explorer[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

explorer.exe
Size

4.5MB
MD5

6f5d250eaede1d80806ecbc487c7b9b8
SHA1

ae81139ed3184bac4e8e7dc51beff7228264bd37
SHA256

a4cf3a2bd03cf8a28d97c10a8ad2952bfe4c2037c99e1c56a81e3f928a8d349d
SHA512

8d9f60c37ca7834b572fa1606c33713d45cb57605f9fe45fc35a250c13f0e1091aa918c24c19c9cdebd077382a6bcd4034406fe949bbc6f01d0b8e3ef5ecf612
SSDEEP

98304:3vOlNys//OcTpZrp0MywhKkgSft7giztzlO/w8a0cDLb:3vOlNys//bTpZrSMvhKkgSV7giztGwFh

Score

1^/10

Malware Config

Signatures

Files

explorer.exe
.exe windows x86

7b5affe9b569b5a02b277258a4e2c45a

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-02-2023 00:05

Not After

01-02-2024 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c4:6b:f2:88:28:ad:27:3e:ce:62:73:97:41:07:3c:c5:ca:8a:61:55:38:3f:fe:aa:7e:8a:86:d5:a6:27:3c:23
Signer

Actual PE Digest

c4:6b:f2:88:28:ad:27:3e:ce:62:73:97:41:07:3c:c5:ca:8a:61:55:38:3f:fe:aa:7e:8a:86:d5:a6:27:3c:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp_win

?_Xout_of_range@std@@YAXPBD@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
_Thrd_detach
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG0@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?tolower@?$ctype@G@std@@QBEPBGPAGPBG@Z
?_Xbad_alloc@std@@YAXXZ
?tolower@?$ctype@G@std@@QBEGG@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
_Wcscoll
_Wcsxfrm
?_Xbad_function_call@std@@YAXXZ
??Bid@locale@std@@QAEIXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
??0_Lockit@std@@QAE@H@Z
??0_Locinfo@std@@QAE@PBD@Z
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??1_Lockit@std@@QAE@XZ
??1_Locinfo@std@@QAE@XZ
?is@?$ctype@G@std@@QBE_NFG@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Incref@facet@locale@std@@UAEXXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?width@ios_base@std@@QAE_J_J@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Xtime_get_ticks
_Mtx_unlock
_Mtx_lock
?_Xlength_error@std@@YAXPBD@Z
?id@?$collate@G@std@@2V0locale@2@A

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_initterm
_set_error_mode
_register_thread_local_exe_atexit_callback

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-crt-string-l1-1-0

strncmp
wcscspn
wcsncmp
memset

api-ms-win-crt-private-l1-1-0

_o_exit
_o_floor
_o_free
_o_iswalnum
_o_iswspace
_o_malloc
_o_memcpy_s
_o_realloc
_o_roundf
_o_terminate
_o_toupper
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
_except_handler4_common
_o__purecall
_o__mktime32
_o__wtoi
memmove
_o_ceil
_o__wcsnicmp
_o__wcsicmp
_o__localtime32
_o_bsearch
_o__itow_s
_o__set_new_mode
_o__set_fmode
_o__set_errno
_o__set_app_type
_o__seh_filter_exe
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
_o__get_errno
_o__exit
_o__errno
_o__difftime32
_o__crt_atexit
_o__controlfp_s
_o__configure_wide_argv
_o__configthreadlocale
_o__CIsqrt
_o__CIpow
_o__cexit
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
wcsstr
__std_terminate
__CxxFrameHandler3
_o__register_onexit_function
_o__recalloc
_CxxThrowException
memcmp
memcpy

aepic

PicFreeFileInfo
PicRetrieveFileInfo

twinapi

ord9

api-ms-win-core-job-l2-1-0

SetInformationJobObject
QueryInformationJobObject
CreateJobObjectW
AssignProcessToJobObject

