PickerHost[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PickerHost.exe
Size

44KB
MD5

38889faf0d25386a7b3173e027f49a28
SHA1

36d09bd375c97fbfa2e4596387aa01e0e4b688f2
SHA256

06ff431403210fde7ea6afd689a2d40945c02ee60ab3a9b6e7337d5aa93b2aaf
SHA512

7fb1469bc31229c3aa5c0e49897f9c10e8ba2caa1488a9e52175491f0875dc7c0d07862a73762c141aa229b67cde47d692f3dc66b00e5b6e0748f72fd19f4cbb
SSDEEP

768:dlFQlHffsbUNiYOEe7DPAeW+gLB+Ox6qj3ydcCIfXXj1P8g:lQJffs0iYOE1eW3LB96q7ydbAnpP8g

Score

1^/10

Malware Config

Signatures

Files

PickerHost.exe
.exe windows x86

8c1859752864dd256b2f6305f384c169

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:30:95:5d:0b:f1:4e:3d:5f:33:cc:0a:0e:2e:0b:0b:ef:7b:dc:dc:17:e1:a1:62:5f:d7:16:df:bf:f3:e9:48
Signer

Actual PE Digest

2b:30:95:5d:0b:f1:4e:3d:5f:33:cc:0a:0e:2e:0b:0b:ef:7b:dc:dc:17:e1:a1:62:5f:d7:16:df:bf:f3:e9:48

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
_XcptFilter
exit
??3@YAXPAX@Z
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
_wcmdln
__CxxFrameHandler3
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_except_handler4_common
_controlfp
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_purecall
_onexit
malloc
_callnewh
memmove
??1type_info@@UAE@XZ

api-ms-win-core-com-l1-1-1

CoTaskMemAlloc
CoAddRefServerProcess
CoGetCallContext
CoReleaseServerProcess
CoRevokeClassObject
CoInitializeEx
CoResumeClassObjects
CoRegisterClassObject
CoUninitialize
CoCreateInstance

api-ms-win-core-winrt-error-l1-1-1

RoOriginateError
RoOriginateErrorW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories
RoGetActivationFactory

api-ms-win-core-errorhandling-l1-1-1

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetProcessId
GetCurrentProcessId
GetStartupInfoW

api-ms-win-core-synch-l1-2-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-rtcore-ntuser-window-l1-1-0

DispatchMessageW
GetMessageW
PostThreadMessageW
TranslateMessage

shlwapi

SHSetThreadRef

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c1859752864dd256b2f6305f384c169

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

2b:30:95:5d:0b:f1:4e:3d:5f:33:cc:0a:0e:2e:0b:0b:ef:7b:dc:dc:17:e1:a1:62:5f:d7:16:df:bf:f3:e9:48Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-rtcore-ntuser-window-l1-1-0

shlwapi

Sections

.text Size: 26KB - Virtual size: 25KB

.imrsiv Size: - Virtual size: 4B

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

2b:30:95:5d:0b:f1:4e:3d:5f:33:cc:0a:0e:2e:0b:0b:ef:7b:dc:dc:17:e1:a1:62:5f:d7:16:df:bf:f3:e9:48
Signer

.text
Size: 26KB - Virtual size: 25KB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB