explorer[.]exe

Resubmissions

13/05/2023, 03:20

230513-dvzx8ahf5x 1

13/05/2023, 03:17

230513-ds6b8afd68 1

13/05/2023, 03:13

230513-dq81bsfd66 1

Sharing

Copy URL Twitter E-mail

General

Target

explorer.exe
Size

4.8MB
MD5

6d2674dffd5aab48a3990c423ffb3f70
SHA1

4d5fd6e97f11a816b7f8b369438c76647369625a
SHA256

0047b22273e358f138ca1839404327778368329f042091f935034c146309c798
SHA512

d3da8b437357f92813cc8b5312f7862e52e117015b3e6f1624bed90442cf3435a94a73e87136e5fc41627272ee75a6d0eb6ac29a773b615262fa423f43aeb970
SSDEEP

49152:A09w7U5J8ck84abcS4wjzkj1Q88s22xg7OcWD3/nDN4cMFwok8wNMsX/3n2BnujM:XY2c+BuYvwUNUpQ9jyxELbw8a0ss

Score

1^/10

Malware Config

Signatures

Files

explorer.exe
.exe windows x64

0a085cf81f56fdac5cf37fec4ef115b9

Code Sign

33:00:00:06:30:40:da:69:cf:31:09:00:eb:00:00:00:00:06:30
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/06/2022, 17:59

Not After

15/09/2023, 17:59

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:40:60:42:e2:02:c2:5b:b9:60:d0:bc:67:f5:7f:d4:8f:b6:8e:00:2b:92:48:f8:49:3c:39:3f:0b:d3:c8:5e
Signer

Actual PE Digest

59:40:60:42:e2:02:c2:5b:b9:60:d0:bc:67:f5:7f:d4:8f:b6:8e:00:2b:92:48:f8:49:3c:39:3f:0b:d3:c8:5e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

11/05/2023, 10:04
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
_Cnd_wait
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
_Wcscoll
_Wcsxfrm
?id@?$collate@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
_Mtx_unlock
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
_Mtx_lock
_Thrd_yield
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Thrd_detach
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_initterm
_register_thread_local_exe_atexit_callback
_set_error_mode

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

strncmp
wcscspn
memset
memmove_s
wcsncmp
wcscmp

api-ms-win-crt-private-l1-1-0

_o_exit
_o_floor
_o_floorf
_o_fmod
_o_free
_o_iswspace
_o_lround
_o_lroundf
_o_malloc
_o_memcpy_s
_o_pow
_o_realloc
_o_sqrt
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__wcsnicmp
_o__wcslwr_s
_o__wcsicmp
memmove
_o_toupper
_o__set_new_mode
_o__set_fmode
_o__set_errno
_o__set_app_type
_o__seh_filter_exe
_o__register_onexit_function
_o__recalloc
_o_abort
_o__purecall
_o__mktime64
_o__wtoi
_o_ceilf
_o_ceil
_o__ltow_s
_o__localtime64
_o__itow_s
_o__itoa_s
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
_o__get_errno
_o__exit
_o__errno
_o__difftime64
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__beginthreadex
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
wcschr
wcsrchr
wcsstr
__std_terminate
__CxxFrameHandler4
_CxxThrowException
__C_specific_handler_noexcept
memcmp
memcpy

aepic

PicFreeFileInfo
PicRetrieveFileInfo

twinapi

ord9

api-ms-win-core-job-l2-1-0

CreateJobObjectW
OpenJobObjectW
SetInformationJobObject
QueryInformationJobObject
AssignProcessToJobObject

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-core-url-l1-1-0

UrlUnescapeW
HashData
PathIsURLW

api-ms-win-core-windowserrorreporting-l1-1-1

WerUnregisterCustomMetadata
WerRegisterCustomMetadata

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled
CheckElevation

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetBoolUSValueW
SHRegGetUSValueW

api-ms-win-core-com-private-l1-1-0

CoRegisterMessageFilter
CoRegisterInitializeSpy
CoRevokeInitializeSpy

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
CreateActCtxW
ReleaseActCtx
ActivateActCtx

ntdll

ZwQuerySystemInformation
ZwQueryValueKey
ZwOpenKey
ZwClose
RtlReAllocateHeap
RtlVerifyVersionInfo
ZwEnumerateValueKey
ZwCreateFile
RtlAnsiStringToUnicodeString
RtlImageDirectoryEntryToData
ZwUnmapViewOfSection
RtlNtPathNameToDosPathName
RtlUpcaseUnicodeChar
ZwCreateSection
RtlxAnsiStringToUnicodeSize
ZwQueryInformationProcess
RtlpEnsureBufferSize
RtlGetNativeSystemInformation
ZwQueryDirectoryFile
ZwSetInformationProcess
RtlInitUnicodeStringEx
ZwMapViewOfSection
RtlFormatCurrentUserKeyPath
ZwEnumerateKey
RtlInitString
ZwOpenFile
ZwQueryInformationFile
LdrResSearchResource
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
NtQueryInformationFile
RtlAppendUnicodeToString
RtlGetVersion
WinSqmAddToStream
NtQueryInformationProcess
NtSetInformationProcess
NtQueryWnfStateData
WinSqmIsOptedIn
RtlInitUnicodeString
NtOpenFile
NtDeviceIoControlFile
RtlCaptureContext
NtClose
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlFlushHeaps
NtSetSystemInformation
RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlNtStatusToDosError
RtlLookupFunctionEntry
RtlVirtualUnwind
strchr
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
RtlAllocateHeap
RtlFreeHeap
RtlAppendUnicodeStringToString
RtlCompareUnicodeString
NtOpenProcessToken
RtlRunOnceExecuteOnce
RtlCopyUnicodeString
RtlUpcaseUnicodeString
NtQueryInformationToken
NtOpenThreadToken
wcsspn
RtlQueryResourcePolicy
RtlNtStatusToDosErrorNoTeb
NtSetThreadExecutionState
NtPowerInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleA
FindStringOrdinal
LoadResource
LockResource
GetModuleFileNameA
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
FindResourceExW
SizeofResource
LoadStringW
GetProcAddress
LoadLibraryExW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete
Sleep

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateSemaphoreExW
ReleaseSRWLockExclusive
CreateMutexW
ResetEvent
AcquireSRWLockExclusive
WaitForSingleObject
OpenSemaphoreW
ReleaseSRWLockShared
InitializeCriticalSectionEx
WaitForMultipleObjectsEx
CreateMutexExW
LeaveCriticalSection
DeleteCriticalSection
OpenMutexW
SleepEx
OpenEventW
ReleaseSemaphore
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
SetEvent
CreateEventW
InitializeCriticalSection
CreateEventExW
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
RaiseException
SetErrorMode
GetLastError

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateFileW
WriteFile
FindNextFileW
DeleteFileW
FindFirstFileW
GetLongPathNameW
FindClose

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventUnregister
EventWrite
EventWriteTransfer
EventRegister
EventEnabled

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SubmitThreadpoolWork
CreateThreadpoolWork
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback
CloseThreadpoolWait
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks

api-ms-win-core-processthreads-l1-1-0

TlsFree
GetCurrentProcess
TlsGetValue
GetCurrentThread
OpenProcessToken
SetThreadPriorityBoost
TlsAlloc
TlsSetValue
InitializeProcThreadAttributeList
GetExitCodeProcess
UpdateProcThreadAttribute
CreateProcessW
QueueUserAPC
GetCurrentThreadId
ProcessIdToSessionId
OpenThreadToken
TerminateProcess
DeleteProcThreadAttributeList
GetStartupInfoW
ExitProcess
SetProcessShutdownParameters
GetThreadPriority
OpenThread
GetCurrentProcessId
GetProcessId
ResumeThread
GetPriorityClass
SetPriorityClass
CreateThread
SetThreadPriority

api-ms-win-core-localization-l1-2-0

GetThreadUILanguage
FormatMessageW
GetLocaleInfoEx
GetCalendarInfoW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

VariantClear
VarUI4FromStr
SysAllocStringByteLen
SysFreeString
SysAllocString
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayDestroy
SysStringLen
VariantInit
SafeArrayAccessData

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-shcore-sysinfo-l1-1-0

SetCurrentProcessExplicitAppUserModelID
IsOS

api-ms-win-core-com-l1-1-0

CoCreateGuid
CoGetInterfaceAndReleaseStream
StringFromIID
StringFromGUID2
CreateStreamOnHGlobal
CoReleaseMarshalData
CoGetStdMarshalEx
CoGetCallContext
PropVariantClear
StringFromCLSID
CoInitializeSecurity
CoCreateInstance
CLSIDFromString
CoUninitialize
CoGetObjectContext
CoInitializeEx
CoSetProxyBlanket
CoGetMalloc
CoTaskMemAlloc
CoFreeUnusedLibraries
CoTaskMemRealloc
CoEnableCallCancellation
CoDisableCallCancellation
CoWaitForMultipleHandles
CoGetApartmentType
CoRegisterClassObject
CoRevokeClassObject
CoMarshalInterThreadInterfaceInStream
CoCancelCall
CoTaskMemFree
CoCreateFreeThreadedMarshaler
IIDFromString

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpW
StrChrW
StrCmpNICW
StrToIntW
StrCmpICW
StrCmpIW
StrCmpICA
StrStrIW
QISearch
StrChrIW
StrCmpNIW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegEnumValueW
RegGetValueW
RegLoadMUIStringW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegDeleteTreeW
RegEnumKeyExW
RegOpenCurrentUser
RegDeleteValueW
RegDeleteKeyExW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_QueryService
IUnknown_Set
IUnknown_SetSite
IUnknown_GetSite

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalFree
LocalAlloc
LocalReAlloc
GlobalFree

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetTickCount
GetSystemTime
GetTickCount64
GetLocalTime
GetSystemDirectoryW
GetWindowsDirectoryW

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
SearchPathW
ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathGetArgsW
PathFindFileNameW
PathCommonPrefixW
SHExpandEnvironmentStringsW
PathFileExistsW
PathGetDriveNumberW
PathParseIconLocationW
PathRemoveBlanksW
PathCombineW
PathRemoveFileSpecW
PathQuoteSpacesW
PathFindExtensionW
PathIsFileSpecW

api-ms-win-shcore-registry-l1-1-0

SHQueryInfoKeyW
SHDeleteKeyW
SHEnumKeyExW
SHRegGetValueW
SHSetValueW
SHGetValueW
SHDeleteValueW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringW
CompareStringOrdinal

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsSubstringWithSpecifiedLength
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference
WindowsDuplicateString

api-ms-win-shcore-thread-l1-1-0

SHSetThreadRef
SHCreateThread
SHGetThreadRef
SetProcessReference
SHCreateThreadRef

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-security-base-l1-1-0

IsValidSid
GetLengthSid
CopySid
GetTokenInformation
GetAclInformation
GetSecurityDescriptorDacl
GetAce
DeleteAce
InitializeAcl
AddAce
AllocateAndInitializeSid
FreeSid
SetKernelObjectSecurity
EqualSid
CreateWellKnownSid
CheckTokenMembership
DuplicateToken
MakeAbsoluteSD

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32GetModuleFileNameExW
K32GetModuleBaseNameW
K32EnumProcessModules
K32EnumProcesses

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
TraceMessage

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription
SetProcessInformation

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoActivateInstance
RoUninitialize
RoGetActivationFactory

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRemoveFileSpec
PathCchCombine
PathAllocCombine
PathCchAddExtension

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
VirtualAlloc
MapViewOfFile
VirtualProtect
VirtualFree
CreateFileMappingW
OpenFileMappingW

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-shcore-stream-l1-1-0

IStream_Write
SHCreateStreamOnFileW
IStream_Read
SHCreateMemStream
IStream_Reset
SHCreateStreamOnFileEx
SHOpenRegStream2W

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
ChangeTimerQueueTimer

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

userenv

DeriveAppContainerSidFromAppContainerName
GetProfileType

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToFileTime
GetDynamicTimeZoneInformation

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
RegisterWaitForSingleObject
GetSystemPowerStatus

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-core-string-l2-1-0

CharLowerBuffW
CharNextW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW
QueryServiceConfigW

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus

api-ms-win-shcore-registry-l1-1-1

SHRegGetValueFromHKCUHKLM

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
ord244

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-stringansi-l1-1-0

CharNextA

api-ms-win-power-base-l1-1-0

GetPwrCapabilities
CallNtPowerInformation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-shlwapi-winrt-storage-l1-1-1

AssocQueryStringW
ord165
ord197
StrRetToBufW
StrRetToStrW
SHPinDllOfCLSID
SHIsChildOrSelf
ord509
ord292
PathRemoveArgsW
SHCreateWorkerWindowW
ord481
ord635
IUnknown_GetWindow
ord478
ShellMessageBoxW
ord279
ord479
ord544

api-ms-win-ntuser-sysparams-l1-1-0

EnumDisplayMonitors
SystemParametersInfoW
GetDisplayConfigBufferSizes
QueryDisplayConfig
GetMonitorInfoW
EnumDisplayDevicesW
GetSystemMetrics

api-ms-win-ntuser-rectangle-l1-1-0

InflateRect
SetRectEmpty
EqualRect
IntersectRect
OffsetRect
SubtractRect
IsRectEmpty
CopyRect
UnionRect
SetRect
PtInRect

api-ms-win-rtcore-ntuser-winevent-l1-1-0

NotifyWinEvent
SetWinEventHook
UnhookWinEvent

api-ms-win-shell-namespace-l1-1-0

ILFree
ILGetSize
ILCloneFirst
SHParseDisplayName
ILRemoveLastID
SHGetNameFromIDList
ILFindLastID
SHGetIDListFromObject
SHBindToParent
ILCombine
SHBindToObject
SHBindToFolderIDListParent
SHCreateItemFromIDList
SHCreateItemFromParsingName
ILIsEqual
ILClone
ILIsParent

dxgi

DXGIDeclareAdapterRemovalSupport

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

GetPointerInfo
EnableMouseInPointer
GetCurrentInputMessageSource
GetPointerDevices
GetPointerType

api-ms-win-storage-exports-internal-l1-1-0

GetThreadFlags
SHGetKnownFolderIDList
SHGetFolderPathEx
SetThreadFlags

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFullName
GetPackagesByPackageFamily

api-ms-win-rtcore-ntuser-wmpointer-l1-1-2

SetWindowFeedbackSetting

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

RegisterClipboardFormatW

api-ms-win-shell-dataobject-l1-1-1

DragQueryFileW

api-ms-win-rtcore-ntuser-private-l1-1-0

CreateWindowInBand
GetWindowBand

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

RegisterPowerSettingNotification
UnregisterPowerSettingNotification

api-ms-win-shell-changenotify-l1-1-1

SHChangeNotification_Lock
SHChangeNotifyDeregister
SHChangeNotifyRegisterThread
SHChangeNotifyRegister
SHChangeNotification_Unlock
SHHandleUpdateImage

propsys

PropVariantToBoolean
PSPropertyBag_WriteStr
PSGetPropertyFromPropertyStorage
PropVariantToUInt32
PSPropertyBag_WriteDWORD
InitVariantFromResource
InitVariantFromGUIDAsString
PropVariantToStringAlloc
PSCreateMemoryPropertyStore

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

api-ms-win-shell-dataobject-l1-1-0

SHCreateDataObject

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId
FindPackagesByPackageFamily

