usermode[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

usermode.exe
Size

290KB
MD5

839d213f1772545e4240bb1c7077a121
SHA1

a9e590a1f7d78a7055aaa816d3c9d7516dcc623e
SHA256

c87a68223d7faf65c37aca8850523ea48f3df04d6316fc92a08df04d76533f17
SHA512

af06cac728389ff0272f622bf40563fcd7ed31a86f81726cb95584474d57a0cf1d571291911ec3cee2b300934135b10e82c9223dae9c9473f9f612ba31daf8ac
SSDEEP

6144:s9/mZ1UIE+zbEWEC2RbNaZ21tkU8dtmV5idnc9zP7yeu:s9/mZ1xNgJ4ekU8dndncI7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
usermode.exe

Files

usermode.exe
.exe windows:6 windows x64 arch:x64

f8eeea5427b974c353f6591da8a73e50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Jacob\Downloads\kainite src\kainite src\ioctl base updated by redshirtfan\build\usermode\usermode.pdb

Imports

d3d9

Direct3DCreate9Ex

kernel32

GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
Process32First
DeviceIoControl
CreateFileW
CreateToolhelp32Snapshot
Process32Next
CloseHandle
CreateThread
lstrcmpiA
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GlobalFree
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
Sleep
ReleaseSRWLockExclusive
GlobalAlloc
AcquireSRWLockExclusive
UnhandledExceptionFilter

user32

mouse_event
TranslateMessage
SetLayeredWindowAttributes
GetWindow
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
GetSystemMetrics
ShowWindow
GetAsyncKeyState
SetWindowLongA
GetForegroundWindow
DefWindowProcA
LoadIconA
CreateWindowExA
SetClipboardData
PeekMessageA
GetDesktopWindow
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
GetClientRect
SetCursor
ClientToScreen
RegisterClassExA
UpdateWindow
SendInput
GetKeyState
LoadCursorA
ScreenToClient
GetActiveWindow

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_counter

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
memset
__C_specific_handler
memcpy
__current_exception
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
memchr
__current_exception_context
memmove

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
fseek
fclose
fflush
__acrt_iob_func
fwrite
ftell
__stdio_common_vsprintf
fread
__stdio_common_vsscanf
__stdio_common_vfprintf
_set_fmode
__p__commode
_wfopen

api-ms-win-crt-string-l1-1-0

strncpy
isprint
strcmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

terminate
_c_exit
__p___argv
exit
__p___argc
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_initialize_narrow_environment
_initialize_onexit_table
_cexit
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_crt_atexit

api-ms-win-crt-math-l1-1-0

floorf
__setusermatherr
pow
ceilf
sqrt
sinf
powf
tanf
cosf
asin
atan2
sqrtf
fmodf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8eeea5427b974c353f6591da8a73e50

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

kernel32

user32

imm32

msvcp140

dwmapi

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 230KB - Virtual size: 230KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 412B

.text
Size: 230KB - Virtual size: 230KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 412B