CredentialUIBroker[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CredentialUIBroker.exe
Size

107KB
MD5

0755d1d90e195d3382eea880d67f62ba
SHA1

aedf016a97fb3bed51c8368575d462a8672c6a47
SHA256

b47ae441fbb2c3307ee6b8f7807d9de244d5127eff68474adcfe3c0adf8d335d
SHA512

5996aa9d4d4c67c0b5f1260d4091d1254a384582f4339272ae0889e77ada0bab0a042a6df3a2ba4a3fcf0cd8aae8179ab3cf41f3e9d1ae8038b94b54ad0dc417
SSDEEP

3072:fK+qPcjDKaSwSKWADSbsqJIq7qLTAwtCL:f9qkvvSKWAD9qJIqQc

Score

1^/10

Malware Config

Signatures

Files

CredentialUIBroker.exe
.exe windows x86

9e5a992f00d199694c78175ef1ef7757

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:72:c6:30:0c:f8:03:d4:20:23:03:3c:ba:ae:8d:88:98:03:57:65:0c:ed:95:fb:74:dc:8c:e8:c4:73:80:f8
Signer

Actual PE Digest

5f:72:c6:30:0c:f8:03:d4:20:23:03:3c:ba:ae:8d:88:98:03:57:65:0c:ed:95:fb:74:dc:8c:e8:c4:73:80:f8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

EventActivityIdControl
GetTokenInformation
EventUnregister
RegGetValueW
RegOpenKeyExW
CheckTokenMembership
OpenProcessToken
RegEnumKeyExW
EventSetInformation
AllocateAndInitializeSid
EventRegister
EventWriteTransfer
RegQueryInfoKeyW
RegCloseKey

kernel32

GetModuleFileNameA
FindStringOrdinal
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
SetLastError
CreateEventExW
EnterCriticalSection
ReleaseSemaphore
RegisterWaitForSingleObject
GetModuleHandleExW
UnregisterWait
GetProcessId
EncodePointer
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
OpenEventW
ReleaseMutex
OpenProcess
CreateEventW
GetExitCodeThread
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
SetEvent
CloseThreadpoolTimer
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
RaiseException
CreateThreadpoolTimer
CreateThread
HeapAlloc
DecodePointer
GetProcAddress
CreateMutexExW
LocalFree
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
GlobalGetAtomNameW
DelayLoadFailureHook
ResolveDelayLoadedAPI

user32

PostQuitMessage
PostThreadMessageW
ord2521
GetPropW
GetWindowThreadProcessId
TranslateMessage
DispatchMessageW
GetMessageW
GetWindowBand

msvcrt

_controlfp
_except_handler4_common
?terminate@@YAXXZ
memcpy
memcmp
_callnewh
malloc
wcschr
_vsnwprintf
memcpy_s
_purecall
memmove_s
free
_XcptFilter
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
memset

shlwapi

SHSetThreadRef

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoReleaseServerProcess
CoInitializeEx
CoCreateGuid
CoWaitForMultipleHandles
StringFromGUID2
CoUninitialize
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoGetCallContext
CoTaskMemFree
CoRevokeClassObject
CoRegisterClassObject
CoGetMalloc
CoAddRefServerProcess
CoResumeClassObjects

oleaut32

SafeArrayGetUBound
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayGetVartype
SafeArrayGetElemsize
SafeArrayGetDim

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsDuplicateString

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoRegisterActivationFactories
RoUninitialize
RoRevokeActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-security-base-l1-1-0

GetLengthSid
CopySid

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-heap-l2-1-0

LocalAlloc

ntdll

RtlFreeHeap
NtQueryInformationToken
RtlInitUnicodeString
RtlEqualSid
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlIsParentOfChildAppContainer

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e5a992f00d199694c78175ef1ef7757

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

5f:72:c6:30:0c:f8:03:d4:20:23:03:3c:ba:ae:8d:88:98:03:57:65:0c:ed:95:fb:74:dc:8c:e8:c4:73:80:f8Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

shlwapi

api-ms-win-core-com-l1-1-0

oleaut32

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l2-1-0

ntdll

Sections

.text Size: 83KB - Virtual size: 82KB

.imrsiv Size: - Virtual size: 4B

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 8B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 4KB

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

5f:72:c6:30:0c:f8:03:d4:20:23:03:3c:ba:ae:8d:88:98:03:57:65:0c:ed:95:fb:74:dc:8c:e8:c4:73:80:f8
Signer

.text
Size: 83KB - Virtual size: 82KB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 4KB