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

gdi32

GetCurrentObject
SelectObject
DeleteDC
GetObjectW
SelectClipRgn
GetClipRgn
GetOutlineTextMetricsW
DeleteObject
CreateCompatibleDC
GetGlyphOutlineW
CreateRectRgnIndirect
GetTextExtentPoint32W
Rectangle
SetStretchBltMode
ExcludeClipRect
StretchBlt
CombineRgn
GetDeviceCaps
GetStockObject
CreateRectRgn
SetRectRgn
GetClipBox
CreateFontIndirectW
OffsetRgn
ExtTextOutW
GetTextMetricsW
SetTextAlign
SetTextColor

kernel32

IsBadWritePtr
VerSetConditionMask
RtlCompareMemory
HeapSize
GetModuleHandleExA
HeapReAlloc
HeapDestroy

wininet

InternetCrackUrlW

shcore

ord183
ord213
ord126
ord109
ord174
ord121
ord190
ord123
ord162
ord210
ord192
ord1
ord191
SHUnicodeToAnsi
ord187
ord141
ord142
ord200
ord184
ord186

shell32

ord743
ord907
ord43
Shell_GetCachedImageIndexW
ord790
ord792
ord727
ord162
SHAppBarMessage
ord894
ord906
ord181
ord895
ShellExecuteW
SHGetLocalizedName
SHGetPropertyStoreForWindow
ord866
SHEvaluateSystemCommandTemplate
ord244
ExtractIconExW
ord132
ord137
Shell_NotifyIconW
Shell_NotifyIconGetRect
ord6
SHGetStockIconInfo
DuplicateIcon
ord91
ord254
ord54
SHEnableServiceObject
ord61
ord896
SHAddToRecentDocs
ord60
SHUpdateRecycleBinIcon
ord711
SHFileOperationW
SHGetPathFromIDListW
ord753
ord733
ord67
SHCreateItemInKnownFolder
ord206
ord201
ord188
ord899
ShellExecuteExW
ord245
ord200
ord89
ord190
ord85
ord100
ord134
ord22
ord850
ord95
ord885
ord723
ord680
ord172
ord764

shlwapi

ord164
PathIsDirectoryW
ord413
ord548
ord163
ord467
AssocQueryKeyW
ChrCmpIW
AssocCreate
PathIsRelativeW

uxtheme

GetThemeBackgroundExtent
DrawThemeTextEx
GetThemeFont
ord86
IsThemePartDefined
DrawThemeParentBackground
CloseThemeData
BufferedPaintInit
BeginBufferedPaint
EndBufferedPaint
GetThemeBool
IsAppThemed
DrawThemeBackground
BufferedPaintUnInit
GetWindowTheme
SetWindowTheme
OpenThemeData
OpenThemeDataForDpi
GetThemeMargins
ord138
BufferedPaintSetAlpha
ord126
GetThemePartSize
IsThemeActive
GetBufferedPaintBits
GetThemeInt
GetThemeMetric
GetThemeColor
IsCompositionActive

dwmapi

DwmSetWindowAttribute
DwmIsCompositionEnabled
ord138
DwmEnableBlurBehindWindow
ord113
ord141
DwmRegisterThumbnail
ord140
DwmGetWindowAttribute
ord159
DwmQueryThumbnailSourceSize
ord124
DwmUpdateThumbnailProperties
DwmUnregisterThumbnail
ord114
ord139

user32

GetCapture
ReleaseCapture
GetDoubleClickTime
CalculatePopupWindowPosition
CopyIcon
GetLastInputInfo
GetCursorFrameInfo
AdjustWindowRect
GetDpiForWindow
SetWindowCompositionAttribute
SetGestureConfig
LoadImageW
CheckMenuItem
EnableMenuItem
RemoveMenu
GetSystemMetricsForDpi
DrawIconEx
DestroyIcon
GetCaretBlinkTime
InjectKeyboardInput
MapVirtualKeyExW
InjectMouseInput
LockWorkStation
TileWindows
CascadeWindows
HungWindowFromGhostWindow
LoadIconW
IsIconic
GetKeyState
ExitWindowsEx
EndDialog
SendDlgItemMessageW
RegisterHotKey
UnregisterHotKey
AdjustWindowRectEx
GetDC
ReleaseDC
CreatePopupMenu
TrackMouseEvent
DestroyMenu
LoadCursorW
SetCursor
SetMenuItemInfoW
MonitorFromWindow
DefWindowProcA
IsWindowUnicode
CopyImage
SendInput
SetDesktopColorTransform
UnregisterClassA
LoadAcceleratorsW
SetMenuDefaultItem
TrackPopupMenuEx
DeleteMenu
FillRect
ChangeWindowMessageFilterEx
TranslateAcceleratorW
DrawTextW
LoadMenuW
GetSysColor
CreateIconIndirect
GetMenuItemCount
GetMenuItemInfoW
ord2611
MonitorFromPoint
ReplyMessage
GetAsyncKeyState
ModifyMenuW
GetSystemMenu
GetSysColorBrush
SetLayeredWindowAttributes
GetIconInfoExW
GetIconInfo
SetCapture
GetMenuDefaultItem
GetClassWord
GetClassLongW
GetPhysicalCursorPos
GetCursorInfo
ShowWindowAsync
InsertMenuW
BringWindowToTop
ord2573
GhostWindowFromHungWindow
EndTask
IsTopLevelWindow
GetMenuState
SetScrollInfo
GetScrollInfo
SetScrollPos
GetMenuStringW
InternalGetWindowText
GetLayeredWindowAttributes
DrawTextExW
IsProcessDPIAware
SetThreadDpiAwarenessContext
GetWindowCompositionAttribute
GetWindowProcessHandle
GetClassLongPtrW
MonitorFromRect
UpdateLayeredWindow
GetGuiResources
ord2521
UnregisterClassW
ord2522
WindowFromDC
GetMenuInfo
SetMenuInfo
GetDpiForSystem
GetWindowDpiAwarenessContext
AreDpiAwarenessContextsEqual
CharLowerW
IsCharAlphaNumericW
IsHungAppWindow
ord2574
GetLastActivePopup
SwitchToThisWindow
ord2005
GetSubMenu

sspicli

GetUserNameExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW
PowerSetRequest
PowerCreateRequest

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-2

SetTermsrvAppInstallMode

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StartTraceW
StopTraceW

api-ms-win-core-job-l1-1-0

IsProcessInJob

rpcrt4

RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
NdrClientCall3

api-ms-win-appmodel-runtime-l1-1-3

GetStagedPackagePathByFullName2

api-ms-win-core-biptcltapi-l1-1-7

BiPtFreeMemory
BiPtQueryWorkItem
BiPtAssociateApplicationEntryPoint
BiPtEnumerateWorkItemsForPackageName

api-ms-win-rtcore-ntuser-shell-l1-1-0

GetShellWindow

api-ms-win-ro-typeresolution-l1-1-1

RoCreatePropertySetSerializer

combase

GetErrorInfo
SetErrorInfo

Exports

Exports

g_trayTriageBlock

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 648KB - Virtual size: 646KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

0a085cf81f56fdac5cf37fec4ef115b9

Code Sign

33:00:00:06:30:40:da:69:cf:31:09:00:eb:00:00:00:00:06:30Certificate

Extended Key Usages

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate

Key Usages

59:40:60:42:e2:02:c2:5b:b9:60:d0:bc:67:f5:7f:d4:8f:b6:8e:00:2b:92:48:f8:49:3c:39:3f:0b:d3:c8:5eSigner

Signature Validations

Verification

11/05/2023, 10:04 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

aepic

twinapi

api-ms-win-core-job-l2-1-0

api-ms-win-core-windowserrorreporting-l1-1-3

api-ms-win-core-url-l1-1-0

api-ms-win-core-windowserrorreporting-l1-1-1

api-ms-win-core-kernel32-private-l1-1-0

api-ms-win-core-registryuserspecific-l1-1-0

api-ms-win-core-com-private-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-shcore-sysinfo-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-string-l2-1-1

api-ms-win-core-processthreads-l1-1-3

api-ms-win-core-registry-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-0

33:00:00:06:30:40:da:69:cf:31:09:00:eb:00:00:00:00:06:30
Certificate

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

59:40:60:42:e2:02:c2:5b:b9:60:d0:bc:67:f5:7f:d4:8f:b6:8e:00:2b:92:48:f8:49:3c:39:3f:0b:d3:c8:5e
Signer

11/05/2023, 10:04
Valid: false