Dock_64[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Dock_64.exe
Size

16.4MB
MD5

5a08f253b18003a7ac233312379811a4
SHA1

0eddccd093962db65d7169bf8285cb30e98ea816
SHA256

a74c8f276fed3440a3aa69b74caea2fee5c65206879dfd79407380f5a48b090c
SHA512

f337b9a1c500c8123a3a1c754eae70827c3d0f47aa6a1181c16ee44c2b818b5868cac95d39d6f5e032520f5f0b28dfa933427a5a33eb1cb0fd46083450a74c10
SSDEEP

98304:rf7wYMkOs4XoXKP1OBkycKRUSJYa1qJWMsd3AfRFklSR:rp74XoXKP1OBzcK+SSCpMu2RFklS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Dock_64.exe

Files

Dock_64.exe
.exe windows:6 windows x64 arch:x64

15aecf1787b88fa956c1bad1beb18527

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\Dock1.9.9.9\x64\Release\Dock_64.pdb

Imports

api-ms-win-core-com-l1-1-0

StringFromGUID2
CLSIDFromString
CoInitializeEx
PropVariantClear
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoSetProxyBlanket
CoUninitialize
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoCreateInstance
CoInitializeSecurity

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW
LoadLibraryA

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
LoadStringW
LoadLibraryExW
SizeofResource
FreeLibrary
LoadResource
LockResource
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
FreeLibraryAndExitThread

api-ms-win-ntuser-sysparams-l1-1-0

EnumDisplayDevicesW
SystemParametersInfoW
GetSystemMetrics
EnumDisplayMonitors
GetMonitorInfoW

oleaut32

GetErrorInfo
SysStringLen
SysAllocString
SysFreeString
VariantInit
VariantClear
SetErrorInfo

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

GetDriveTypeW
GetLogicalDriveStringsW
CreateFileW
GetFileTime
GetDiskFreeSpaceExW
CreateDirectoryW
FlushFileBuffers
SetFileAttributesW
ReadFile
WriteFile
GetFinalPathNameByHandleW
GetShortPathNameW
GetLongPathNameW
GetFileSize
GetVolumeInformationW
SetFilePointerEx
DeleteFileW
FindFirstFileExW
FindClose
GetFileType
GetFileAttributesExW
FindNextFileW
GetFileSizeEx
SetFileTime
SetFilePointer
GetFileAttributesW
LocalFileTimeToFileTime
GetFileInformationByHandle
SetEndOfFile

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrlenW

api-ms-win-core-synch-l1-2-0

Sleep

d3dcompiler_47

D3DCompile

d3d11

D3D11CreateDevice
CreateDirect3D11DeviceFromDXGIDevice

api-ms-win-mm-time-l1-1-0

timeBeginPeriod
timeEndPeriod
timeGetTime

api-ms-win-core-processthreads-l1-1-0

GetExitCodeThread
TlsSetValue
ExitProcess
GetCurrentProcess
ExitThread
CreateThread
TlsFree
CreateProcessW
OpenThread
GetCurrentProcessId
GetExitCodeProcess
TlsGetValue
TerminateProcess
GetCurrentThreadId
OpenProcessToken
TlsAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetUnhandledExceptionFilter
GetLastError
SetErrorMode

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
MoveFileW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo
QueryFullProcessImageNameW
K32EnumProcesses

api-ms-win-core-kernel32-legacy-l1-1-1

SetDllDirectoryW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-localization-l1-2-0

IsValidLocale
GetSystemDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoW
GetUserDefaultLCID
LCMapStringW
EnumSystemLocalesW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
SetEvent
OpenEventW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
SetWaitableTimer
TryEnterCriticalSection
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
CreateEventW

api-ms-win-service-management-l1-1-0

OpenSCManagerW

dwrite

DWriteCreateFactory

d2d1

ord2
ord1

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetWindowsDirectoryW
GetSystemTime
GetLocalTime
GetSystemDirectoryW
GetTickCount64
GlobalMemoryStatusEx

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName

api-ms-win-core-privateprofile-l1-1-0

WritePrivateProfileStringW
GetPrivateProfileStringW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
GetTokenInformation

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumValueW
RegNotifyChangeKeyValue
RegQueryValueExW

rpcrt4

UuidFromStringW

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_Status
CM_Get_Parent

api-ms-win-core-registry-l2-1-0

RegCreateKeyW
RegEnumKeyW
RegOpenKeyW

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-power-base-l1-1-0

CallNtPowerInformation

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
FreeEnvironmentStringsW
GetStdHandle
GetEnvironmentVariableW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetCommandLineA
SetStdHandle
GetEnvironmentStringsW

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalFree
LocalAlloc

ext-ms-win-networking-wlanapi-l1-1-0

WlanCloseHandle
WlanEnumInterfaces
WlanFreeMemory
WlanQueryInterface
WlanSetProfile
WlanGetAvailableNetworkList
WlanOpenHandle
WlanGetProfileList

iphlpapi

GetAdaptersInfo

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalUnlock
GlobalLock

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
GetTimeZoneInformation
FileTimeToSystemTime

api-ms-win-power-setting-l1-1-0

PowerGetActiveScheme

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW

powrprof

SetSuspendState
PowerReadFriendlyName
PowerSetActiveScheme
PowerEnumerate

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
VirtualQuery
VirtualProtect
VirtualFreeEx
VirtualAllocEx
OpenFileMappingW
MapViewOfFile
CreateFileMappingW
ReadProcessMemory

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-core-processthreads-l1-1-2

GetSystemTimes

api-ms-win-core-toolhelp-l1-1-0

Process32NextW
CreateToolhelp32Snapshot
Process32FirstW

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-debug-l1-1-1

ContinueDebugEvent
WaitForDebugEvent

wlanapi

WlanDisconnect
WlanScan
WlanConnect
WlanRegisterNotification

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringLen
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW

oleacc

WindowFromAccessibleObject
AccessibleChildren
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmGetContext
ImmGetDefaultIMEWnd
ImmSetCompositionWindow
ImmAssociateContext

user32

MoveWindow
GetWindow
GetWindowPlacement
SetForegroundWindow
GetTouchInputInfo
CloseTouchInputHandle
TrackMouseEvent
DeregisterShellHookWindow
SetWinEventHook
SendMessageW
MsgWaitForMultipleObjects
CallNextHookEx
SetWindowsHookExW
PeekMessageW
GetAncestor
AllowSetForegroundWindow
BeginPaint
keybd_event
OpenClipboard
CloseClipboard
GetMessageExtraInfo
EmptyClipboard
ExitWindowsEx
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
SetWindowPlacement
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
QueryDisplayConfig
GetDisplayConfigBufferSizes
DisplayConfigSetDeviceInfo
DisplayConfigGetDeviceInfo
EnumDisplaySettingsW
SetCursor
SetDisplayConfig
GetDpiForWindow
GetDoubleClickTime
CreatePopupMenu
DestroyMenu
GetParent
IsGUIThread
GetKeyState
EndPaint
RegisterClassExW
WindowFromPoint
LoadIconW
UpdateLayeredWindow
GetKeyboardLayoutList
LoadKeyboardLayoutW
SetWindowLongW
RegisterShellHookWindow
SendMessageTimeoutA
UnhookWinEvent
DestroyIcon
GetShellWindow
GetLayeredWindowAttributes
SetMenu
SetLayeredWindowAttributes
GetClassNameW
IsZoomed
SetWindowsHookExA
IsIconic
GetWindowTextW
GetKeyboardLayout
LockWorkStation
AttachThreadInput
SetFocus
ActivateKeyboardLayout
GetWindowTextLengthW
GetDC
SetActiveWindow
ReleaseDC
GetWindowLongW
ShowWindowAsync
UpdateLayeredWindowIndirect
GetDesktopWindow
SendNotifyMessageW
wsprintfW
LoadCursorW
SwitchToThisWindow
GetSystemMenu
SetWindowTextW
SendMessageTimeoutW
SendMessageA
IsWindow
PostMessageA
RegisterWindowMessageW
GetWindowTextLengthA
FindWindowW
GetMenuStringW
GetSubMenu
GetMenuItemCount
IsWindowVisible
GetMenu
GetMenuItemID
GetWindowRect
FindWindowExW
GetMenuState
GetCursorPos
SetWindowLongPtrA
PostQuitMessage
KillTimer
GetWindowLongPtrA
TranslateMessage
SetPropW
TranslateAcceleratorW
ChangeWindowMessageFilter
UnhookWindowsHookEx
GetForegroundWindow
RegisterHotKey
RegisterTouchWindow
SetTimer
DispatchMessageW
LoadAcceleratorsW
RemovePropW
CreateWindowExW
GetPropW
MessageBoxW
SetWindowPos
DestroyWindow
PostMessageW
UnregisterHotKey
DefWindowProcW
GetMessageW
GetWindowThreadProcessId
FindWindowA
GetWindowLongA
FindWindowExA
SetWindowLongA
IsHungAppWindow
ShowWindow
EnableWindow
IsWindowEnabled
CloseWindow

ole32

OleUninitialize
OleInitialize
RegisterDragDrop
RevokeDragDrop
CoInitialize

cfgmgr32

CM_Request_Device_EjectW
CM_Query_And_Remove_SubTreeW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
WakeAllConditionVariable
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
WaitForSingleObjectEx
QueryPerformanceCounter
QueryPerformanceFrequency
TryAcquireSRWLockExclusive
EnterCriticalSection
EncodePointer
LCMapStringEx
GetCPInfo
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
RtlPcToFileHeader
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetCompressedFileSizeW
GetSystemTimeAsFileTime
CompareStringEx
RtlCaptureContext
GetStringTypeW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeSListHead
GetStartupInfoW
WakeConditionVariable

shell32

SHGetFolderLocation
ShellExecuteExW
SHBindToParent
SHGetKnownFolderPath
ord6
DragAcceptFiles
DragFinish
DragQueryFileW
SHCreateItemFromIDList
SHGetPathFromIDListW
SHFileOperationW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHCreateItemFromParsingName
ord727
ord88
ord190
ord195
SHCreateShellItemArrayFromIDLists
SHBrowseForFolderW
SHGetDesktopFolder
SHAppBarMessage
ShellExecuteW
SHParseDisplayName
SHGetPropertyStoreForWindow
SHQueryUserNotificationState
SHEmptyRecycleBinW
ord155
SHOpenFolderAndSelectItems
SHCreateItemInKnownFolder

advapi32

CloseServiceHandle
ControlService
GetUserNameW
InitiateShutdownW
OpenServiceW

winmm

PlaySoundW

shlwapi

PathFileExistsW
PathIsNetworkPathW
PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW
PathRemoveBackslashW
PathIsDirectoryW
StrStrIA
ord176
StrStrIW
ord487
StrRetToBufW

gdi32

SelectObject
GetPixel
DeleteObject
GetObjectW
BitBlt
Rectangle
SetDIBitsToDevice
CreatePen
CreateCompatibleDC
GetDeviceCaps
SetBkMode
DeleteDC
GetBitmapBits
GetStockObject
SetLayout
CreateDIBSection

dwmapi

DwmIsCompositionEnabled
DwmUnregisterThumbnail
DwmUpdateThumbnailProperties
DwmRegisterThumbnail
DwmQueryThumbnailSourceSize
DwmGetWindowAttribute
DwmSetWindowAttribute

msimg32

AlphaBlend

dxva2

GetMonitorBrightness
SetMonitorBrightness
GetNumberOfPhysicalMonitorsFromHMONITOR
DestroyPhysicalMonitors
GetPhysicalMonitorsFromHMONITOR

steam_api64

SteamAPI_UnregisterCallback
SteamAPI_ReleaseCurrentThreadMemory
SteamAPI_UnregisterCallResult
SteamInternal_ContextInit
SteamAPI_Shutdown
SteamAPI_GetHSteamUser
SteamInternal_FindOrCreateUserInterface
SteamAPI_RunCallbacks
SteamAPI_Init
SteamAPI_IsSteamRunning
SteamAPI_RegisterCallback
SteamAPI_RegisterCallResult

dbghelp

MiniDumpWriteDump

imagehlp

MapFileAndCheckSumW

virtdisk

DetachVirtualDisk
GetStorageDependencyInformation
OpenVirtualDisk

bluetoothapis

BluetoothFindFirstRadio
BluetoothFindRadioClose
BluetoothGetRadioInfo
BluetoothSetServiceState

setupapi

SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces

version

GetFileVersionInfoSizeW

comctl32

ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
ImageList_Draw

rasapi32

RasGetEntryDialParamsW
RasHangUpW
RasEnumConnectionsW
RasEnumEntriesW
RasDialW

pdh

PdhCloseQuery
PdhCollectQueryData
PdhAddCounterW
PdhGetFormattedCounterValue
PdhOpenQueryW
PdhRemoveCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList

api-ms-win-core-console-l1-1-0

ReadConsoleW
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsFree
FlsGetValue
FlsSetValue

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

Sections

.text
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15aecf1787b88fa956c1bad1beb18527

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-com-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-ntuser-sysparams-l1-1-0

oleaut32

api-ms-win-core-io-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-synch-l1-2-0

d3dcompiler_47

d3d11

api-ms-win-mm-time-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-file-l2-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-service-management-l1-1-0

dwrite

d2d1

api-ms-win-core-version-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-appmodel-runtime-l1-1-0

api-ms-win-core-privateprofile-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-registry-l1-1-0

rpcrt4

api-ms-win-devices-config-l1-1-1

api-ms-win-core-registry-l2-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-power-base-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-heap-l2-1-0

ext-ms-win-networking-wlanapi-l1-1-0

iphlpapi

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-power-setting-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-file-l1-2-0

powrprof

api-ms-win-core-memory-l1-1-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-processthreads-l1-1-3

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-debug-l1-1-1

wlanapi

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-synch-l1-2-1

oleacc

imm32

user32

ole32

cfgmgr32

comdlg32

.text
Size: 6.0MB - Virtual size: 6.0MB

.rdata
Size: 8.9MB - Virtual size: 8.9MB

.data
Size: 115KB - Virtual size: 131KB

.pdata
Size: 214KB - Virtual size: 213KB

_RDATA
Size: 77KB - Virtual size: 76KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 9KB - Virtual size: 8KB