dwm[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

dwm.exe
Size

117KB
MD5

f162d5f5e845b9dc352dd1bad8cef1bc
SHA1

35bc294b7e1f062ef5cb5fa1bd3fc942a3e37ae2
SHA256

8a7b7528db30ab123b060d8e41954d95913c07bb40cdae32e97f9edb0baf79c7
SHA512

7077e800453a4564a24af022636a2f6547bdae2c9c6f4ed080d0c98415ecc4fbf538109cbebd456e321b9b74a00613d647b63998e31925fbd841fc9d4613e851
SSDEEP

3072:i+EIisZcGeskKd0plOOcRYchcD26PS8dTJ2N:i+tXt2lWh9+dV2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dwm.exe

Files

dwm.exe
.exe windows:6 windows x64 arch:x64

29a670698e6f399041442a2569276e18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dwm.pdb

Imports

gdi32

GetDeviceCaps
D3DKMTSetProcessSchedulingPriorityClass
GetDIBits
CreateDIBSection
CreateCompatibleBitmap
BitBlt
DeleteDC
GetRgnBox
SelectObject
SelectClipRgn
CreateCompatibleDC
CombineRgn
OffsetRgn
GdiAlphaBlend
CreateRectRgn
GetStockObject
GetRandomRgn
DeleteObject

user32

GetMonitorInfoW
GetWindowThreadProcessId
GetWindowRect
OffsetRect
SetClassLongPtrW
GetClassNameW
MonitorFromWindow
AdjustWindowRectEx
GetWindow
CloseDesktop
GetPropW
EnumDisplayDevicesW
EnumDisplaySettingsW
GetSystemMetrics
RegisterErrorReportingDialog
RegisterGhostWindow
HungWindowFromGhostWindow
InternalGetWindowIcon
GhostWindowFromHungWindow
RegisterFrostWindow
OpenThreadDesktop
SetForegroundWindow
SystemParametersInfoW
GetUserObjectInformationW
GetThreadDesktop
UnregisterSessionPort
RegisterSessionPort
CheckDesktopByThreadId
DwmStopRedirection
DwmStartRedirection
IsHungAppWindow
MessageBeep
IsWindowEnabled
EnumWindows
FlashWindowEx
GetWindowLongW
SendMessageTimeoutW
IsWindow
GetCaretBlinkTime
EndTask
OpenDesktopW
IsDialogMessageW
GetAncestor
SetThreadDesktop
EndPaint
ClientToScreen
InternalGetWindowText
GetUpdateRgn
SetTimer
IsIconic
FillRect
KillTimer
IsZoomed
GetTitleBarInfo
GetWindowInfo
LogicalToPhysicalPoint
GetWindowLongPtrW
GetClientRect
BeginPaint
ChangeWindowMessageFilterEx
InvalidateRect
GetWindowTextW
GetDCEx
ShowWindow
GetSysColorBrush
CreateDialogParamW
PostThreadMessageW
IsWindowVisible
SetWindowLongPtrW
SendMessageW
UpdateWindow
SetWindowTextW
GetGuiResources
SetWindowPos
LoadStringW
LoadIconW
RegisterWindowMessageW
DispatchMessageW
TranslateMessage
PeekMessageW
RegisterPowerSettingNotification
ReleaseDC
GetDC
PostQuitMessage
DestroyWindow
UnregisterPowerSettingNotification
DefWindowProcW
CreateWindowExW
RegisterClassExW
PostMessageW
MsgWaitForMultipleObjectsEx
DestroyIcon

msvcrt

__C_specific_handler
_unlock
__dllonexit
_lock
_onexit
memcpy
memset
_wcsnicmp
_wcsupr_s
wcschr
wcsncpy_s
wcsrchr
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
rand
srand
_wcsicmp
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_cexit
_ismbblead
_purecall
_vsnwprintf
memmove
__getmainargs
_XcptFilter
_exit
sqrt

