ThumbnailExtractionHost[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ThumbnailExtractionHost.exe
Size

28KB
MD5

3e2f28ee64e682be567004f4265bd988
SHA1

c9e03afc026e7dba1b9d2efd0e0a118ee65ff9ad
SHA256

37ed1945a2bc2f4c53b0231be12efd84ad6d4568dab2d0b4197bbbf847f0ec26
SHA512

b5cbe70fd37874c055757e16019a95ecbf3133ee4adec742877cdc1ff25fd4eeb4111e0bf8d10cbe878c703b4ac97b36bbacd614fa688a122b383c0e5a045e4e
SSDEEP

384:ID3OSLN9V42HU3yfc32kfj2tezP0+vkLe3oOrsmoqgf0yzSWccWc:ILOiQifc32kitezP0+NYgwV0yzo2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ThumbnailExtractionHost.exe

Files

ThumbnailExtractionHost.exe
.exe windows x86

6eda3078fae8569e409222b3f0331dcf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
EventWriteTransfer
RegGetValueW

kernel32

InitializeCriticalSection
WaitForSingleObject
GetCurrentThreadId
CreateEventW
Sleep
GetCommandLineW
SetEvent
CloseHandle
RaiseException
CreateThread
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameW
GetLastError
LoadLibraryExA
DelayLoadFailureHook
FreeLibrary
WaitForThreadpoolTimerCallbacks
DuplicateHandle
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
GetCurrentThread

user32

TranslateMessage
PostThreadMessageW
DispatchMessageW
CharNextW
UnregisterClassA
GetMessageW
CharUpperW

msvcrt

_wcmdln
?terminate@@YAXXZ
__dllonexit
_controlfp
_except_handler4_common
_unlock
_initterm
__setusermatherr
__p__fmode
_onexit
_cexit
_exit
exit
_lock
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
__CxxFrameHandler3
_callnewh
malloc
wcsncpy_s
free
_purecall
wcscat_s
wcscpy_s
memset

oleaut32

SysFreeString
SysAllocString
SysStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetStartupInfoW
GetCurrentProcessId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6eda3078fae8569e409222b3f0331dcf

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

oleaut32

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-shcore-thread-l1-1-0

Sections

.text Size: 18KB - Virtual size: 18KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 56B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 56B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB