ThumbnailExtractionHost[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ThumbnailExtractionHost.exe
Size

29KB
MD5

c3bafba67139543b1e3f5fc9ba6945cf
SHA1

5dd0d661b62ddf7e22f73475514844bffa5fedfd
SHA256

5fc4b5b767527a620b60521f175c4b258b35a4c49e1a56773a8b23e3569fc380
SHA512

729043da6f532cf322d2cf1d21200341ad64fe433c9d2857f856a28bd9891f0419e8d02ea77ca61745bda470e0b2cc7440fdd27f6b69da84b01fd1a0550ce738
SSDEEP

768:ZKWjcLgweX6L84db4q2dSyb8zBs+LaOH3lTil:ZpwLgweXa84t4q2Myb8zK0H3l2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ThumbnailExtractionHost.exe

Files

ThumbnailExtractionHost.exe
.exe windows x86

145260dbb8b817b2fc16c800b7273131

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
EventWrite
RegGetValueW

kernel32

InitializeCriticalSection
WaitForSingleObject
GetCurrentThreadId
CreateEventW
Sleep
GetLastError
SetEvent
CloseHandle
GetModuleFileNameW
CreateThread
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
LoadLibraryExW
FreeLibrary
LoadLibraryExA
WaitForThreadpoolTimerCallbacks
DuplicateHandle
CloseThreadpoolTimer
GetCommandLineW
RaiseException
CreateThreadpoolTimer
SetThreadpoolTimer
GetCurrentThread
DelayLoadFailureHook

user32

GetMessageW
CharUpperW
DispatchMessageW
TranslateMessage
PostThreadMessageW
CharNextW
UnregisterClassA

msvcrt

_lock
_unlock
_wcmdln
_initterm
__setusermatherr
__dllonexit
_onexit
__p__fmode
_cexit
_exit
?terminate@@YAXXZ
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
__CxxFrameHandler3
memset
_callnewh
malloc
wcsncpy_s
free
_purecall
wcscat_s
wcscpy_s
_controlfp
_except_handler4_common

oleaut32

UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
RegisterTypeLi
SysFreeString

api-ms-win-core-shlwapi-obsolete-l1-2-0

QISearch

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-processthreads-l1-1-2

GetStartupInfoW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

145260dbb8b817b2fc16c800b7273131

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

oleaut32

api-ms-win-core-shlwapi-obsolete-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-shcore-thread-l1-1-0

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 56B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 56B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB