krampui-rewrite[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

krampui-rewrite.exe
Size

14.3MB
MD5

ab77d1e08cfd9bd5719b4f38b87bc2dd
SHA1

10061457d1cc5e3321ce6fe75d0952ec48e33cba
SHA256

3fa688281ccd6d0f655d78324ed12a45ee7fd9356132795d5262b9975857d891
SHA512

dc3fb8945fae4f990f54b5c1e7b2820aebe7558f7ebd6829416129f6921c3019ed96ed4c6a84846ec8e4be6947dc0411bcb250b29be48b3259e0c0429e0294e1
SSDEEP

196608:DXxBwmPdTmkSGxb/ZTlIxnc/imV3bALeMn:2kSGNqn8imV3ohn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
krampui-rewrite.exe

Files

krampui-rewrite.exe
.exe windows:6 windows x64 arch:x64

1dadebb22c9fa6a2bce4326bd78d37e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

krampui_rewrite.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WakeByAddressSingle
WaitOnAddress

ntdll

NtDeviceIoControlFile
NtCreateFile
RtlUnwindEx
RtlNtStatusToDosError
NtCancelIoFileEx
RtlPcToFileHeader
NtQuerySystemInformation
NtQueryInformationProcess
NtReadFile
RtlVirtualUnwind
RtlGetVersion
NtWriteFile
RtlLookupFunctionEntry
RtlCaptureContext

kernel32

WaitForSingleObject
CloseHandle
SetWaitableTimer
Sleep
IsDebuggerPresent
CreateWaitableTimerExW
UnhandledExceptionFilter
GetCurrentThread
lstrlenW
GlobalFree
GetLastError
InitializeSListHead
SwitchToThread
WakeAllConditionVariable
FindFirstFileW
GetModuleHandleA
GetProcAddress
GetUserDefaultLocaleName
SetUnhandledExceptionFilter
HeapReAlloc
GetSystemInfo
GetNativeSystemInfo
GetSystemTimeAsFileTime
GlobalUnlock
GlobalLock
GlobalSize
MultiByteToWideChar
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
HeapFree
WaitForMultipleObjects
GetOverlappedResult
ReleaseMutex
LoadLibraryExW
IsProcessorFeaturePresent
RaiseException
OutputDebugStringW
OutputDebugStringA
LCIDToLocaleName
GetUserDefaultUILanguage
EncodePointer
LoadLibraryExA
FreeLibrary
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetExitCodeProcess
CreateMutexW
GetModuleHandleW
SetFilePointerEx
CreatePipe
GetProcessHeap
DeleteCriticalSection
AddVectoredExceptionHandler
SleepConditionVariableSRW
LoadLibraryW
GetSystemTimePreciseAsFileTime
K32GetPerformanceInfo
GlobalMemoryStatusEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
OpenProcess
LocalFree
VirtualQueryEx
ReadProcessMemory
TlsSetValue
SetThreadStackGuarantee
GetCurrentThreadId
SetEnvironmentVariableW
FindClose
RemoveDirectoryW
GlobalAlloc
GetProcessIoCounters
GetSystemTimes
GetProcessTimes
SetHandleInformation
MoveFileExW
PostQueuedCompletionStatus
DeleteFileW
HeapAlloc
QueryPerformanceCounter
ExitProcess
ReadFile
CopyFileExW
CancelIo
GetProcessId
TerminateProcess
CreateEventW
GetStdHandle
GetConsoleMode
WriteConsoleW
SetLastError
QueryPerformanceFrequency
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
WideCharToMultiByte
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
WriteFileEx
SleepEx
ReadFileEx
CreateThread
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
TlsFree

user32

ShowCursor
GetDC
IsProcessDPIAware
GetKeyboardLayout
GetWindowThreadProcessId
SystemParametersInfoA
CreateMenu
UnregisterHotKey
RegisterHotKey
CreatePopupMenu
ToUnicodeEx
AdjustWindowRectEx
PostQuitMessage
GetClipCursor
ShowWindow
OpenClipboard
CreateAcceleratorTableW
DispatchMessageA
AppendMenuW
RegisterWindowMessageA
MsgWaitForMultipleObjectsEx
GetWindowTextW
GetWindowTextLengthW
SetWindowsHookExA
SetWindowTextW
SetWindowLongW
CloseTouchInputHandle
EnumChildWindows
ScreenToClient
EnumDisplayMonitors
TrackMouseEvent
SetCapture
MonitorFromRect
GetWindowLongW
DestroyAcceleratorTable
GetSystemMenu
SetMenuItemInfoW
CloseClipboard
SetClipboardData
ClipCursor
VkKeyScanW
DestroyIcon
EmptyClipboard
GetClipboardData
IsClipboardFormatAvailable
TranslateAcceleratorW
GetAncestor
MapVirtualKeyExW
GetMessageW
CreateIcon
GetAsyncKeyState
CallNextHookEx
GetKeyState
AttachThreadInput
GetUpdateRect
PostThreadMessageW
ValidateRect
GetRawInputData
DispatchMessageW
TranslateMessage
GetWindowPlacement
SetWindowPlacement
PeekMessageW
ChangeDisplaySettingsExW
GetMonitorInfoW
DefWindowProcW
GetKeyboardState
TrackPopupMenu
RegisterTouchWindow
GetSystemMetrics
FlashWindowEx
ReleaseCapture
GetCursorPos
SetCursorPos
SetCursor
LoadCursorW
SendInput
MapVirtualKeyW
SetForegroundWindow
GetForegroundWindow
InvalidateRgn
SetWindowPos
GetWindowRect
ClientToScreen
SetWindowDisplayAffinity
MonitorFromPoint
IsIconic
IsWindowVisible
MonitorFromWindow
GetMenu
GetWindowLongPtrW
GetActiveWindow
SetMenu
CheckMenuItem
EnableMenuItem
PostMessageW
DestroyWindow
RegisterRawInputDevices
GetClientRect
RedrawWindow
IsWindow
RegisterClassW
SendMessageW
SetWindowLongPtrW
CreateWindowExW
RegisterClassExW
FindWindowW
MessageBoxW
GetTouchInputInfo
GetMessageA

advapi32

RegQueryValueExW
RevertToSelf
ImpersonateAnonymousToken
RegOpenKeyExW
OpenProcessToken
RegGetValueW
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
SystemFunction036
EventUnregister
EventWriteTransfer
RegCloseKey
EventRegister
EventSetInformation

shell32

DragFinish
Shell_NotifyIconW
Shell_NotifyIconGetRect
CommandLineToArgvW
DragQueryFileW
SHGetKnownFolderPath
ShellExecuteW
SHAppBarMessage
SHCreateItemFromParsingName

ole32

CoCreateInstance
CoIncrementMTAUsage
CoTaskMemFree
CoTaskMemAlloc
RevokeDragDrop
OleInitialize
CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
RegisterDragDrop

ws2_32

WSASocketW
ioctlsocket
bind
WSAStartup
closesocket
WSASend
send
recv
getpeername
getsockname
setsockopt
shutdown
WSAGetLastError
connect
getsockopt
WSAIoctl
getaddrinfo
freeaddrinfo
WSACleanup

comctl32

SetWindowSubclass
TaskDialogIndirect
RemoveWindowSubclass
DefSubclassProc

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

crypt32

CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertDuplicateStore
CertVerifyCertificateChainPolicy
CertCloseStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertDuplicateCertificateChain

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

oleaut32

SysStringLen
SysFreeString
SetErrorInfo
GetErrorInfo

bcrypt

BCryptGenRandom

secur32

DecryptMessage
EncryptMessage
FreeContextBuffer
AcquireCredentialsHandleA
AcceptSecurityContext
InitializeSecurityContextW
FreeCredentialsHandle
QueryContextAttributesW
DeleteSecurityContext
ApplyControlToken

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

pdh

PdhCloseQuery
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhCollectQueryData
PdhRemoveCounter
PdhAddEnglishCounterW

powrprof

CallNtPowerInformation

uxtheme

SetWindowTheme

api-ms-win-crt-math-l1-1-0

round
floor
__setusermatherr
trunc
pow

api-ms-win-crt-string-l1-1-0

strlen
strcpy_s
wcslen
_wcsicmp
wcsncmp

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initterm
_initterm_e
exit
_set_app_type
_exit
terminate
_seh_filter_exe
_crt_atexit
_initialize_narrow_environment
abort
_register_onexit_function
_initialize_onexit_table
__p___argc
__p___argv
_cexit
_register_thread_local_exe_atexit_callback
_c_exit
_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
calloc
_callnewh
_set_new_mode
malloc

Sections

.text
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1dadebb22c9fa6a2bce4326bd78d37e3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

ntdll

kernel32

user32

advapi32

shell32

ole32

ws2_32

comctl32

gdi32

dwmapi

crypt32

api-ms-win-core-winrt-l1-1-0

oleaut32

bcrypt

secur32

psapi

pdh

powrprof

uxtheme

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 7.5MB - Virtual size: 7.5MB

.rdata Size: 6.3MB - Virtual size: 6.3MB

.data Size: 2KB - Virtual size: 14KB

.pdata Size: 352KB - Virtual size: 352KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 38KB - Virtual size: 37KB

.text
Size: 7.5MB - Virtual size: 7.5MB

.rdata
Size: 6.3MB - Virtual size: 6.3MB

.data
Size: 2KB - Virtual size: 14KB

.pdata
Size: 352KB - Virtual size: 352KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 38KB - Virtual size: 37KB