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
DbgPrompt
NtQuerySystemInformation
DbgPrintEx
RtlCaptureStackBackTrace
WinSqmAddToStreamEx
NtReplyPort
NtCreateWaitablePort
WinSqmIsOptedIn
NtAcceptConnectPort
NtCompleteConnectPort
NtReplyWaitReceivePort
NtRequestPort
NtConnectPort
NtRequestWaitReplyPort
WinSqmIncrementDWORD
RtlFreeSid
NtQueryInformationProcess
NtWaitForSingleObject
RtlNtStatusToDosError
NtClose
NtOpenEvent
NtAlpcSendWaitReceivePort
EtwEventWriteNoRegistration
NtAlpcConnectPort
RtlAllocateAndInitializeSid
RtlUpcaseUnicodeChar
RtlInitUnicodeString
RtlInsertElementGenericTable
RtlIsGenericTableEmpty
RtlLookupElementGenericTable
RtlInitializeGenericTable
EtwEventEnabled
EtwEventRegister
EtwEventUnregister
RtlEnumerateGenericTableWithoutSplaying
RtlDeleteElementGenericTable
WinSqmAddToStream
EtwEventWrite

uxtheme

CloseThemeData
OpenThemeData

imm32

ImmDisableIME

dwmredir

DwmRedirectionManagerWaitForMultipleObjects
DwmRedirectionManagerLockMemoryAllocations
DwmRedirectionManagerEnableMMCSS
DwmRedirectionManagerPlayingVideo
DwmInitializeTransport
DwmShutdownTransport
DwmRedirectionManagerShutdown
DwmRedirectionManagerShouldRemainOnHibernate
DwmRedirectionManagerDispatchMessage
DwmRedirectionManagerFailMessage
DwmVersionCheck

dwmcore

MilChannel_CommitChannel
MilComposition_WaitForNextMessage
MilResource_SendCommand
MilConnection_DestroyChannel
MilConnection_ClearSfmEventOnPartition
MilConnection_HandleSfmEventOnPartition
MilConnection_CreateChannel
MilChannel_GetMarshalType
MilComposition_PeekNextMessage
MilCompositionEngine_UpdateSchedulerSettings

kernel32

GetStartupInfoW
LocalFree
LocalAlloc
ResumeThread
DuplicateHandle
lstrcmpiW
WaitForMultipleObjectsEx
IsWow64Process
RegSetValueExW
RegCreateKeyExW
RegGetValueW
SetThreadPriority
CreateThread
OpenProcess
ReleaseMutex
QueryPerformanceCounter
SetEvent
OpenEventW
SignalObjectAndWait
UnhandledExceptionFilter
TerminateProcess
TerminateThread
GetCurrentThread
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
IsDebuggerPresent
GetModuleHandleW
DelayLoadFailureHook
LoadLibraryExA
FreeLibrary
Sleep
GetUserDefaultLangID
FormatMessageW
GetExitCodeThread
WaitForSingleObject
RegisterWaitForSingleObject
GetThreadId
GetTickCount
ProcessIdToSessionId
CreateEventW
GetCurrentProcessId
SetProcessWorkingSetSize
GetSystemInfo
GetCurrentProcess
GetProcAddress
LoadLibraryW
SetErrorMode
QueryFullProcessImageNameW
ExitProcess
GetSystemTimeAsFileTime
CreateMutexW
GetCurrentThreadId
SetProcessShutdownParameters
SetUnhandledExceptionFilter
HeapSetInformation
WerSetFlags
SetLastError
CloseHandle
GetLastError
GetTickCount64
DeleteCriticalSection
InitializeCriticalSection
QueueUserWorkItem
LeaveCriticalSection
EnterCriticalSection

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29a670698e6f399041442a2569276e18

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

user32

msvcrt

ntdll

uxtheme

imm32

dwmredir

dwmcore

kernel32

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 328B

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 328B