SearchIndexer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SearchIndexer.exe
Size

755KB
MD5

e27c1f78981297d6ca2cec040158e469
SHA1

8265d4631ecc8904b8f6633118f00f07e098078e
SHA256

a6577f77dd26a5faad43e01ac4d53472fcc053f32014177b74334a2b96d4b908
SHA512

0d6705e08d3932b78a25a72e9263a66a3cf427b3c2cc1b67c716c40fe7901b0ee2aadecce8ad8ff1ecfa820922b8bf7397c390a10f979548073bbad61cb5333b
SSDEEP

12288:OJGj11F3Cx+pwM3o7Bq1+l74lH4+yc4WhF2TWBKqzzZKJVQwaQztfDC:VjjF3Cx+pwM47BMu74h4+yc4WhFqeKog

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SearchIndexer.exe

Files

SearchIndexer.exe
.exe windows x86

55e0b4cc6152f0391ae314d1f3757d43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcschr
iswxdigit
memmove
towupper
_wtol
memcpy_s
swscanf
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_free_locale
_get_current_locale
strncmp
__crtLCMapStringW
__crtCompareStringW
_wcsdup
bsearch
_vscwprintf
??0exception@@QAE@ABV0@@Z
_set_errno
abort
memcmp
_vsnprintf_s
__pctype_func
___lc_codepage_func
iswspace
___lc_handle_func
free
___mb_cur_max_func
_get_errno
wcspbrk
qsort
___lc_collate_cp_func
setlocale
??0bad_cast@@QAE@PBD@Z
_wcslwr_s
_except_handler4_common
_controlfp
realloc
_errno
??1type_info@@UAE@XZ
_onexit
__dllonexit
??1bad_cast@@UAE@XZ
_unlock
_lock
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
??0bad_cast@@QAE@ABV0@@Z
strchr
_XcptFilter
memcpy
__CxxFrameHandler3
_CxxThrowException
vswprintf_s
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
calloc
memset
wcsncpy_s
memmove_s
wcsncmp
_wcsnicmp
wcsstr
_wcsicmp
wcstol
malloc
_vsnwprintf

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
GetModuleFileNameW
GetModuleHandleW
FreeLibrary
GetModuleHandleA
LoadLibraryExW
LoadStringW
FreeLibraryAndExitThread
GetModuleFileNameA
GetProcAddress
FindResourceExW
LoadResource
GetModuleHandleExW
LockResource

api-ms-win-core-file-l1-2-1

FindClose
GetFileAttributesW
SetFileTime
SetFileAttributesW
RemoveDirectoryW
GetVolumeNameForVolumeMountPointW
FindFirstFileExW
GetFileTime
CreateFileW
DeleteFileW
FindNextFileW
CompareFileTime
GetLogicalDrives
GetFileAttributesExW
FindFirstFileW
CreateDirectoryW
FindFirstVolumeW
GetDriveTypeW
FindVolumeClose
FindNextVolumeW
GetVolumeInformationW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
TlsSetValue
CreateThread
GetCurrentProcessId
TlsFree
OpenProcessToken
TerminateProcess
GetCurrentThread
GetCurrentThreadId
OpenThreadToken
OpenProcess
TlsAlloc
SetPriorityClass

api-ms-win-core-synch-l1-2-0

CreateEventExW
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
Sleep
InitOnceComplete
ReleaseSRWLockExclusive
InitOnceInitialize
InitOnceExecuteOnce
LeaveCriticalSection
InitializeCriticalSection
SetEvent
WaitForSingleObject
OpenEventW
AcquireSRWLockExclusive
ReleaseMutex
WaitForSingleObjectEx
InitOnceBeginInitialize
OpenSemaphoreW
DeleteCriticalSection
CreateMutexExW
InitializeCriticalSectionEx
CreateEventW
CreateMutexW

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapFree
HeapDestroy
HeapAlloc
HeapSetInformation
HeapSize
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
SetLastError
SetErrorMode
RaiseException
UnhandledExceptionFilter
GetLastError

api-ms-win-core-com-l1-1-1

CoImpersonateClient
CoRevertToSelf
CoRegisterClassObject
CLSIDFromString
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoRevokeClassObject
CoInitializeSecurity
PropVariantClear
CoMarshalInterface
RoGetAgileReference
IIDFromString
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
StringFromGUID2
CoUninitialize
CoGetMalloc
CoWaitForMultipleHandles
CoGetApartmentType
CoTaskMemFree

api-ms-win-shcore-thread-l1-1-0

SHSetThreadRef
SHGetThreadRef
SHCreateThreadRef

api-ms-win-core-io-l1-1-1

DeviceIoControl

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegSetValueExW
RegDeleteTreeW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegDeleteKeyExW
RegDeleteValueW
RegCloseKey
RegEnumValueW
RegQueryInfoKeyW
RegGetValueW
RegGetKeySecurity

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
CloseThreadpoolTimer
CallbackMayRunLong
WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback

ntdll

RtlNtStatusToDosError
NtOpenFile
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlInitUnicodeString

api-ms-win-core-localization-l1-2-1

GetSystemDefaultLCID
GetLocaleInfoW
LCMapStringW
GetNLSVersionEx
LocaleNameToLCID
GetSystemPreferredUILanguages
FormatMessageW
ResolveLocaleName

api-ms-win-core-debug-l1-1-1

OutputDebugStringA
OutputDebugStringW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindNextComponentW
PathCanonicalizeW
PathSkipRootW
PathIsUNCServerShareW
PathStripToRootW
PathIsRootW
PathAppendW
PathIsUNCW
PathRemoveBackslashW
PathIsUNCServerW
PathAddBackslashW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

SysAllocStringLen
SysStringLen
VariantInit
LoadTypeLi
VariantClear
SysStringByteLen
VarBstrCat
VarUI4FromStr
SysFreeString
SysAllocString
SysAllocStringByteLen
LoadRegTypeLi

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

api-ms-win-core-sysinfo-l1-2-1

GetVersionExA
GetSystemTimeAsFileTime
GetTickCount64
GetSystemDirectoryW
GetVersionExW
GetTickCount

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-processenvironment-l1-2-0

SetEnvironmentVariableW
GetCommandLineW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
SearchPathW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation
EventEnabled
EventWrite

api-ms-win-shcore-registry-l1-1-1

SHSetValueW
SHGetValueW
SHCopyKeyW
SHDeleteKeyW

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-core-localization-obsolete-l1-3-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage

api-ms-win-core-kernel32-legacy-l1-1-1

MoveFileW
GetStartupInfoA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

tquery

ciNew
ciNewNoThrow
ciDelete

shcore

ord1
SHRegGetValueW
SHStrDupW

mssrch

??0CSearchServiceObj@@QAE@XZ
??1CSearchServiceObj@@QAE@XZ
?GetFileChangeClientManagerInstance@@YA?AV?$shared_ptr@UIFileChangeClientManager@ChangeTracking@Windows@@@std@@XZ
?Cleanup@CSearchServiceObj@@SGXXZ

api-ms-win-core-shlwapi-obsolete-l1-2-0

StrCmpNICW

api-ms-win-core-memory-l1-1-2

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-service-core-l1-1-1

StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
EnumDependentServicesW

api-ms-win-service-winsvc-l1-2-0

ControlService
QueryServiceStatus

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-1

GetTimeFormatW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

Sections

.text
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55e0b4cc6152f0391ae314d1f3757d43

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-io-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-threadpool-l1-2-0

ntdll

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-core-synch-l1-2-1

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-shcore-registry-l1-1-1

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-registry-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-localization-obsolete-l1-3-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-apiquery-l1-1-0

tquery

shcore

mssrch

api-ms-win-core-shlwapi-obsolete-l1-2-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-file-l2-1-2

api-ms-win-service-core-l1-1-1

api-ms-win-service-winsvc-l1-2-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-heap-l2-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-util-l1-1-0

Sections

.text Size: 516KB - Virtual size: 515KB

.data Size: 3KB - Virtual size: 9KB

.idata Size: 11KB - Virtual size: 11KB

.didat Size: 512B - Virtual size: 372B

.rsrc Size: 191KB - Virtual size: 190KB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 516KB - Virtual size: 515KB

.data
Size: 3KB - Virtual size: 9KB

.idata
Size: 11KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 372B

.rsrc
Size: 191KB - Virtual size: 190KB

.reloc
Size: 32KB - Virtual size: 31KB