SearchProtocolHost[.]exe[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

SearchProtocolHost.exe.7z
Size

73KB
MD5

d9d0d68c7964809fa029a62c2f7d3fc4
SHA1

a521b373599831f6e0fe8d4df6a1b4118c7fe549
SHA256

7e868635b40bccae561a85f5f5fabb99a9549abb482d17c77047410ccd8e2dd3
SHA512

15f407ec5e9f2d225a7e55a7ef24e250429e4440dc1794f82e1a5ef4b1030111d838cd577943e939cbbfe46d94a27cb822b10eafc38bc01686228e8884f351f3
SSDEEP

1536:l9RKB6V7nLzTNpZZrpoQBYpn3a0OzdGYAUI/yy005T:EB6NnLzpjFpkpnDOzW/90

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SearchProtocolHost.exe

Files

SearchProtocolHost.exe.7z
.7z

Password: infected
SearchProtocolHost.exe
.exe windows x86

Password: infected

16b81b80f65bf81003a67234b735409f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CopySid
GetLengthSid
IsValidSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
AddAce
GetAce
GetAclInformation
AddAccessAllowedAce
InitializeAcl
EventRegister
EventUnregister
EventWrite
AdjustTokenPrivileges
LookupPrivilegeValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
OpenThreadToken
LookupAccountNameW
ImpersonateLoggedOnUser
RevertToSelf
RegCloseKey
MakeSelfRelativeSD
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorLength
GetSidSubAuthority
SetSecurityDescriptorSacl
MakeAbsoluteSD
InitializeSid
GetSidLengthRequired
DeleteAce
EqualPrefixSid
LookupAccountSidW
CreateWellKnownSid
DeregisterEventSource
RegisterEventSourceW
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorA

kernel32

GetModuleHandleW
SetLastError
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
GlobalUnlock
GlobalLock
UnmapViewOfFile
MapViewOfFile
GlobalFree
GlobalAlloc
WaitForMultipleObjects
GetTickCount
CreateThread
LoadLibraryW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
ResetEvent
LocalFree
GetHandleInformation
OpenEventW
GetCurrentProcessId
SetErrorMode
HeapSetInformation
lstrlenA
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
GetThreadTimes
GetCurrentProcess
GetProcessTimes
GetCurrentThreadId
WaitForSingleObject
SetEvent
CreateEventW
GetProcAddress
FreeLibrary
CloseHandle
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
lstrlenW
GetSystemDefaultLCID
CompareStringW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetVersionExW
FindResourceExW
WaitForSingleObjectEx
OutputDebugStringW
CopyFileA
DeleteFileA
FlushViewOfFile
GetLocalTime
CreateFileA
FormatMessageA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
LCMapStringW
SetPriorityClass
IsValidCodePage
OpenFileMappingW
OpenSemaphoreW
CreateFileMappingW
VerSetConditionMask
VerifyVersionInfoW
ReleaseSemaphore
RegEnumValueW
RegQueryValueExW
RegDeleteKeyExW
ExpandEnvironmentStringsW
CreateFileW
DuplicateHandle
GetFileSize
GetFileTime
UnlockFile
LockFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
WriteFile
ReadFile
DeleteFileW
FormatMessageW
OutputDebugStringA
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
Sleep
InterlockedExchange
ReleaseMutex
GetCurrentThread
GetVersionExA

msvcrt

_vsnwprintf
bsearch
fprintf
_iob
_controlfp
_errno
realloc
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
strncmp
strerror
_itow_s
_set_error_mode
_wcsicmp
_wtoi
_itow
wcsncpy_s
memcpy_s
memcpy
memset
__CxxFrameHandler3
wcschr
_purecall
_wcsnicmp
wcsncmp
_CxxThrowException
malloc
free
iswspace
_wtol
_ultow
_vsnprintf

user32

LoadStringW
UnregisterClassA
GetLastInputInfo
MsgWaitForMultipleObjects
CharNextW
PeekMessageW
DispatchMessageW

ole32

CLSIDFromProgID
CoInitializeSecurity
CoDisconnectObject
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CreateBindCtx
CreateStreamOnHGlobal
CoUnmarshalInterface
CoTaskMemFree
PropVariantClear
CoUninitialize
CoInitializeEx
PropVariantCopy

oleaut32

SysStringLen
SetErrorInfo
CreateErrorInfo
VarUI4FromStr
GetErrorInfo
SysFreeString

tquery

?ciNewNoThrow@@YGPAXI@Z
?ciNew@@YGPAXI@Z
?ciDelete@@YGXPAX@Z

msshooks

LoadMSSearchHooks

imm32

ImmDisableIME

shlwapi

SHRegGetValueW

ntdll

WinSqmIncrementDWORD

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

16b81b80f65bf81003a67234b735409f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ole32

oleaut32

tquery

msshooks

imm32

shlwapi

ntdll

Sections

.text Size: 147KB - Virtual size: 147KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 35KB - Virtual size: 36KB

.text
Size: 147KB - Virtual size: 147KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 35KB - Virtual size: 36KB