LegacyNetUXHost[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

LegacyNetUXHost.exe
Size

192KB
MD5

29d407c7a6d5f4e7a0833d729ac57506
SHA1

93d1df4ea5431a7fd1096936340973f7e0b90a22
SHA256

685e84eaa5b71ce192686b1c193ead41146aff762d7dd95f9ee544fcea487926
SHA512

634186693759e5745e0d130b2b8d452d21e62999acaeb358185fb6ac7e892de8838fb6c307e0b94b963cbc0a68112af05651ac8c3f5216a273356c2066f0d41a
SSDEEP

3072:DLIsMfC5Tkkd+uri3KlMJLO+HUQILZx7+UvCa9R0zs04+HvLyWqS:XIsMfUTkc7mJ01XW4+HvLyWq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
LegacyNetUXHost.exe

Files

LegacyNetUXHost.exe
.exe windows x64

ed2ce9c8716ed66089aad02749c2cedb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_fmode
__CxxFrameHandler3
__C_specific_handler
_initterm
__setusermatherr
_commode
_unlock
_exit
wcscat_s
wcsrchr
exit
__dllonexit
__set_app_type
__wgetmainargs
_amsg_exit
_cexit
_lock
_XcptFilter
memmove
_onexit
memcmp
_beginthreadex
_endthreadex
??1type_info@@UEAA@XZ
_vsnprintf
swprintf_s
_wtol
memcpy
malloc
_CxxThrowException
?what@exception@@UEBAPEBDXZ
free
_wcmdln
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
_purecall
_vsnwprintf
?terminate@@YAXXZ
memset

ntdll

EtwEventWriteTransfer
DbgPrint
EtwEventEnabled
EtwTraceMessage
NtQueryWnfStateData
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameW
GetProcAddress
GetModuleHandleW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSize
HeapAlloc
GetProcessHeap

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
ProcessIdToSessionId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegisterTraceGuidsW

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoGetMalloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CLSIDFromString
CoTaskMemFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemDirectoryW
GetVersionExW
GetTickCount
GetSystemTimeAsFileTime

wlanapi

WlanCloseHandle
WlanDisconnect
WlanSendUIResponse
WlanIsUIRequestPending
WlanOpenHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
WaitForMultipleObjectsEx
InitializeCriticalSectionAndSpinCount
EnterCriticalSection

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

oleaut32

GetErrorInfo
SysFreeString
SysAllocString

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-registry-l1-1-0

RegLoadMUIStringW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed2ce9c8716ed66089aad02749c2cedb

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

wlanapi

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-string-l1-1-0

oleaut32

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 123KB - Virtual size: 122KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 4KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 64B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 820B

.text
Size: 123KB - Virtual size: 122KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 4KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 64B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 820B