usermode (1)[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

usermode (1).exe
Size

290KB
MD5

2a29b5b558766e77daef069fae923ea5
SHA1

a4363554e8769009a55c2fd795354538bb9a032f
SHA256

fae3d17d4bd5780f2b756513b84eee90a3f72ea4f47b52b5d36cca2ebbefcc7a
SHA512

0a122e27b1631e5dd5d47818b4581ea6d2a7399934fe03a278e5663a18446d7fe7e097abe0dd9d2d296d202661dc615f44c951566cc1bd989b249626cef5d90b
SSDEEP

6144:heDiUyZm7B2Ep2Sco7GRuy8FjiqNaP9Yn2x8Peyeu:heDiX4nxS38FjNcYn2y7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
usermode (1).exe

Files

usermode (1).exe
.exe windows:6 windows x64 arch:x64

f8eeea5427b974c353f6591da8a73e50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\stock\Desktop\kainite src\kainite src\ioctl base updated by redshirtfan\build\usermode\usermode.pdb

Imports

d3d9

Direct3DCreate9Ex

kernel32

GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
Process32First
DeviceIoControl
CreateFileW
CreateToolhelp32Snapshot
Process32Next
CloseHandle
CreateThread
lstrcmpiA
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GlobalFree
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
Sleep
ReleaseSRWLockExclusive
GlobalAlloc
AcquireSRWLockExclusive
UnhandledExceptionFilter

user32

mouse_event
TranslateMessage
SetLayeredWindowAttributes
GetWindow
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
GetSystemMetrics
ShowWindow
GetAsyncKeyState
SetWindowLongA
GetForegroundWindow
DefWindowProcA
LoadIconA
CreateWindowExA
SetClipboardData
PeekMessageA
GetDesktopWindow
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
GetClientRect
SetCursor
ClientToScreen
RegisterClassExA
UpdateWindow
SendInput
GetKeyState
LoadCursorA
ScreenToClient
GetActiveWindow

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_counter

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
memset
__C_specific_handler
memcpy
__current_exception
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
memchr
__current_exception_context
memmove

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
fseek
fclose
fflush
__acrt_iob_func
fwrite
ftell
__stdio_common_vsprintf
fread
__stdio_common_vsscanf
__stdio_common_vfprintf
_set_fmode
__p__commode
_wfopen

api-ms-win-crt-string-l1-1-0

strncpy
isprint
strcmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

terminate
_c_exit
__p___argv
exit
__p___argc
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_initialize_narrow_environment
_initialize_onexit_table
_cexit
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_crt_atexit

api-ms-win-crt-math-l1-1-0

floorf
__setusermatherr
pow
ceilf
sqrt
sinf
powf
tanf
cosf
asin
atan2
sqrtf
fmodf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8eeea5427b974c353f6591da8a73e50

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

kernel32

user32

imm32

msvcp140

dwmapi

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 231KB - Virtual size: 230KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 412B

.text
Size: 231KB - Virtual size: 230KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 412B