ThumbnailExtractionHost[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ThumbnailExtractionHost.exe
Size

29KB
MD5

3f9a02488056e04c065062f35474ec22
SHA1

b03b43139893c5fe29d3ce479025675df7f6ec4d
SHA256

0fdde9c435a27912ea8144dbde97f62eebfb3943efbc3f430d89a26fd3ca7ca4
SHA512

30f2e046dddd82c3281d1e2a74a90c4687c04ff5eb3d9829ad7d5fa8a357b6baa04426aa79e0d2b9de9970d8cfffa28d65d08cf33e92d6f017d67a18c3d462d8
SSDEEP

768:YPKcesZmx2xQL84db4q2dSzLM11TLaOHWKo:YPasZmk+84t4q2MzLMnBHWKo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ThumbnailExtractionHost.exe

Files

ThumbnailExtractionHost.exe
.exe windows x86

145260dbb8b817b2fc16c800b7273131

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
EventWrite
RegGetValueW

kernel32

InitializeCriticalSection
WaitForSingleObject
GetCurrentThreadId
CreateEventW
Sleep
GetLastError
SetEvent
CloseHandle
GetModuleFileNameW
CreateThread
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
LoadLibraryExW
FreeLibrary
LoadLibraryExA
WaitForThreadpoolTimerCallbacks
DuplicateHandle
CloseThreadpoolTimer
GetCommandLineW
RaiseException
CreateThreadpoolTimer
SetThreadpoolTimer
GetCurrentThread
DelayLoadFailureHook

user32

GetMessageW
CharUpperW
DispatchMessageW
TranslateMessage
PostThreadMessageW
CharNextW
UnregisterClassA

msvcrt

_lock
_unlock
_wcmdln
_initterm
__setusermatherr
__dllonexit
_onexit
__p__fmode
_cexit
_exit
?terminate@@YAXXZ
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
__CxxFrameHandler3
memset
_callnewh
malloc
wcsncpy_s
free
_purecall
wcscat_s
wcscpy_s
_controlfp
_except_handler4_common

oleaut32

UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
RegisterTypeLi
SysFreeString

api-ms-win-core-shlwapi-obsolete-l1-2-0

QISearch

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-processthreads-l1-1-2

GetStartupInfoW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

145260dbb8b817b2fc16c800b7273131

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

oleaut32

api-ms-win-core-shlwapi-obsolete-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-shcore-thread-l1-1-0

Sections

.text Size: 19KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 56B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 56B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB