explorer[.]exe[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

explorer.exe.7z
Size

1.8MB
MD5

c1603777bb105f0f8ca02c8ebf8d7fd6
SHA1

6363f0dca2f2a23b1c017d07f3015b413358514c
SHA256

ea321c4e5c46e9b2f4726f269c521c90a83b5984f55465384a813ca90bc26c37
SHA512

9961e29d5b56db439196c996c3590ec9f9bb87fd850ca4a5e2786647e703742d367cbb865d707b9f2c543f9af96ba7881f37908ffbaadc4c6ed461cf31c54358
SSDEEP

49152:m7/YiL0DKxJVpHiWV4RZBihdpfH8mbI4YfSP2JtX2:kYdWxJVRuDC8mb7YfSwt

Score

1^/10

Malware Config

Signatures

Files

explorer.exe.7z
.7z

Password: infected
explorer.exe
.exe windows x64

Password: infected

3d33dfdf6f4ba43e5543ce7637b766df

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-02-2023 00:05

Not After

01-02-2024 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:08:aa:49:68:a6:94:65:4e:0e:7d:03:99:b8:76:92:aa:9a:e1:9a:a1:a1:01:d3:b9:95:9b:0e:0f:69:75:72
Signer

Actual PE Digest

32:08:aa:49:68:a6:94:65:4e:0e:7d:03:99:b8:76:92:aa:9a:e1:9a:a1:a1:01:d3:b9:95:9b:0e:0f:69:75:72

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Thrd_detach
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Xbad_alloc@std@@YAXXZ
?tolower@?$ctype@G@std@@QEBAGG@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
_Wcscoll
_Wcsxfrm
?_Xbad_function_call@std@@YAXXZ
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?width@ios_base@std@@QEAA_J_J@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Xtime_get_ticks
_Mtx_unlock
_Mtx_lock
?_Xlength_error@std@@YAXPEBD@Z
?id@?$collate@G@std@@2V0locale@2@A

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_initterm_e
_set_error_mode
_c_exit

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

wcsncmp
wcscmp
memset
strncmp
wcscspn

api-ms-win-crt-private-l1-1-0

_o_iswalnum
_o_iswspace
_o_malloc
_o_memcpy_s
_o_pow
_o_realloc
_o_roundf
_o_sqrt
_o_terminate
_o_toupper
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
__C_specific_handler
__CxxFrameHandler3
_o__wtoi
memmove
_o__set_new_mode
_o__set_fmode
_o_free
_o__set_errno
_o__set_app_type
_o__seh_filter_exe
_o__register_onexit_function
_o__recalloc
_o__purecall
_o__mktime64
_o_floor
_o_exit
_o_ceil
_o__wcsnicmp
_o_bsearch
_o__wcsicmp
_o__localtime64
_o__itow_s
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
_o__get_errno
_o__exit
_o__errno
_o__difftime64
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
wcsstr
__std_terminate
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

aepic

PicFreeFileInfo
PicRetrieveFileInfo

twinapi

ord9

api-ms-win-core-job-l2-1-0

SetInformationJobObject
CreateJobObjectW
AssignProcessToJobObject
QueryInformationJobObject

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-core-url-l1-1-0

UrlUnescapeW
HashData
PathIsURLW

api-ms-win-core-kernel32-private-l1-1-0

CheckElevation
CheckElevationEnabled

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetUSValueW
SHRegGetBoolUSValueW

api-ms-win-core-com-private-l1-1-0

CoRegisterMessageFilter

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW

ntdll

RtlGetVersion
RtlInitString
ZwQuerySystemInformation
RtlInitUnicodeString
RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
ZwQueryDirectoryFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
ZwOpenFile
ZwEnumerateKey
RtlInitUnicodeStringEx
RtlFormatCurrentUserKeyPath
ZwCreateFile
ZwQueryInformationFile
ZwCreateSection
ZwQueryInformationProcess
ZwSetInformationProcess
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
wcsspn
RtlQueryResourcePolicy
NtOpenThreadToken
NtClose
NtQueryInformationToken
NtOpenProcessToken
RtlCompareUnicodeString
RtlFreeHeap
RtlAllocateHeap
wcschr
wcsrchr
strchr
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlPublishWnfStateData
ZwQueryValueKey
NtSetSystemInformation
RtlFlushHeaps
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlQueryWnfStateData
ZwOpenKey
RtlNtStatusToDosError
RtlCaptureContext
RtlGetDeviceFamilyInfoEnum
NtSetInformationProcess
NtQueryInformationProcess
ZwClose
RtlReAllocateHeap
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlRunOnceExecuteOnce
RtlCopyUnicodeString
RtlUpcaseUnicodeString
RtlIsStateSeparationEnabled
RtlDosPathNameToNtPathName_U_WithStatus
RtlNtStatusToDosErrorNoTeb
RtlFreeUnicodeString
NtSetThreadExecutionState
VerSetConditionMask
WinSqmSetDWORD
WinSqmIsOptedIn
WinSqmAddToStreamEx

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA
FindResourceExW
LoadResource
SizeofResource
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
FreeLibrary
LoadLibraryExW
LoadStringW
FindStringOrdinal
LockResource
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
WaitForMultipleObjectsEx
OpenMutexW
InitializeCriticalSection
SetEvent
CreateEventW
CreateEventExW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
SleepEx
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
OpenEventW
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
ResetEvent
TryAcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
CreateMutexW
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
RaiseException
SetErrorMode
GetLastError
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

CompareFileTime
CreateFileW
GetLongPathNameW
FindClose
FindNextFileW
FindFirstFileW
WriteFile
DeleteFileW
GetFileAttributesW

api-ms-win-eventing-provider-l1-1-0

EventEnabled
EventWrite
EventActivityIdControl
EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister
EventProviderEnabled

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegOpenCurrentUser
RegNotifyChangeKeyValue
RegCloseKey
RegCreateKeyExW
RegDeleteTreeW
RegGetValueW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
TrySubmitThreadpoolCallback
CloseThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
CreateThreadpoolTimer
WaitForThreadpoolWaitCallbacks
SetThreadpoolTimer
SetThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

QueueUserAPC
SetProcessShutdownParameters
ResumeThread
ExitProcess
GetStartupInfoW
SetThreadPriorityBoost
GetPriorityClass
ProcessIdToSessionId
TerminateProcess
GetExitCodeProcess
SetThreadPriority
OpenProcessToken
GetCurrentThread
OpenThreadToken
GetCurrentProcess
CreateThread
GetThreadPriority
GetCurrentProcessId
GetProcessId
OpenThread
GetCurrentThreadId
CreateProcessW
SetPriorityClass

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
GetThreadUILanguage
GetUserDefaultLangID
GetLocaleInfoW
FormatMessageW
GetUserDefaultLocaleName
GetCalendarInfoW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

VarUI4FromStr
VariantInit
SafeArrayAccessData
SafeArrayCreate
SysAllocString
SafeArrayUnaccessData
SafeArrayDestroy
VariantClear
SysStringLen
SysAllocStringByteLen
SysFreeString

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-shcore-sysinfo-l1-1-0

IsOS
SetCurrentProcessExplicitAppUserModelID

api-ms-win-core-com-l1-1-0

CoGetMalloc
CoCancelCall
CoReleaseMarshalData
CoRevokeClassObject
CoDisableCallCancellation
CoUninitialize
CoTaskMemFree
CoSetProxyBlanket
CoTaskMemRealloc
CoMarshalInterThreadInterfaceInStream
CoCreateGuid
CoInitializeEx
CoEnableCallCancellation
CoCreateInstance
CoGetStdMarshalEx
StringFromIID
IIDFromString
CreateStreamOnHGlobal
CoGetObjectContext
CLSIDFromString
CoInitializeSecurity
CoRegisterClassObject
CoWaitForMultipleHandles
CoGetApartmentType
CoIncrementMTAUsage
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoGetInterfaceAndReleaseStream
CoTaskMemAlloc
CoFreeUnusedLibraries
PropVariantClear
CoGetCallContext

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNICW
StrRChrW
StrStrIW
StrCmpICW
StrToIntW
StrCmpW
StrChrIW
QISearch
StrCmpIW
StrCmpNIW
StrChrW
StrCmpICA

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW
CommandLineToArgvW

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_GetSite
IUnknown_SetSite
IUnknown_Set
IUnknown_QueryService

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
LocalReAlloc
GlobalAlloc
GlobalFree

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy
OpenProcess

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetVersionExW
GetLocalTime
GetTickCount64
GetLogicalProcessorInformation
GetWindowsDirectoryW

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SearchPathW
ExpandEnvironmentStringsW
GetCurrentDirectoryW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathQuoteSpacesW
PathCombineW
PathRemoveBlanksW
PathParseIconLocationW
PathFindFileNameW
SHExpandEnvironmentStringsW
PathGetArgsW
PathFileExistsW
PathFindExtensionW
PathRemoveFileSpecW
PathGetDriveNumberW
PathCommonPrefixW
PathIsFileSpecW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringLen
WindowsCompareStringOrdinal
WindowsDuplicateString
WindowsPreallocateStringBuffer
WindowsDeleteString
WindowsPromoteStringBuffer
WindowsDeleteStringBuffer
WindowsSubstringWithSpecifiedLength
WindowsGetStringRawBuffer
WindowsCreateString

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize
RoActivateInstance

api-ms-win-shcore-registry-l1-1-0

SHRegGetValueW
SHEnumKeyExW
SHQueryInfoKeyW
SHGetValueW
SHSetValueW
SHDeleteKeyW
SHDeleteValueW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-shcore-thread-l1-1-0

SetProcessReference
SHCreateThread
SHSetThreadRef
SHCreateThreadRef
SHGetThreadRef

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenW

api-ms-win-security-base-l1-1-0

GetTokenInformation
CreateWellKnownSid
GetLengthSid
CheckTokenMembership
IsValidSid
EqualSid
CopySid
GetAclInformation
MakeAbsoluteSD
GetAce
DeleteAce
InitializeAcl
AddAce
SetKernelObjectSecurity
DuplicateToken

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
TraceMessage
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-errorhandling-l1-1-1

RemoveVectoredExceptionHandler

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoFailFastWithErrorContext

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoOriginateLanguageException

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchCombine
PathCchRemoveFileSpec
PathCchAddExtension
PathCchAppend

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation
SetThreadDescription

api-ms-win-core-memory-l1-1-0

VirtualAlloc
MapViewOfFile
OpenFileMappingW
VirtualProtect
VirtualFree
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream
SHCreateStreamOnFileW
IStream_Reset
SHOpenRegStream2W
IStream_Write
IStream_Read
SHCreateStreamOnFileEx

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
ChangeTimerQueueTimer
CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
GetOsSafeBootMode

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

userenv

DeriveAppContainerSidFromAppContainerName
GetProfileType

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToFileTime
GetDynamicTimeZoneInformation
SystemTimeToTzSpecificLocalTime

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
RegisterWaitForSingleObject
GetSystemPowerStatus

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-core-string-l2-1-0

CharLowerBuffW
CharNextW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW
QueryServiceConfigW

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-shcore-registry-l1-1-1

SHRegGetValueFromHKCUHKLM

api-ms-win-shcore-scaling-l1-1-1

ord244
GetDpiForMonitor

iphlpapi

GetNetworkConnectivityHint

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-stringansi-l1-1-0

CharNextA

api-ms-win-power-base-l1-1-0

PowerDeterminePlatformRoleEx
GetPwrCapabilities
CallNtPowerInformation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord481
ord279
ShellMessageBoxW
IUnknown_GetWindow
ord165
SHPinDllOfCLSID
ord509
ord478
ord635
ord292
PathRemoveArgsW
AssocQueryStringW
StrRetToStrW
ord544
ord197
ord479
SHCreateWorkerWindowW
StrRetToBufW
SHIsChildOrSelf

api-ms-win-ntuser-sysparams-l1-1-0

GetDisplayConfigBufferSizes
SystemParametersInfoW
QueryDisplayConfig
EnumDisplayMonitors
GetSystemMetrics
GetMonitorInfoW
EnumDisplayDevicesW

api-ms-win-ntuser-rectangle-l1-1-0

SetRect
SubtractRect
UnionRect
InflateRect
CopyRect
SetRectEmpty
EqualRect
PtInRect
IsRectEmpty
OffsetRect
IntersectRect

api-ms-win-rtcore-ntuser-winevent-l1-1-0

NotifyWinEvent
SetWinEventHook
UnhookWinEvent

api-ms-win-shell-namespace-l1-1-0

ILClone
SHBindToParent
SHBindToFolderIDListParent
ILFree
SHCreateItemFromParsingName
SHGetIDListFromObject
ILFindLastID
SHCreateItemFromIDList
SHParseDisplayName
ILCombine
SHBindToObject
ILCloneFirst
SHGetNameFromIDList
ILGetSize
ILIsEqual
ILIsParent
ILRemoveLastID

dxgi

DXGIDeclareAdapterRemovalSupport

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

GetPointerType
GetPointerDevices
GetPointerInfo
EnableMouseInPointer
GetCurrentInputMessageSource

api-ms-win-storage-exports-internal-l1-1-0

SHGetFolderPathEx
GetThreadFlags
SetThreadFlags
SHGetKnownFolderIDList

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFullName
GetPackagesByPackageFamily

api-ms-win-rtcore-ntuser-wmpointer-l1-1-2

SetWindowFeedbackSetting

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

RegisterClipboardFormatW

api-ms-win-rtcore-ntuser-private-l1-1-0

CreateWindowInBand
GetWindowBand

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

UnregisterPowerSettingNotification
RegisterPowerSettingNotification

propsys

InitVariantFromResource
InitVariantFromGUIDAsString
PropVariantToStringAlloc
PSPropertyBag_WriteDWORD
PropVariantToUInt32
PSPropertyBag_WriteStr
PSGetPropertyFromPropertyStorage
PSCreateMemoryPropertyStore
PropVariantToBoolean

coremessaging

CreateDispatcherQueueController

urlmon

URLOpenBlockingStreamW

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

api-ms-win-shell-dataobject-l1-1-0

SHCreateDataObject

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId
FindPackagesByPackageFamily

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

gdi32

GetTextExtentPoint32W
GetStockObject
GetTextMetricsW
SetTextAlign
SetTextColor
CreateFontIndirectW
GetClipBox
SelectObject
CreateCompatibleDC
DeleteDC
GetGlyphOutlineW
GetObjectW
DeleteObject
GetOutlineTextMetricsW
CombineRgn
OffsetRgn
Rectangle
SetStretchBltMode
ExcludeClipRect
StretchBlt
GetClipRgn
SetRectRgn
CreateRectRgn
GetDeviceCaps
CreateRectRgnIndirect
SelectClipRgn
ExtTextOutW
GetCurrentObject

kernel32

IsBadWritePtr

rpcrt4

RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW
RpcStringFreeW
UuidFromStringW
RpcBindingFree
NdrClientCall3
RpcBindingFromStringBindingW

wininet

InternetCrackUrlW

shcore

ord190
ord121
ord162
ord174
ord109
ord1
ord210
ord126
ord213
ord183
ord142
ord192
ord123
ord187
SHUnicodeToAnsi
ord200
ord184
ord186

shell32

ord680
ord723
ord885
ord95
ord743
ord907
ord43
Shell_GetCachedImageIndexW
ord790
ord792
ord727
ord162
SHAppBarMessage
ord894
ord193
ord906
ord895
ShellExecuteW
SHGetLocalizedName
SHGetPropertyStoreForWindow
ord764
ord866
SHEvaluateSystemCommandTemplate
ord181
ord244
ExtractIconExW
ord132
ord137
Shell_NotifyIconW
Shell_NotifyIconGetRect
ord6
SHGetStockIconInfo
DuplicateIcon
ord91
ord254
ord54
SHEnableServiceObject
ord61
ord896
SHAddToRecentDocs
ord60
SHUpdateRecycleBinIcon
ord2
ord711
ord4
SHGetPathFromIDListW
ord645
ord644
ord753
ord733
SHChangeNotifyRegisterThread
DragQueryFileW
ord67
SHCreateItemInKnownFolder
ord206
ord201
ord188
ord899
ShellExecuteExW
ord245
ord200
ord89
ord190
ord85
ord100
ord172
ord134
ord22
ord850
SHFileOperationW

shlwapi

ord164
PathIsDirectoryW
ord413
ord548
ord163
ord467
AssocQueryKeyW
ChrCmpIW
PathIsRelativeW
AssocCreate

uxtheme

DrawThemeTextEx
DrawThemeParentBackground
CloseThemeData
BufferedPaintInit
BeginBufferedPaint
ord86
IsCompositionActive
GetThemeBackgroundExtent
IsAppThemed
GetThemeFont
GetThemeBool
OpenThemeData
OpenThemeDataForDpi
GetThemeMargins
ord138
EndBufferedPaint
BufferedPaintSetAlpha
ord126
GetThemePartSize
IsThemeActive
GetBufferedPaintBits
GetThemeInt
BufferedPaintUnInit
GetWindowTheme
GetThemeColor
GetThemeMetric
SetWindowTheme
DrawThemeBackground

dwmapi

ord114
ord138
ord141
DwmRegisterThumbnail
DwmGetWindowAttribute
ord139
DwmSetWindowAttribute
ord113
ord159
DwmEnableBlurBehindWindow
DwmQueryThumbnailSourceSize
ord124
DwmUpdateThumbnailProperties
DwmUnregisterThumbnail
ord140
DwmIsCompositionEnabled

user32

IsTopLevelWindow
GetMenuState
SetScrollInfo
GetScrollInfo
SetScrollPos
GetMenuStringW
InternalGetWindowText
GetLayeredWindowAttributes
SetLayeredWindowAttributes
DrawTextExW
IsProcessDPIAware
SetThreadDpiAwarenessContext
GetWindowCompositionAttribute
GetWindowProcessHandle
GetClassLongPtrW
UpdateLayeredWindow
ord2521
GetIconInfoExW
GhostWindowFromHungWindow
GetSysColorBrush
GetSystemMenu
ModifyMenuW
GetAsyncKeyState
ReplyMessage
MonitorFromPoint
GetMenuItemInfoW
AdjustWindowRectEx
GetDC
ReleaseDC
MonitorFromWindow
IsIconic
CreatePopupMenu
GetMenuDefaultItem
DestroyMenu
LoadCursorW
SetCursor
SetMenuItemInfoW
DefWindowProcA
IsWindowUnicode
LoadAcceleratorsW
ChangeWindowMessageFilterEx
TranslateAcceleratorW
ord2611
MonitorFromRect
GetGuiResources
IsHungAppWindow
ord2574
SwitchToThisWindow
GetLastActivePopup
UnregisterHotKey
RegisterHotKey
SendDlgItemMessageW
EndDialog
ord2573
GetKeyState
LoadIconW
HungWindowFromGhostWindow
CascadeWindows
TileWindows
LockWorkStation
InjectMouseInput
UnregisterClassW
ord2522
GetMenuInfo
MapVirtualKeyExW
SetMenuInfo
GetDpiForSystem
GetWindowDpiAwarenessContext
AreDpiAwarenessContextsEqual
CharLowerW
IsCharAlphaNumericW
InjectKeyboardInput
GetCaretBlinkTime
GetSysColor
CopyImage
DestroyIcon
DrawIconEx
BringWindowToTop
GetSystemMetricsForDpi
ord2005
TrackMouseEvent
SetCapture
GetCapture
GetIconInfo
GetClassWord
GetClassLongW
GetPhysicalCursorPos
GetCursorInfo
ShowWindowAsync
ReleaseCapture
GetDoubleClickTime
CalculatePopupWindowPosition
CopyIcon
GetLastInputInfo
AdjustWindowRect
GetDpiForWindow
EndTask
InsertMenuW
SetWindowCompositionAttribute
SetGestureConfig
UnregisterClassA
PostThreadMessageW
LoadImageW
CheckMenuItem
EnableMenuItem
ExitWindowsEx
RemoveMenu
SetMenuDefaultItem
TrackPopupMenuEx
DeleteMenu
FillRect
DrawTextW
LoadMenuW
GetSubMenu
CreateIconIndirect
GetMenuItemCount

sspicli

GetUserNameExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-1

PowerSetRequest
PowerCreateRequest
VerifyVersionInfoW

api-ms-win-security-isolatedcontainer-l1-1-1

IsProcessInWDAGContainer

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-2

SetTermsrvAppInstallMode

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-eventing-controller-l1-1-0

StartTraceW
EnableTraceEx2
StopTraceW

api-ms-win-appmodel-runtime-l1-1-3

GetStagedPackagePathByFullName2

api-ms-win-core-biptcltapi-l1-1-7

BiPtFreeMemory
BiPtQueryWorkItem
BiPtAssociateApplicationEntryPoint
BiPtEnumerateWorkItemsForPackageName

api-ms-win-crt-math-l1-1-0

floorf
ceilf

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 714KB - Virtual size: 713KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

3d33dfdf6f4ba43e5543ce7637b766df

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

32:08:aa:49:68:a6:94:65:4e:0e:7d:03:99:b8:76:92:aa:9a:e1:9a:a1:a1:01:d3:b9:95:9b:0e:0f:69:75:72Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

aepic

twinapi

api-ms-win-core-job-l2-1-0

api-ms-win-core-windowserrorreporting-l1-1-3

api-ms-win-core-url-l1-1-0

api-ms-win-core-kernel32-private-l1-1-0

api-ms-win-core-registryuserspecific-l1-1-0

api-ms-win-core-com-private-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-shcore-sysinfo-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-l2-1-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-registry-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-shcore-unicodeansi-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

32:08:aa:49:68:a6:94:65:4e:0e:7d:03:99:b8:76:92:aa:9a:e1:9a:a1:a1:01:d3:b9:95:9b:0e:0f:69:75:72
Signer