OpenWith[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

OpenWith.exe
Size

89KB
MD5

1dfe1ed0a9ef0fa4ffe8d08dfb00f121
SHA1

730d5a899c44d197b91753f2606f3bacca9d6b89
SHA256

77378c8d09e7841cfcc31d42ecc2ac828898e2958240d2d0966d82c9229f641f
SHA512

9b079d68b3f3c55547c6f1e126a24f355dc6cc735517aff281d3cae129ff736bada5adadd66d9ccedf6757ea341a07437b08e26e4f35e6377b538049cc510e5e
SSDEEP

1536:T3DBzpaYdYXvcOyzjXfKQTzBNer+CE+Ge+gGWzP7E:bqX1yXvrer+CE+GNmQ

Score

1^/10

Malware Config

Signatures

Files

OpenWith.exe
.exe windows x86

6f8de4d28527d79db86fdea3ecce856b

Code Sign

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4e
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/07/2014, 20:32

Not After

01/10/2015, 20:32

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:4f:cf:ce:e1:21:55:fd:8f:b2:c7:20:32:3c:b4:64:0c:ad:8b:2d:78:6c:c4:1d:52:cc:38:ca:44:ab:f4:d4
Signer

Actual PE Digest

48:4f:cf:ce:e1:21:55:fd:8f:b2:c7:20:32:3c:b4:64:0c:ad:8b:2d:78:6c:c4:1d:52:cc:38:ca:44:ab:f4:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CompareStringOrdinal
LockResource
LoadResource
FindResourceExW
RaiseException
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetCurrentThreadId
DuplicateHandle
LocalAlloc
CloseHandle
WaitForMultipleObjectsEx
SetEvent
EnterCriticalSection
CreateEventW
TryEnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LocalFree
InitializeCriticalSectionEx
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep

user32

PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
ord2521
SendMessageW
DefWindowProcW
LoadCursorW
CreateWindowInBand
SetForegroundWindow
SetCursor
PeekMessageW
MsgWaitForMultipleObjectsEx
GetMenuDefaultItem
CreatePopupMenu
SetTimer
PostQuitMessage
KillTimer
DestroyMenu

msvcrt

_amsg_exit
_vsnwprintf
__p__commode
_XcptFilter
_purecall
??3@YAXPAX@Z
memset
__wgetmainargs
exit
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
_wcmdln
??2@YAPAXI@Z
__CxxFrameHandler3
?terminate@@YAXXZ
_controlfp
_except_handler4_common
__set_app_type

ntdll

WinSqmAddToStreamEx

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString

comctl32

ord236

shell32

ord764
ord926
SHAssocEnumHandlers

shlwapi

SHSetThreadRef
SHCreateThreadRef
ord219
ord199
ord176
ord174
UrlGetPartW
ord237
ord172
PathFindExtensionW
PathIsURLW

shcore

IUnknown_GetSite
SetProcessReference
SHCreateThread
SHStrDupA

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f8de4d28527d79db86fdea3ecce856b

Code Sign

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4eCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

48:4f:cf:ce:e1:21:55:fd:8f:b2:c7:20:32:3c:b4:64:0c:ad:8b:2d:78:6c:c4:1d:52:cc:38:ca:44:ab:f4:d4Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcrt

ntdll

api-ms-win-core-winrt-string-l1-1-0

comctl32

shell32

shlwapi

shcore

api-ms-win-core-winrt-l1-1-0

Sections

.text Size: 28KB - Virtual size: 28KB

.imrsiv Size: - Virtual size: 4B

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 92B

.rsrc Size: 44KB - Virtual size: 44KB

.reloc Size: 2KB - Virtual size: 2KB

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4e
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

48:4f:cf:ce:e1:21:55:fd:8f:b2:c7:20:32:3c:b4:64:0c:ad:8b:2d:78:6c:c4:1d:52:cc:38:ca:44:ab:f4:d4
Signer

.text
Size: 28KB - Virtual size: 28KB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 92B

.rsrc
Size: 44KB - Virtual size: 44KB

.reloc
Size: 2KB - Virtual size: 2KB