mimikatz | 101184-checker (222)[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

101184-checker (222).exe
Size

6.5MB
MD5

f2465e305c6ffe9853928c9127f53485
SHA1

fdb01ab55c0ec4da517bb6374b0e99174d3f95cc
SHA256

d00f7cf6af68ba832b9d364f28411346cfe66fd3b1f5bcac318766add29ff7f0
SHA512

9817f124fc2cf84017178f8f117be92e7a648d880f9ff8f0cb4f3d5a0bb138f20c7f0e57866037cb03d8451f2e29918e2d7b258193fc29e5d8fdddc145614684
SSDEEP

98304:BX1wNXR+xxWjSk/z0A9D5VECf2w3L2vuQ+:h1wNBvN7V9O8L2F

Score

10^/10

mimikatz

Malware Config

Signatures

Mimikatz family
mimikatz

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

resource	yara_rule
sample	mimikatz

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
101184-checker (222).exe

Files

101184-checker (222).exe
.exe windows:6 windows x86 arch:x86

97bb47472cc3fa3c853540f6d0e7feb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\paid_memes\wmi_smb_rdp_checker\Release\checker.pdb

Imports

urlmon

URLOpenBlockingStreamA

winmm

waveInUnprepareHeader
waveInStart
waveInAddBuffer
waveInClose
waveInOpen
waveInGetDevCapsW
waveInGetNumDevs
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutGetErrorTextW
waveOutGetDevCapsW
waveOutGetNumDevs
timeEndPeriod
timeBeginPeriod
waveInPrepareHeader
waveInReset

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

setsockopt
inet_ntop
WSASetLastError
ntohs
WSAGetLastError
WSAWaitForMultipleEvents
WSAResetEvent
inet_pton
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
__WSAFDIsSet
WSAIoctl
accept
bind
getsockname
htonl
listen
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
gethostname
getsockopt
connect
socket
inet_addr
select
htons
ioctlsocket
WSACleanup
WSAStartup
closesocket
WSAEventSelect

kernel32

GetProcAddress
LoadLibraryA
OutputDebugStringW
GetFileSizeEx
SetFilePointer
SetFilePointerEx
SetErrorMode
GetTickCount
GetModuleFileNameW
MulDiv
SetThreadExecutionState
ExitProcess
TerminateProcess
GlobalMemoryStatusEx
GetSystemInfo
CreateDirectoryW
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
ReleaseSemaphore
WaitForSingleObjectEx
CreateSemaphoreW
GetEnvironmentVariableA
SetEnvironmentVariableA
IsDebuggerPresent
RaiseException
CreateThread
GetCurrentThread
SetThreadPriority
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
VerSetConditionMask
CreateFileA
DeviceIoControl
GetOverlappedResult
CancelIo
ResetEvent
CreateEventW
LocalFree
FormatMessageW
VerifyVersionInfoW
TlsAlloc
TlsGetValue
TlsSetValue
LoadLibraryExW
CompareStringA
GetModuleHandleExW
GetSystemPowerStatus
GetLocaleInfoA
IsWow64Process
GetModuleHandleW
HeapSize
DeleteFileW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetEndOfFile
SetStdHandle
GetExitCodeProcess
HeapReAlloc
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineW
GetCommandLineA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
WriteConsoleW
TlsFree
RtlUnwind
CreateProcessW
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCPInfo
LCMapStringEx
DecodePointer
EncodePointer
CompareStringEx
GetExitCodeThread
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
GetStringTypeW
SleepConditionVariableSRW
WakeAllConditionVariable
GetLocaleInfoEx
FormatMessageA
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
GetCurrentDirectoryW
GetModuleHandleA
SleepEx
WaitForMultipleObjects
AssignProcessToJobObject
Wow64DisableWow64FsRedirection
WriteFile
GetStdHandle
GetCurrentProcess
SetConsoleTextAttribute
SizeofResource
ReadFile
GetConsoleWindow
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetWindowsDirectoryW
CloseHandle
GetLastError
GetSystemDirectoryW
CreateJobObjectW
SetInformationJobObject
GetFileType
GetCurrentProcessId
MoveFileExW
InitializeCriticalSectionEx
SetLastError
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FreeLibrary
FindResourceW
LoadResource
LockResource
Wow64RevertWow64FsRedirection
CreateFileW
WaitForSingleObject
PeekNamedPipe
InitializeSListHead
CreatePipe

user32

MessageBoxW
TrackMouseEvent
EnumDisplayMonitors
SetCapture
GetMessageW
GetAsyncKeyState
DispatchMessageW
PeekMessageW
GetMessageExtraInfo
PostMessageW
DefWindowProcW
ShowWindow
SetClipboardData
GetClipboardData
OpenClipboard
CloseClipboard
TranslateMessage
EmptyClipboard
MessageBoxA
IsWindowVisible
MonitorFromRect
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
SetWindowPos
IsIconic
GetKeyState
SetTimer
KillTimer
GetSystemMetrics
GetMenu
GetForegroundWindow
GetDC
GetUpdateRect
InvalidateRect
ValidateRect
GetPropW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
GetCursorPos
GetClipCursor
ClientToScreen
ScreenToClient
ClipCursor
FillRect
IsRectEmpty
GetWindowLongW
CallNextHookEx
LoadIconW
DestroyIcon
GetRawInputData
RegisterWindowMessageA
GetDoubleClickTime
RegisterDeviceNotificationW
UnregisterDeviceNotification
UnregisterClassA
RegisterClassExA
CreateWindowExA
DestroyWindow
GetClipboardSequenceNumber
IsClipboardFormatAvailable
GetKeyboardLayout
GetKeyboardState
ToUnicode
MapVirtualKeyW
ReleaseDC
ChangeDisplaySettingsExW
EnumDisplaySettingsW
EnumDisplayDevicesW
MonitorFromPoint
ReleaseCapture
SystemParametersInfoA
DrawTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
PostThreadMessageW
GetRawInputDeviceList
GetRawInputDeviceInfoA
GetDesktopWindow
SetWindowRgn
MonitorFromWindow
SetCursorPos
CreateIconFromResource
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
GetParent
SetWindowLongW
PtInRect
IntersectRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RemovePropW
SetPropW
SetForegroundWindow
SetActiveWindow
GetFocus
SetFocus
FlashWindowEx
SetLayeredWindowAttributes
CreateWindowExW
RegisterClassW
AttachThreadInput
SendMessageW
RegisterRawInputDevices
SystemParametersInfoW
CreateIconIndirect
CopyImage
LoadCursorW
GetMonitorInfoW

gdi32

GetTextMetricsW
GetTextExtentPoint32A
CreateFontIndirectW
BitBlt
SwapBuffers
SetPixelFormat
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat
CreateRectRgn
CombineRgn
SetDeviceGammaRamp
GetDeviceGammaRamp
GetICMProfileW
CreateBitmap
GetDIBits
GetDeviceCaps
CreateDCW
CreateCompatibleBitmap
CreateDIBSection
SelectObject
DeleteDC
CreateCompatibleDC
DeleteObject
CreateSolidBrush

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptReleaseContext

shell32

DragQueryFileW
ExtractIconExW
SHGetFolderPathW
DragAcceptFiles
ShellExecuteW
DragFinish

ole32

CoUninitialize
PropVariantClear
CLSIDFromString
CoInitializeEx
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString

imm32

ImmGetContext
ImmGetCompositionStringW
ImmAssociateContext
ImmSetCandidateWindow
ImmSetCompositionStringW
ImmGetCandidateListW
ImmNotifyIME
ImmGetIMEFileNameA
ImmReleaseContext
ImmSetCompositionWindow

bcrypt

BCryptGenRandom

setupapi

SetupDiGetClassDevsA
CM_Get_Device_IDA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Get_Parent
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceRegistryPropertyA
CM_Locate_DevNodeA

crypt32

PFXImportCertStore
CryptStringToBinaryW
CertAddCertificateContextToStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptDecodeObjectEx
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateContext

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97bb47472cc3fa3c853540f6d0e7feb8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

winmm

version

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

imm32

bcrypt

setupapi

crypt32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 500KB - Virtual size: 499KB

.data Size: 98KB - Virtual size: 126KB

.rsrc Size: 3.7MB - Virtual size: 3.7MB

.reloc Size: 97KB - Virtual size: 96KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 500KB - Virtual size: 499KB

.data
Size: 98KB - Virtual size: 126KB

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

.reloc
Size: 97KB - Virtual size: 96KB