PickerHost[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PickerHost.exe
Size

25KB
MD5

dbd32dd8dfa7cc5dd6fcafb8c89bdd88
SHA1

d8017bfca9b86733f5bc31f5ef8e677c495556fe
SHA256

87e32196ef3be4802c85bf8479b6e1d91927255c248743a7bc68bfd9931f2b87
SHA512

fcb2d147c254bfdf8eeefb56793b8ed202f2b34ef3e103e040ec85249494ba65e26ac78af164b644ef734faf6e2ded3a43b0ffa73063c2022bb12b5327fef011
SSDEEP

384:lBpBuqDvpmXVhDHkQqEL2JSpjEfWqbrWZeAzGqMsoYA5vDBRJJuleAp8xF9x/r:/pvzm0+EpO7oh1PwpKt

Score

1^/10

Malware Config

Signatures

Files

PickerHost.exe
.exe windows x86

7e63660228bca1846b1c1fd03bb821cf

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/06/2013, 21:43

Not After

17/09/2014, 21:43

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:c4:44:1d:b2:14:10:47:c7:0b:30:4d:12:83:fc:df:21:6c:94:a2:81:0a:66:96:e2:ad:bf:a7:ef:8b:af:d1
Signer

Actual PE Digest

06:c4:44:1d:b2:14:10:47:c7:0b:30:4d:12:83:fc:df:21:6c:94:a2:81:0a:66:96:e2:ad:bf:a7:ef:8b:af:d1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EncodePointer
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
DecodePointer
AcquireSRWLockShared
GetCurrentThreadId
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess

user32

GetMessageW
TranslateMessage
PostThreadMessageW
DispatchMessageW

msvcrt

__set_app_type
_wcmdln
_lock
_unlock
__dllonexit
_onexit
??2@YAPAXI@Z
__CxxFrameHandler3
?terminate@@YAXXZ
__wgetmainargs
_initterm
__setusermatherr
_amsg_exit
__p__commode
_XcptFilter
??3@YAXPAX@Z
_purecall
__p__fmode
_cexit
_exit
exit
_controlfp
_except_handler4_common

api-ms-win-core-com-l1-1-1

CoResumeClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoInitializeEx
CoReleaseServerProcess
CoAddRefServerProcess
CoUninitialize
CoCreateInstance

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoRevokeActivationFactories

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsCreateString
WindowsStringHasEmbeddedNull

api-ms-win-core-winrt-error-l1-1-1

RoOriginateError
RoOriginateErrorW

shlwapi

SHSetThreadRef

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

minATL
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e63660228bca1846b1c1fd03bb821cf

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

06:c4:44:1d:b2:14:10:47:c7:0b:30:4d:12:83:fc:df:21:6c:94:a2:81:0a:66:96:e2:ad:bf:a7:ef:8b:af:d1Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcrt

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

shlwapi

Sections

.text Size: 8KB - Virtual size: 7KB

.imrsiv Size: - Virtual size: 4B

.data Size: 512B - Virtual size: 928B

.idata Size: 2KB - Virtual size: 2KB

minATL Size: 512B - Virtual size: 16B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

06:c4:44:1d:b2:14:10:47:c7:0b:30:4d:12:83:fc:df:21:6c:94:a2:81:0a:66:96:e2:ad:bf:a7:ef:8b:af:d1
Signer

.text
Size: 8KB - Virtual size: 7KB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 512B - Virtual size: 928B

.idata
Size: 2KB - Virtual size: 2KB

minATL
Size: 512B - Virtual size: 16B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB