Static task
static1
Behavioral task
behavioral1
Sample
SearchFilterHost.exe
Resource
win10-20230220-es
Behavioral task
behavioral2
Sample
SearchFilterHost.exe
Resource
win10v2004-20230220-es
General
-
Target
SearchFilterHost.exe
-
Size
266KB
-
MD5
9c0ad4380edbd759382a2fe65740737d
-
SHA1
aa16dd64b68150e18a3f0612ed6ae3e83169087e
-
SHA256
289e599c32d569a4f5993b2e0d78f07415b8b32ac8b31b9d35eb63bbeae45d55
-
SHA512
31815ee7b21b66a0382ed028239aedff6806079008abec00af58bff7d27f3c5c174e78eb14798d2f8c8891fd02d0cbaaeae182abf40d18e5fde2af9565c5a3b6
-
SSDEEP
6144:/3qkurnu78XKpjbFc2nOQt6rkR10efUK:OrnuIXKpndOQ6Qztf
Malware Config
Signatures
Files
-
SearchFilterHost.exe.exe windows x64
25975932fe65b44ea2dd939dc008d453
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
msvcrt
_exit
exit
__set_app_type
realloc
?terminate@@YAXXZ
_lock
__wgetmainargs
_cexit
_unlock
__dllonexit
__setusermatherr
_onexit
??1type_info@@UEAA@XZ
memset
memcmp
toupper
bsearch
_fmode
wcsncmp
_wcsnicmp
_wcsicmp
_commode
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
strerror
__CxxFrameHandler3
wcsncpy_s
malloc
_itow_s
memmove_s
free
_vsnprintf_s
_wtoi64
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
_wtoi
memcpy_s
_vsnwprintf
_initterm
__C_specific_handler
_amsg_exit
_errno
wcscmp
api-ms-win-eventing-provider-l1-1-0
EventActivityIdControl
EventProviderEnabled
EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
api-ms-win-security-base-l1-1-0
GetAclInformation
SetSecurityDescriptorOwner
GetAce
CopySid
IsValidSid
AddAce
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
CreateWellKnownSid
AddAccessAllowedAce
SetSecurityDescriptorGroup
GetTokenInformation
SetSecurityDescriptorDacl
oleaut32
VarUI4FromStr
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleExW
GetProcAddress
LoadResource
FindResourceExW
SizeofResource
LoadLibraryExW
GetModuleHandleW
FreeLibrary
GetModuleFileNameA
LoadStringW
GetModuleFileNameW
api-ms-win-core-windowserrorreporting-l1-1-0
WerSetFlags
api-ms-win-security-lsalookup-l2-1-0
LookupAccountNameW
LookupAccountSidW
api-ms-win-core-com-l1-1-0
StringFromCLSID
PropVariantCopy
CoInitializeSecurity
CoCreateInstance
CoReleaseMarshalData
CoUninitialize
CoGetMarshalSizeMax
CoTaskMemRealloc
CoTaskMemFree
CoMarshalInterface
CoTaskMemAlloc
PropVariantClear
CoInitializeEx
CreateStreamOnHGlobal
api-ms-win-core-synch-l1-2-0
Sleep
SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
api-ms-win-core-synch-l1-1-0
AcquireSRWLockExclusive
WaitForSingleObjectEx
ResetEvent
SetEvent
ReleaseSRWLockExclusive
CreateSemaphoreExW
ReleaseSRWLockShared
ReleaseSemaphore
OpenSemaphoreW
LeaveCriticalSection
CreateEventW
ReleaseMutex
OpenEventW
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
WaitForSingleObject
InitializeCriticalSectionEx
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapSetInformation
HeapFree
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode
GetLastError
RaiseException
SetLastError
api-ms-win-core-handle-l1-1-0
GetHandleInformation
CloseHandle
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentThread
GetProcessTimes
OpenProcessToken
GetCurrentProcessId
SetPriorityClass
GetCurrentThreadId
GetCurrentProcess
OpenThreadToken
api-ms-win-core-registry-l1-1-0
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegGetValueW
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
api-ms-win-core-threadpool-l1-2-0
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-memory-l1-1-0
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
api-ms-win-core-processthreads-l1-1-1
GetThreadTimes
SetProcessMitigationPolicy
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal
api-ms-win-core-localization-l1-2-0
GetLocaleInfoW
FormatMessageW
api-ms-win-core-debug-l1-1-0
OutputDebugStringA
DebugBreak
OutputDebugStringW
IsDebuggerPresent
api-ms-win-core-heap-l2-1-0
GlobalAlloc
LocalAlloc
GlobalFree
api-ms-win-core-heap-obsolete-l1-1-0
GlobalLock
GlobalUnlock
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
SearchPathW
api-ms-win-core-localization-obsolete-l1-2-0
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
tquery
ciNewNoThrow
ciNew
ciDelete
api-ms-win-core-timezone-l1-1-0
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
api-ms-win-core-datetime-l1-1-0
GetTimeFormatW
ntdll
EtwEventWriteTransfer
RtlNtStatusToDosError
RtlIsStateSeparationEnabled
RtlGetPersistedStateLocation
api-ms-win-core-file-l1-1-0
CreateFileW
api-ms-win-rtcore-ntuser-window-l1-1-0
DispatchMessageW
PeekMessageW
api-ms-win-rtcore-ntuser-synch-l1-1-0
MsgWaitForMultipleObjects
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Sections
.text Size: 102KB - Virtual size: 101KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 65KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 85KB - Virtual size: 85KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