SearchProtocolHost[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SearchProtocolHost.exe
Size

341KB
MD5

eddf12939fef7ae88c2c2da5b12e90b2
SHA1

630733963916b3e97f400f9b47f91e24279591e5
SHA256

25e66d30d30cc0c1887043429da5805deb8b5f064217670d35dcf058d7a7a709
SHA512

06c88e29dd92002a77e24a830df90a349dd68b231de5db00d76f304885683503ae3d7e991593dc47287890fe86e379a596918f8f6033713f2718ff020b35c9aa
SSDEEP

6144:DtgW5k1lFB6VWxZ5Djary3vimDRfiiYmhX5MxugXZHD2QrkR10efUK3Kb:DGW5k1lFB6kxZlMyX04h0uk2QQztf9Kb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SearchProtocolHost.exe

Files

SearchProtocolHost.exe
.exe windows x86

e36c335ad6a4b0a6e8c0779d5e84eb6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_itow
??1type_info@@UAE@XZ
wcsncpy_s
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
?what@exception@@UBEPBDXZ
_CxxThrowException
memcpy
malloc
memmove
_XcptFilter
__iob_func
wcschr
_vsnprintf_s
_onexit
wcsncmp
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
__dllonexit
_purecall
iswspace
_controlfp
_wtol
_itow_s
strerror
_vsnprintf
fprintf
strncmp
bsearch
toupper
_unlock
_set_error_mode
__p__commode
memmove_s
_lock
?terminate@@YAXXZ
__CxxFrameHandler3
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_wcsnicmp
_cexit
__p__fmode
__setusermatherr
_initterm
_except_handler4_common
memcmp
realloc
_wtoi
_errno
_wcsicmp
memcpy_s
_vsnwprintf
free
memset

tquery

ciDelete
ciNew
ciNewNoThrow

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventSetInformation
EventWriteTransfer
EventRegister
EventEnabled
EventProviderEnabled
EventUnregister

api-ms-win-security-base-l1-1-0

InitializeSid
DeleteAce
GetSidLengthRequired
GetSidSubAuthority
CopySid
SetSecurityDescriptorDacl
RevertToSelf
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
AddAccessAllowedAce
EqualPrefixSid
GetAclInformation
IsValidSid
MakeAbsoluteSD
CreateWellKnownSid
SetSecurityDescriptorSacl
SetSecurityDescriptorOwner
InitializeAcl
AddAce
GetAce
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetTokenInformation
ImpersonateLoggedOnUser
GetLengthSid
AdjustTokenPrivileges

oleaut32

SysFreeString
VarUI4FromStr
CreateErrorInfo
SysStringLen
SetErrorInfo
GetErrorInfo

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA
LoadStringW
LoadResource
FreeLibrary
SizeofResource
LoadLibraryExW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW

api-ms-win-core-windowserrorreporting-l1-1-0

WerSetFlags

api-ms-win-core-errorhandling-l1-1-1

RemoveVectoredExceptionHandler

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW
LookupPrivilegeValueW
LookupAccountNameW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
WakeAllConditionVariable
InitOnceBeginInitialize
SleepConditionVariableSRW
InitOnceComplete
Sleep

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyExW
RegGetValueW
RegEnumValueW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar
CompareStringW

api-ms-win-core-com-l1-1-0

CLSIDFromProgID
CoUninitialize
PropVariantCopy
CoCreateInstance
PropVariantClear
CLSIDFromString
CoDisconnectObject
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromCLSID
CoInitializeSecurity
CreateStreamOnHGlobal
CoUnmarshalInterface

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringW
IsValidCodePage
ResolveLocaleName
GetLocaleInfoW
GetSystemDefaultLCID
LocaleNameToLCID

api-ms-win-core-synch-l1-1-0

CreateWaitableTimerExW
OpenEventW
WaitForSingleObject
SetWaitableTimerEx
ReleaseMutex
ReleaseSRWLockExclusive
EnterCriticalSection
CreateEventExW
InitializeCriticalSection
AcquireSRWLockExclusive
CreateSemaphoreExW
CreateEventW
LeaveCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
SetEvent
ReleaseSemaphore
ResetEvent
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSetInformation
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

GetHandleInformation
CloseHandle
DuplicateHandle

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetProcessTimes
SetPriorityClass
GetCurrentThread
GetCurrentThreadId
CreateThread
OpenProcessToken
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
FlushViewOfFile
CreateFileMappingW
UnmapViewOfFile
OpenFileMappingW

api-ms-win-shell-namespace-l1-1-0

ILFree
SHCreateItemFromIDList
SHParseDisplayName

ntdll

VerSetConditionMask
RtlNtStatusToDosError
RtlIsStateSeparationEnabled
RtlGetPersistedStateLocation
RtlQueryPackageClaims

api-ms-win-core-processthreads-l1-1-1

GetThreadTimes
SetProcessMitigationPolicy

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalFree
LocalAlloc
GlobalFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount
GetVersionExA
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-file-l1-1-0

SetEndOfFile
SetFilePointer
LockFile
UnlockFile
GetFileSize
GetFileTime
FlushFileBuffers
CreateFileA
DeleteFileA
WriteFile
ReadFile
CreateFileW
DeleteFileW

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileA

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

shcore

ord107

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e36c335ad6a4b0a6e8c0779d5e84eb6e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

tquery

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-base-l1-1-0

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-windowserrorreporting-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processthreads-l1-1-3

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-shell-namespace-l1-1-0

ntdll

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-debug-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-apiquery-l1-1-0

shcore

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 227KB - Virtual size: 226KB

.data Size: 2KB - Virtual size: 4KB

.idata Size: 10KB - Virtual size: 10KB

.didat Size: 512B - Virtual size: 76B

.rsrc Size: 85KB - Virtual size: 84KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 227KB - Virtual size: 226KB

.data
Size: 2KB - Virtual size: 4KB

.idata
Size: 10KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 76B

.rsrc
Size: 85KB - Virtual size: 84KB

.reloc
Size: 15KB - Virtual size: 14KB