SearchIndexer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SearchIndexer.exe
Size

913KB
MD5

a4124135418aa89c1a2a40c21b8d604a
SHA1

14b6ebc1b8b85693e7c052bd2c8e0597e1446afc
SHA256

6af0ca3524c4ffedfaf6c2a90d92929eec00986fe6ad6cbcd55fc02c91b314a2
SHA512

ae27eb9081745d01fb9a279c88758aecaa1b92f24795ccb95f37afbdca6f7842cd4b3b13266456e217af4358590ab346891e4efaffa81f9c1c22d16e78409646
SSDEEP

12288:39FHnkP5u8CUx8+tc2S1ZUsBtAD/G4SVLBLV/ZzmMW0Lf61engM2njtk5b3/hAhu:XHsrCbJ2psZt9ZzP61agGbvh1F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SearchIndexer.exe

Files

SearchIndexer.exe
.exe windows x64

39d18e80f127f0ca9665cb3d33c1c165

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

___mb_cur_max_func
setlocale
toupper
_wcsnicmp
wcstok
strchr
free
vswprintf_s
_vscwprintf
_wcslwr_s
wcspbrk
qsort
_get_errno
_set_errno
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
bsearch
wcsstr
strncmp
swscanf
towupper
__uncaught_exception
wcsncmp
_wtol
wcschr
___lc_collate_cp_func
wcstol
memmove_s
memcmp
abort
iswspace
wcscpy_s
malloc
calloc
__C_specific_handler
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
__CxxFrameHandler3
memset
memmove
_wcsdup
___lc_handle_func
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
__pctype_func
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
__crtCompareStringW
_exit
_cexit
__crtLCMapStringW
_ismbblead
_wsetlocale
__setusermatherr
_initterm
wcsncpy_s
_acmdln
_fmode
_commode
??1exception@@UEAA@XZ
?terminate@@YAXXZ
___lc_codepage_func
_lock
iswxdigit
_unlock
realloc
_errno
_wcsicmp
??1type_info@@UEAA@XZ
_onexit
wcscat_s
memcpy_s
_vsnwprintf
__dllonexit
wcscmp

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LockResource
GetModuleHandleW
FindResourceExW
GetModuleFileNameA
LoadLibraryExW
GetModuleFileNameW
SizeofResource
GetProcAddress
FindStringOrdinal
GetModuleHandleExW
LoadResource
LoadStringW

api-ms-win-core-file-l1-1-0

FindFirstFileW
GetFileAttributesExW
CreateFileW
SetFileAttributesW
FindVolumeClose
GetFileTime
SetFileTime
GetFileAttributesW
FindClose
RemoveDirectoryW
FindNextVolumeW
FindNextFileW
GetDriveTypeW
FindFirstVolumeW
FindFirstFileExW
GetLogicalDrives
CompareFileTime
GetVolumeInformationW
DeleteFileW
CreateDirectoryW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceInitialize
WakeAllConditionVariable
Sleep
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
SetEvent
InitializeCriticalSection
CreateEventW
OpenSemaphoreW
TryAcquireSRWLockExclusive
InitializeCriticalSectionEx
CreateSemaphoreExW
LeaveCriticalSection
OpenEventW
WaitForSingleObject
ReleaseMutex
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
EnterCriticalSection
CreateMutexExW
InitializeSRWLock
DeleteCriticalSection
ReleaseSemaphore
AcquireSRWLockShared
CreateMutexW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapSetInformation
HeapAlloc
HeapSize
HeapReAlloc
HeapDestroy

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoRevertToSelf
PropVariantClear
CoRegisterClassObject
CoInitializeEx
CoImpersonateClient
CoGetMalloc
CLSIDFromString
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoUninitialize
CoRevokeClassObject
IIDFromString
CoMarshalInterface
CoTaskMemFree

api-ms-win-core-io-l1-1-0

DeviceIoControl

ntdll

RtlIsStateSeparationEnabled
RtlGetPersistedStateLocation
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
NtOpenFile
RtlNtStatusToDosError
RtlInitUnicodeString
RtlGetDeviceFamilyInfoEnum
RtlQueryPackageClaims

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThreadId
TlsFree
GetStartupInfoW
TlsAlloc
GetCurrentProcess
CreateThread
OpenProcessToken
SetPriorityClass
TerminateProcess
GetCurrentThread
GetCurrentProcessId

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW
RegGetKeySecurity
RegDeleteTreeW
RegCreateKeyExW
RegEnumValueW
RegDeleteKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegGetValueW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLCID
GetLocaleInfoW
GetSystemPreferredUILanguages
LCMapStringW
ResolveLocaleName
GetNLSVersionEx
LocaleNameToLCID
FormatMessageW

oleaut32

SafeArrayGetUBound
SafeArrayDestroy
SysStringByteLen
VariantInit
VarUI4FromStr
LoadTypeLi
SafeArrayGetElement
SysAllocStringByteLen
VarBstrCat
SysStringLen
SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
LoadRegTypeLi

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-shlwapi-legacy-l1-1-0

PathStripToRootW
PathCanonicalizeW
PathIsUNCServerW
PathFindNextComponentW
PathFileExistsW
PathAppendW
PathAddBackslashW
PathRemoveBackslashW
PathIsUNCW
PathIsUNCServerShareW
PathIsRootW
PathSkipRootW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
GetStringTypeW
CompareStringW
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SearchPathW
GetEnvironmentVariableW
GetCommandLineW
SetEnvironmentVariableW

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventEnabled
EventActivityIdControl
EventProviderEnabled
EventRegister
EventUnregister
EventSetInformation

api-ms-win-shcore-registry-l1-1-0

SHDeleteKeyW
SHSetValueW
SHGetValueW
SHCopyKeyW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetVersionExW
GetTickCount64
GetVersionExA
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy
OpenProcess

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

tquery

ciNew
ciDelete
ciNewNoThrow

shcore

SHStrDupW
ord1

mssrch

?Cleanup@CSearchServiceObj@@SAXXZ
??0CSearchServiceObj@@QEAA@XZ
?GetFileChangeClientManagerInstance@@YA?AV?$shared_ptr@UIFileChangeClientManager@ChangeTracking@Windows@@@std@@XZ
??1CSearchServiceObj@@QEAA@XZ

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNICW
StrStrIW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-path-l1-1-0

PathCchSkipRoot

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
MoveFileW

api-ms-win-service-core-l1-1-1

EnumDependentServicesW

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

rpcrt4

I_RpcBindingInqLocalClientPID

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-service-core-l1-1-0

SetServiceStatus
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-appmodel-runtime-l1-1-1

GetApplicationUserModelIdFromToken

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

Sections

.text
Size: 610KB - Virtual size: 610KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39d18e80f127f0ca9665cb3d33c1c165

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-io-l1-1-0

ntdll

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-localization-l1-2-0

oleaut32

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-shell-shdirectory-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-service-management-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-apiquery-l1-1-0

tquery

shcore

mssrch

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-service-core-l1-1-1

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-0

rpcrt4

api-ms-win-core-memory-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-service-core-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-appmodel-runtime-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-psapi-l1-1-0

Sections

.text Size: 610KB - Virtual size: 610KB

.rdata Size: 248KB - Virtual size: 248KB

.data Size: 5KB - Virtual size: 14KB

.pdata Size: 38KB - Virtual size: 37KB

.didat Size: 1024B - Virtual size: 752B

.text
Size: 610KB - Virtual size: 610KB

.rdata
Size: 248KB - Virtual size: 248KB

.data
Size: 5KB - Virtual size: 14KB

.pdata
Size: 38KB - Virtual size: 37KB

.didat
Size: 1024B - Virtual size: 752B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 7KB - Virtual size: 6KB