
Sleep
SetWaitableTimer
CloseHandle
WaitForSingleObject
lstrlenW
QueryPerformanceCounter
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SwitchToThread
WaitForMultipleObjects
GetOverlappedResult
GetExitCodeProcess
GetCurrentThreadId
GetModuleHandleW
CompareStringOrdinal
CreatePipe
TryAcquireSRWLockExclusive
SetEnvironmentVariableW
AddVectoredExceptionHandler
SetThreadStackGuarantee
ReleaseMutex
CreateMutexW
FindFirstFileW
FindClose
GlobalLock
GlobalSize
MultiByteToWideChar
GlobalAlloc
GetModuleHandleA
GetProcAddress
GetUserDefaultLocaleName
GetSystemInfo
GetNativeSystemInfo
CreateIoCompletionPort
SetFileCompletionNotificationModes
SleepConditionVariableSRW
GetQueuedCompletionStatusEx
WakeConditionVariable
CancelIoEx
RemoveDirectoryW
CopyFileExW
PostQueuedCompletionStatus
SetHandleInformation
GetProcessHeap
WakeAllConditionVariable
QueryPerformanceFrequency
GetProcessId
TerminateProcess
GetStdHandle
GetConsoleMode
WriteConsoleW
SetLastError
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
CreateEventW
CancelIo
ReadFile
ExitProcess
GetSystemTimeAsFileTime
HeapAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
MoveFileExW
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
ReadProcessMemory
VirtualQueryEx
LocalFree
GlobalMemoryStatusEx
K32GetPerformanceInfo
OpenProcess
LoadLibraryW
SetFilePointerEx
FreeLibrary
LoadLibraryExA
GetUserDefaultUILanguage
LCIDToLocaleName

ntdll

NtQuerySystemInformation
RtlGetVersion
NtQueryInformationProcess
RtlNtStatusToDosError
NtWriteFile
NtReadFile
NtCancelIoFileEx
NtCreateFile
NtDeviceIoControlFile

user32

TrackPopupMenu
ShowCursor
ClipCursor
AppendMenuW
CreateAcceleratorTableW
PostQuitMessage
AdjustWindowRectEx
SystemParametersInfoA
GetClipCursor
GetDC
IsProcessDPIAware
GetSystemMenu
ShowWindow
CreateMenu
CreatePopupMenu
UnregisterHotKey
RegisterHotKey
SetWindowLongW
DispatchMessageA
DestroyIcon
GetTouchInputInfo
CreateIcon
GetKeyboardState
EnumChildWindows
AttachThreadInput
SetMenuItemInfoW
GetKeyState
TranslateAcceleratorW
GetAncestor
CallNextHookEx
ToUnicodeEx
GetKeyboardLayout
RegisterRawInputDevices
RegisterWindowMessageA
VkKeyScanW
MapVirtualKeyExW
GetAsyncKeyState
GetWindowLongW
MonitorFromRect
GetMessageW
GetUpdateRect
ValidateRect
GetRawInputData
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetWindowPlacement
SetWindowPlacement
PeekMessageW
ChangeDisplaySettingsExW
GetMonitorInfoW
DefWindowProcW
SetWindowLongPtrW
ScreenToClient
CloseTouchInputHandle
SetCapture
DestroyAcceleratorTable
SetClipboardData
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
RegisterClassW
InvalidateRgn
SetWindowPos
SetCursor
LoadCursorW
SetCursorPos
GetWindowTextW
SetWindowDisplayAffinity
GetWindowTextLengthW
SendInput
MapVirtualKeyW
SetForegroundWindow
GetForegroundWindow
SetWindowTextW
IsIconic
IsWindowVisible
GetWindowRect
MonitorFromWindow
ClientToScreen
GetMenu
GetWindowLongPtrW
FlashWindowEx
GetActiveWindow
SetMenu
ReleaseCapture
GetCursorPos
EnumDisplayMonitors
MonitorFromPoint
GetClientRect
DestroyWindow
SendMessageW
TrackMouseEvent
CheckMenuItem
EnableMenuItem
RedrawWindow
PostMessageW
EmptyClipboard
GetWindowThreadProcessId
CloseClipboard
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
GetMessageA
SetWindowsHookExA
MsgWaitForMultipleObjectsEx
FindWindowW
MessageBoxW
RegisterClassExW

shell32

SHAppBarMessage
Shell_NotifyIconW
ShellExecuteW
CommandLineToArgvW
SHCreateItemFromParsingName
SHGetKnownFolderPath
DragFinish
DragQueryFileW
Shell_NotifyIconGetRect

ole32

CoIncrementMTAUsage
RegisterDragDrop
CoUninitialize
OleInitialize
CreateStreamOnHGlobal
RevokeDragDrop
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

bcrypt

BCryptGenRandom

comctl32

RemoveWindowSubclass
SetWindowSubclass
DefSubclassProc
TaskDialogIndirect

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertEnumCertificatesInStore
CertDuplicateStore
CertDuplicateCertificateChain
CertVerifyCertificateChainPolicy
CertAddCertificateContextToStore
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertCloseStore

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

oleaut32

SetErrorInfo
SysFreeString
SysStringLen
GetErrorInfo

secur32

AcquireCredentialsHandleA
QueryContextAttributesW
FreeCredentialsHandle
AcceptSecurityContext
DeleteSecurityContext
EncryptMessage
ApplyControlToken
DecryptMessage
FreeContextBuffer
InitializeSecurityContextW

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

pdh

PdhOpenQueryA
PdhRemoveCounter
PdhAddEnglishCounterW
PdhCloseQuery
PdhGetFormattedCounterValue
PdhCollectQueryData

powrprof

CallNtPowerInformation

uxtheme

SetWindowTheme

api-ms-win-crt-math-l1-1-0

floor
round
__setusermatherr
trunc
pow

api-ms-win-crt-string-l1-1-0

strcpy_s
_wcsicmp
wcslen
wcsncmp
strlen

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
abort
_set_app_type
_seh_filter_exe
_crt_atexit
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
terminate
_configure_narrow_argv
_initialize_onexit_table
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
_callnewh
free
malloc

Sections

.text
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 355KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74a6cf978c31181068f366186856ac3b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ws2_32

kernel32

ntdll

user32

shell32

ole32

bcrypt

comctl32

gdi32

dwmapi

crypt32

api-ms-win-core-winrt-l1-1-0

oleaut32

secur32

psapi

pdh

powrprof

uxtheme

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 8.0MB - Virtual size: 8.0MB

.rdata Size: 6.4MB - Virtual size: 6.4MB

.data Size: 2KB - Virtual size: 14KB

.pdata Size: 355KB - Virtual size: 354KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 8.0MB - Virtual size: 8.0MB

.rdata
Size: 6.4MB - Virtual size: 6.4MB

.data
Size: 2KB - Virtual size: 14KB

.pdata
Size: 355KB - Virtual size: 354KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 44KB - Virtual size: 43KB