mimikatz | 101186-checker (225)[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

101186-checker (225).exe
Size

6.9MB
MD5

32239cf8ee32f98a3c0a9e3349dd634e
SHA1

9a76d6a82b1aa47b33713bcde6d41abe3f29dbf2
SHA256

1f2df15442593b159e45d16a27e4d43d3a9062da212a588ba4c048f214a0b7be
SHA512

b67c15b81638a8163f9af11c1291aad249868eb9f4b9ce663a0e2741a0057c1b4557e505b7bb87fcd4d6ba1c5082ba0adb4730ae8fe608647066c502c3fc35b6
SSDEEP

98304:/Qv1/G7ec05ABjE40JpJRD5VECf2w3L2vuQ:Iv9GCdHzV9O8L2F

Score

10^/10

mimikatz

Malware Config

Signatures

Mimikatz family
mimikatz

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

resource	yara_rule
sample	mimikatz

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
101186-checker (225).exe

Files

101186-checker (225).exe
.exe windows:6 windows x86 arch:x86

1b592c1c6260c7ecc488f8559ad29e2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\paid_memes\wmi_smb_rdp_checker\Release\checker.pdb

Imports

urlmon

URLOpenBlockingStreamA

winmm

waveInClose
waveInPrepareHeader
waveInOpen
waveInAddBuffer
waveInStart
waveInReset
waveInGetDevCapsW
waveInGetNumDevs
waveOutReset
waveInUnprepareHeader
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutGetErrorTextW
waveOutGetDevCapsW
waveOutGetNumDevs
timeEndPeriod
timeBeginPeriod
waveOutWrite

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

WSACloseEvent
send
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSAGetLastError
ntohs
WSASetLastError
inet_ntop
setsockopt
closesocket
WSACreateEvent
inet_addr
socket
connect
getsockopt
htons
ioctlsocket
WSACleanup
WSAStartup
WSAIoctl
inet_pton
__WSAFDIsSet
accept
select
bind
getsockname
htonl
listen
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
WSAEnumNetworkEvents
gethostname

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
OutputDebugStringW
GetFileSizeEx
SetFilePointer
SetFilePointerEx
SetErrorMode
GetTickCount
GetModuleFileNameW
MulDiv
SetThreadExecutionState
ExitProcess
TerminateProcess
GlobalMemoryStatusEx
GetSystemInfo
CreateDirectoryW
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
ReleaseSemaphore
WaitForSingleObjectEx
CreateSemaphoreW
GetEnvironmentVariableA
SetEnvironmentVariableA
IsDebuggerPresent
RaiseException
CreateThread
GetCurrentThread
SetThreadPriority
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
VerSetConditionMask
CreateFileA
DeviceIoControl
GetOverlappedResult
CancelIo
ResetEvent
CreateEventW
LocalFree
FormatMessageW
VerifyVersionInfoW
TlsAlloc
TlsGetValue
TlsSetValue
LoadLibraryExW
CompareStringA
GetModuleHandleExW
GetSystemPowerStatus
GetLocaleInfoA
HeapSize
TlsFree
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
AssignProcessToJobObject
GetSystemTimeAsFileTime
GetModuleHandleW
GetCPInfo
LCMapStringEx
DecodePointer
EncodePointer
CompareStringEx
GetExitCodeThread
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
GetStringTypeW
SleepConditionVariableSRW
WakeAllConditionVariable
GetLocaleInfoEx
FormatMessageA
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
GetCurrentDirectoryW
lstrlenW
FindNextFileW
FindFirstFileW
FindClose
CreateMutexW
ReleaseMutex
GetModuleHandleA
SleepEx
GetCurrentProcessId
WaitForMultipleObjects
GetFileType
MoveFileExW
InitializeCriticalSectionEx
SetLastError
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
Wow64DisableWow64FsRedirection
WriteFile
GetStdHandle
GetCurrentProcess
SetConsoleTextAttribute
SizeofResource
ReadFile
GetConsoleWindow
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetWindowsDirectoryW
CloseHandle
GetLastError
IsWow64Process
CreateProcessW
FindResourceW
LoadResource
LockResource
Wow64RevertWow64FsRedirection
CreateFileW
WaitForSingleObject
PeekNamedPipe
CreatePipe
GetSystemDirectoryW
CreateJobObjectW
SetInformationJobObject
WriteConsoleW
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
DeleteFileW
FileTimeToSystemTime
GetCommandLineA
GetCommandLineW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
HeapReAlloc
GetExitCodeProcess
SetStdHandle
SetEndOfFile
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap

user32

GetClipboardData
EmptyClipboard
CloseClipboard
SetClipboardData
MessageBoxW
MessageBoxA
MonitorFromWindow
MonitorFromRect
CreateIconFromResource
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
GetParent
SetWindowLongW
PtInRect
IntersectRect
GetWindowTextLengthW
OpenClipboard
GetAsyncKeyState
SetWindowRgn
GetDesktopWindow
GetRawInputDeviceInfoA
GetRawInputDeviceList
PostThreadMessageW
DialogBoxIndirectParamW
EndDialog
GetDlgItem
DrawTextW
SystemParametersInfoA
GetWindowTextW
SetWindowTextW
RemovePropW
SetPropW
SetForegroundWindow
SetActiveWindow
GetFocus
SetFocus
FlashWindowEx
SetLayeredWindowAttributes
CreateWindowExW
RegisterClassW
AttachThreadInput
SendMessageW
RegisterRawInputDevices
SystemParametersInfoW
CreateIconIndirect
ShowWindow
IsWindowVisible
TrackMouseEvent
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetMessageExtraInfo
PostMessageW
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
SetWindowPos
IsIconic
GetKeyState
SetTimer
KillTimer
GetSystemMetrics
GetMenu
GetForegroundWindow
GetDC
GetUpdateRect
InvalidateRect
ValidateRect
GetPropW
GetClientRect
CopyImage
LoadCursorW
SetCursorPos
ReleaseCapture
SetCapture
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
EnumDisplayDevicesW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
ReleaseDC
MapVirtualKeyW
ToUnicode
GetKeyboardState
GetKeyboardLayout
IsClipboardFormatAvailable
GetClipboardSequenceNumber
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetDoubleClickTime
RegisterWindowMessageA
GetRawInputData
DestroyIcon
LoadIconW
CallNextHookEx
GetWindowLongW
IsRectEmpty
FillRect
ClipCursor
ScreenToClient
ClientToScreen
GetClipCursor
GetCursorPos
SetCursor
AdjustWindowRectEx
GetWindowRect

gdi32

DeleteDC
CreateCompatibleDC
DeleteObject
CreateSolidBrush
SelectObject
CreateDIBSection
CreateCompatibleBitmap
CreateDCW
GetDeviceCaps
GetDIBits
CreateBitmap
GetICMProfileW
GetDeviceGammaRamp
SetDeviceGammaRamp
CombineRgn
CreateRectRgn
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
BitBlt
CreateFontIndirectW
GetTextExtentPoint32A
GetTextMetricsW

advapi32

CryptGenRandom
CryptGetHashParam
CryptAcquireContextA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptReleaseContext

shell32

SHGetFolderPathW
DragAcceptFiles
ShellExecuteW
DragFinish
ExtractIconExW
DragQueryFileW

ole32

PropVariantClear
CoCreateInstance
CoTaskMemFree
CLSIDFromString
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmGetIMEFileNameA
ImmAssociateContext
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmGetCandidateListW
ImmNotifyIME
ImmSetCompositionWindow

bcrypt

BCryptGenRandom

setupapi

CM_Get_Device_IDA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
CM_Locate_DevNodeA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Get_Parent
SetupDiGetDeviceInterfaceDetailA

crypt32

CertFreeCertificateContext
CryptDecodeObjectEx
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptStringToBinaryW
PFXImportCertStore
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFindCertificateInStore

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 634KB - Virtual size: 633KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b592c1c6260c7ecc488f8559ad29e2a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

winmm

version

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

imm32

bcrypt

setupapi

crypt32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 634KB - Virtual size: 633KB

.data Size: 98KB - Virtual size: 136KB

.rsrc Size: 3.7MB - Virtual size: 3.7MB

.reloc Size: 106KB - Virtual size: 106KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 634KB - Virtual size: 633KB

.data
Size: 98KB - Virtual size: 136KB

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

.reloc
Size: 106KB - Virtual size: 106KB