windows_krokiet[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

windows_krokiet.exe
Size

23.3MB
MD5

02c88b24420c0108e177d774fece9834
SHA1

99a8728089e6289f95de573df2f4a4b227dc1ec3
SHA256

c98191d420f3c66f56fab9e232e604c354ecae30513b79497f8430f6111be42c
SHA512

6c1c1e8ec379b6a9b0bcb36488e61099b72e6f3008f6937497161a60a5e6e64317b51f95fa6915d66812f048acde9ea6ac35fbe42afb1f7713e578b297dd4771
SSDEEP

196608:pnf51+XFSDcJbfUP778/rMLZScPdGT2rTiG1ekhoCDzxkQyEmc6M4DLjBaVAMm:dJcDMLE52rTiG1ekhoCDzxkQyEmEAlH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
windows_krokiet.exe

Files

windows_krokiet.exe
.exe windows:4 windows x64 arch:x64

056b25d65eba96b1d57128ea753a5125

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
SystemFunction036

bcrypt

BCryptGenRandom

dwmapi

DwmEnableBlurBehindWindow

gdi32

BitBlt
ChoosePixelFormat
CreateCompatibleDC
CreateDIBSection
CreateRectRgn
DeleteDC
DeleteObject
DescribePixelFormat
GetDeviceCaps
SelectObject
SetPixelFormat
SwapBuffers

imm32

ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetContext
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CloseHandle
CompareStringOrdinal
CopyFileExW
CreateDirectoryW
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateNamedPipeW
CreateProcessW
CreateThread
CreateToolhelp32Snapshot
CreateWaitableTimerExW
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DuplicateHandle
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetUserDefaultLocaleName
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
InitializeProcThreadAttributeList
LoadLibraryA
LoadLibraryExW
LoadLibraryW
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFileEx
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleMode
SetConsoleTextAttribute
SetFileInformationByHandle
SetFilePointerEx
SetLastError
SetThreadErrorMode
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepConditionVariableSRW
SleepEx
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnmapViewOfFile
UpdateProcThreadAttribute
VirtualProtect
WaitForSingleObject
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFileEx
lstrlenW
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwindEx
VirtualQuery
__C_specific_handler

ntdll

NtCreateFile
NtReadFile
NtWriteFile
RtlNtStatusToDosError

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize
OleInitialize
RegisterDragDrop
RevokeDragDrop

oleaut32

GetErrorInfo
SysFreeString
SysStringLen

opengl32

wglCreateContext
wglDeleteContext
wglGetCurrentContext
wglGetProcAddress
wglMakeCurrent
wglShareLists

shell32

DragFinish
DragQueryFileW
SHCreateItemFromParsingName
SHGetKnownFolderPath

user32

AdjustWindowRectEx
ChangeDisplaySettingsExW
ClientToScreen
ClipCursor
CloseClipboard
CloseTouchInputHandle
CreateIcon
CreateWindowExW
DefWindowProcW
DestroyIcon
DestroyWindow
DispatchMessageW
EmptyClipboard
EnableMenuItem
GetActiveWindow
GetAsyncKeyState
GetClassInfoExW
GetClassNameW
GetClientRect
GetClipCursor
GetClipboardData
GetCursorPos
GetDC
GetKeyState
GetKeyboardLayout
GetKeyboardState
GetMenu
GetMessageW
GetMonitorInfoW
GetRawInputData
GetSystemMenu
GetSystemMetrics
GetTouchInputInfo
GetWindowLongPtrW
GetWindowLongW
GetWindowPlacement
GetWindowRect
InvalidateRgn
IsProcessDPIAware
KillTimer
LoadCursorW
MapVirtualKeyExW
MapVirtualKeyW
MonitorFromRect
MonitorFromWindow
OpenClipboard
PeekMessageW
PostMessageW
RedrawWindow
RegisterClassExW
RegisterRawInputDevices
RegisterTouchWindow
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
ScreenToClient
SendInput
SendMessageW
SetCapture
SetClipboardData
SetCursor
SetForegroundWindow
SetTimer
SetWindowDisplayAffinity
SetWindowLongPtrW
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextW
ShowCursor
ShowWindow
SystemParametersInfoA
ToUnicodeEx
TrackMouseEvent
TranslateMessage
ValidateRect

uxtheme

SetWindowTheme

msvcrt

__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_errno
_fmode
_fpreset
_initterm
_onexit
abort
acos
acosf
atan
atan2
atan2f
calloc
ceil
ceilf
cos
cosf
exit
expf
floor
floorf
fmod
fmodf
fprintf
free
frexp
fwrite
log
malloc
memcmp
memcpy
memmove
memset
pow
powf
signal
sin
sinf
strlen
strncmp
tan
tanf
vfprintf
wcslen
_hypot

Sections

.text
Size: 15.0MB - Virtual size: 15.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 863KB - Virtual size: 862KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 588KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 447KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/35
Size: 845KB - Virtual size: 845KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/47
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/61
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/73
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/86
Size: 906KB - Virtual size: 905KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/97
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/108
Size: 512B - Virtual size: 450B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/124
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

056b25d65eba96b1d57128ea753a5125

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

dwmapi

gdi32

imm32

kernel32

ntdll

ole32

oleaut32

opengl32

shell32

user32

uxtheme

msvcrt

Sections

.text Size: 15.0MB - Virtual size: 15.0MB

.data Size: 5KB - Virtual size: 4KB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.pdata Size: 169KB - Virtual size: 168KB

.xdata Size: 863KB - Virtual size: 862KB

.bss Size: - Virtual size: 588KB

.idata Size: 12KB - Virtual size: 11KB

.CRT Size: 512B - Virtual size: 128B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 79KB - Virtual size: 78KB

/4 Size: 4KB - Virtual size: 3KB

/19 Size: 447KB - Virtual size: 447KB

/35 Size: 845KB - Virtual size: 845KB

/47 Size: 17KB - Virtual size: 16KB

/61 Size: 254KB - Virtual size: 254KB

/73 Size: 4KB - Virtual size: 3KB

/86 Size: 906KB - Virtual size: 905KB

/97 Size: 20KB - Virtual size: 20KB

/108 Size: 512B - Virtual size: 450B

/124 Size: 345KB - Virtual size: 344KB

.text
Size: 15.0MB - Virtual size: 15.0MB

.data
Size: 5KB - Virtual size: 4KB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.pdata
Size: 169KB - Virtual size: 168KB

.xdata
Size: 863KB - Virtual size: 862KB

.bss
Size: - Virtual size: 588KB

.idata
Size: 12KB - Virtual size: 11KB

.CRT
Size: 512B - Virtual size: 128B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 79KB - Virtual size: 78KB

/4
Size: 4KB - Virtual size: 3KB

/19
Size: 447KB - Virtual size: 447KB

/35
Size: 845KB - Virtual size: 845KB

/47
Size: 17KB - Virtual size: 16KB

/61
Size: 254KB - Virtual size: 254KB

/73
Size: 4KB - Virtual size: 3KB

/86
Size: 906KB - Virtual size: 905KB

/97
Size: 20KB - Virtual size: 20KB

/108
Size: 512B - Virtual size: 450B

/124
Size: 345KB - Virtual size: 344KB