procexp[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

procexp.exe
Size

2.5MB
MD5

499ef4174752b7093040974fd97fa470
SHA1

bcf1d95888b10cd9f25ee86fee23f3c2834df9f9
SHA256

40745a9f1e17a56809a3abd71dc92113437d72aa858f0fc6b464927b143ca55d
SHA512

ff47744faa2be19218176b37ffa052335cc2ee5b0496020617bddb6287f032ca504646deb01cf766fac671a8741016f19f8c919138da3ba8ac6c78ba75efcc65
SSDEEP

49152:ShqGRrMaduD+fx0YPloFh0/6gQV/qpTn6tt:SfMY8o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
procexp.exe

Files

procexp.exe
.exe windows x86

f2083a2174730ff914b15606f7ce953f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

ColorHLSToRGB
ColorRGBToHLS
ord176
UrlUnescapeW

ws2_32

ntohs
htonl
htons
gethostbyaddr
getservbyport
WSAStartup
ntohl

mpr

WNetGetConnectionW

comctl32

ImageList_Create
CreateStatusWindowW
CreatePropertySheetPageW
ord410
CreateToolbarEx
ord413
ImageList_ReplaceIcon
ImageList_Add
InitCommonControlsEx
ImageList_Destroy
ImageList_DrawEx
ord17
PropertySheetW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

credui

CredUIPromptForCredentialsW

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

crypt32

CertDuplicateCertificateContext
CertGetNameStringW

kernel32

VirtualQueryEx
GetProcessAffinityMask
GetCurrentProcessId
SetThreadAffinityMask
SetFilePointer
GetSystemDirectoryW
DeleteFileW
SearchPathW
OpenThread
GetThreadContext
SuspendThread
ResumeThread
Thread32First
Thread32Next
ResetEvent
QueryPerformanceCounter
QueryPerformanceFrequency
IsBadReadPtr
GetEnvironmentVariableW
GlobalMemoryStatus
SetProcessWorkingSetSize
TerminateProcess
GetProcessId
PulseEvent
SetPriorityClass
GetComputerNameW
VirtualAlloc
VirtualFree
GetProcessWorkingSetSize
DeviceIoControl
DuplicateHandle
GetDriveTypeW
GetCurrentDirectoryW
WideCharToMultiByte
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetSystemInfo
ExpandEnvironmentStringsA
LoadLibraryA
GetFileType
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
GetCurrentThreadId
IsProcessorFeaturePresent
RtlUnwind
IsDebuggerPresent
EncodePointer
GetStringTypeW
lstrlenA
lstrcmpiW
lstrcmpW
ReadProcessMemory
OpenEventW
SetLastError
IsBadStringPtrW
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
DeleteCriticalSection
Module32NextW
Module32FirstW
TerminateThread
GlobalUnlock
GlobalLock
GlobalReAlloc
GlobalAlloc
FindResourceExW
FindResourceW
SizeofResource
LoadResource
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
GetCommandLineW
LocalAlloc
FormatMessageW
GlobalAddAtomW
GetTickCount
MulDiv
GetFileSizeEx
GetExitCodeThread
CreateThread
CreateEventW
WaitForMultipleObjects
WaitForSingleObject
SetEvent
EnterCriticalSection
GetCurrentThread
LeaveCriticalSection
FindNextFileW
FindClose
MultiByteToWideChar
GetModuleHandleW
ReadFile
LoadLibraryExW
FreeLibrary
GetPrivateProfileStringW
FindFirstFileW
GetFileAttributesW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetNumberFormatW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
CreateFileW
GetFullPathNameW
GetWindowsDirectoryW
OutputDebugStringW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
CreateProcessW
GetModuleFileNameW
LoadLibraryW
CreateFileMappingW
TlsSetValue
TlsAlloc
lstrlenW
UnmapViewOfFile
MapViewOfFile
FormatMessageA
FileTimeToSystemTime
FileTimeToLocalFileTime
CloseHandle
GetFileTime
WriteFile
GetStdHandle
GetFileSize
Sleep
InitializeCriticalSection
SetErrorMode
GetLastError
ExitThread
GetCurrentProcess
OpenProcess
LocalFree
GetVersion
GetProcAddress
InterlockedDecrement
InterlockedIncrement
TlsGetValue
FlushFileBuffers
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
SetFilePointerEx
SetStdHandle
WriteConsoleW
ReadConsoleW
SetEndOfFile
SetEnvironmentVariableA

user32

GetWindow
GetDesktopWindow
IsWindowEnabled
KillTimer
MsgWaitForMultipleObjects
GetDlgCtrlID
CheckRadioButton
SendMessageTimeoutW
PeekMessageW
GetUserObjectSecurity
SetUserObjectSecurity
IsDialogMessageW
DrawIconEx
CheckMenuRadioItem
WindowFromPoint
RedrawWindow
TrackPopupMenu
RemoveMenu
CreateMenu
DrawMenuBar
LoadMenuW
TranslateAcceleratorW
LoadAcceleratorsW
GetDlgItemTextW
CreateDialogParamW
IsWindow
PostQuitMessage
ExitWindowsEx
DispatchMessageW
TranslateMessage
GetMessageW
DrawEdge
RegisterWindowMessageW
GetWindowDC
SetMenuItemInfoW
IsIconic
ShowWindowAsync
SystemParametersInfoW
EnumWindows
SetClassLongW
GetWindowTextW
InvalidateRgn
TrackPopupMenuEx
ModifyMenuW
AppendMenuW
GetMenuItemCount
GetMenuItemID
EnableMenuItem
CreatePopupMenu
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetWindowPlacement
LoadImageW
SetWindowPlacement
DefMDIChildProcW
DefFrameProcW
DefDlgProcW
CreateIconIndirect
FrameRect
ClientToScreen
IsWindowVisible
DestroyWindow
GetClassNameW
EnumChildWindows
PtInRect
UnionRect
CopyRect
ScreenToClient
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsZoomed
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DrawFrameControl
ChildWindowFromPoint
SetDlgItemTextW
DialogBoxParamW
MoveWindow
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
GetScrollInfo
SetScrollInfo
GetParent
GetClassLongW
SetWindowLongW
GetWindowLongW
OffsetRect
IntersectRect
InflateRect
FillRect
GetSysColorBrush
GetSysColor
MapWindowPoints
SendMessageW
WaitForInputIdle
ShowWindow
SetFocus
GetMenu
CheckMenuItem
GetSubMenu
InsertMenuW
GetCursorPos
GetWindowRect
GetClientRect
GetPropW
SetPropW
ScrollWindowEx
ValidateRect
InvalidateRect
GetUpdateRgn
GetUpdateRect
EndPaint
BeginPaint
UpdateWindow
DrawTextW
GetSystemMetrics
SetTimer
DeleteMenu
SetForegroundWindow
MessageBoxW
SetCursor
FindWindowW
FindWindowExW
GetWindowThreadProcessId
LoadCursorW
LoadIconW
DestroyIcon
EnumDisplaySettingsW
GetDC
ReleaseDC
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetFocus
SetWindowPos
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
PostMessageW
LoadStringW
RegisterClassW

gdi32

EndDoc
StartDocW
SetBkMode
SetTextColor
GetTextMetricsW
Polyline
StartPage
EndPage
CreateFontIndirectW
GetTextExtentPoint32W
SetTextAlign
ExtTextOutW
SetMapMode
MoveToEx
SetROP2
SaveDC
RestoreDC
Rectangle
LineTo
CreateDIBSection
GetObjectW
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
GetBkColor
GetBkMode
GetDeviceCaps
GetStockObject
RectInRegion
SelectClipRgn
SelectObject
SetBkColor

comdlg32

FindTextW
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW
PrintDlgW
ChooseFontW

advapi32

RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
LookupPrivilegeNameW
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetKernelObjectSecurity
CreateProcessAsUserW
RegConnectRegistryW
FlushTraceW
ConvertSidToStringSidW
LsaEnumerateAccountRights
RegCloseKey
LsaOpenPolicy
LsaClose
LsaFreeMemory
SetSecurityInfo
GetSecurityInfo
AddAccessAllowedAce
GetAce
AddAce
InitializeAcl
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
IsValidSid
SetTokenInformation
QueryServiceConfigW
CopySid
RevertToSelf
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
EqualSid
AllocateAndInitializeSid
GetLengthSid
CloseTrace
ProcessTrace
OpenTraceW
ControlTraceW
StartTraceW
SetServiceObjectSecurity
QueryServiceObjectSecurity
MapGenericMask
RegCreateKeyW
StartServiceW
QueryServiceStatus
FreeSid
LookupAccountSidW
LookupAccountNameW
LookupPrivilegeValueW
ImpersonateLoggedOnUser
DuplicateTokenEx
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
RegLoadKeyW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegUnLoadKeyW
RegQueryValueW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegDeleteValueW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
ControlService

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetMalloc
Shell_NotifyIconW
ShellExecuteExW
SHGetFileInfoW
ShellExecuteW

ole32

CoMarshalInterThreadInterfaceInStream
CoSetProxyBlanket
CoGetInterfaceAndReleaseStream
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SafeArrayGetLBound
SysAllocStringLen
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocString
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType
SafeArrayDestroy
SafeArrayGetUBound

winhttp

WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpWriteData

psapi

GetModuleFileNameExW

Sections

.text
Size: 741KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2083a2174730ff914b15606f7ce953f

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ws2_32

mpr

comctl32

version

credui

setupapi

crypt32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

winhttp

psapi

Sections

.text Size: 741KB - Virtual size: 740KB

.rdata Size: 173KB - Virtual size: 172KB

.data Size: 36KB - Virtual size: 182KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 49KB - Virtual size: 48KB

.text
Size: 741KB - Virtual size: 740KB

.rdata
Size: 173KB - Virtual size: 172KB

.data
Size: 36KB - Virtual size: 182KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 49KB - Virtual size: 48KB