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-core-url-l1-1-0

HashData
UrlUnescapeW
PathIsURLW

api-ms-win-core-kernel32-private-l1-1-0

CheckElevation
CheckElevationEnabled

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetBoolUSValueW
SHRegGetUSValueW

api-ms-win-core-com-private-l1-1-0

CoRegisterMessageFilter

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
ReleaseActCtx
DeactivateActCtx
CreateActCtxW

ntdll

RtlGetVersion
ZwQuerySystemInformation
RtlInitString
wcsspn
RtlInitUnicodeString
ZwQueryValueKey
RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
ZwQueryDirectoryFile
RtlNtPathNameToDosPathName
ZwOpenFile
ZwEnumerateKey
RtlInitUnicodeStringEx
RtlFormatCurrentUserKeyPath
ZwCreateFile
ZwQueryInformationFile
ZwCreateSection
ZwQueryInformationProcess
ZwSetInformationProcess
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlQueryResourcePolicy
NtOpenThreadToken
NtClose
NtQueryInformationToken
NtOpenProcessToken
RtlCompareUnicodeString
RtlFreeHeap
RtlpEnsureBufferSize
wcschr
RtlDosPathNameToNtPathName_U_WithStatus
wcsrchr
strchr
RtlPublishWnfStateData
NtSetSystemInformation
RtlFlushHeaps
NtQueryWnfStateData
ZwOpenKey
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlQueryWnfStateData
RtlNtStatusToDosError
ZwClose
RtlGetDeviceFamilyInfoEnum
NtSetInformationProcess
NtQueryInformationProcess
RtlReAllocateHeap
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlRunOnceExecuteOnce
RtlCopyUnicodeString
RtlUpcaseUnicodeString
RtlIsStateSeparationEnabled
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlFreeUnicodeString
NtSetThreadExecutionState
VerSetConditionMask
WinSqmSetDWORD
WinSqmIsOptedIn
WinSqmAddToStreamEx

api-ms-win-core-libraryloader-l1-2-0

FindStringOrdinal
FindResourceExW
SizeofResource
LoadLibraryExW
LockResource
LoadStringW
GetModuleFileNameW
GetModuleHandleExW
FreeLibrary
GetModuleFileNameA
LoadResource
GetModuleHandleW
GetModuleHandleA
GetProcAddress

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
Sleep

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
SleepEx
InitializeCriticalSectionEx
TryEnterCriticalSection
SetEvent
InitializeSRWLock
ReleaseSRWLockExclusive
WaitForMultipleObjectsEx
CreateEventW
CreateEventExW
TryAcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
OpenMutexW
OpenEventW
ReleaseSemaphore
EnterCriticalSection
WaitForSingleObject
WaitForSingleObjectEx
ReleaseMutex
DeleteCriticalSection
AcquireSRWLockShared
ResetEvent
CreateMutexW
LeaveCriticalSection
CreateMutexExW
ReleaseSRWLockShared
CreateSemaphoreExW
OpenSemaphoreW
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
SetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-file-l1-1-0

CompareFileTime
GetLongPathNameW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
WriteFile
CreateFileW
GetFileAttributesW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventActivityIdControl
EventWriteTransfer
EventWrite
EventEnabled
EventUnregister
EventProviderEnabled

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenCurrentUser
RegDeleteValueW
RegEnumValueW
RegNotifyChangeKeyValue
RegDeleteTreeW
RegCreateKeyExW
RegGetValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyExW
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
CreateThreadpoolWait
SubmitThreadpoolWork
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolTimer
CreateThreadpoolWork
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetPriorityClass
OpenProcessToken
GetStartupInfoW
CreateProcessW
GetCurrentThreadId
ExitProcess
SetThreadPriorityBoost
GetThreadPriority
SetProcessShutdownParameters
OpenThread
GetCurrentProcess
OpenThreadToken
GetProcessId
SetPriorityClass
CreateThread
ResumeThread
GetCurrentProcessId
ProcessIdToSessionId
SetThreadPriority
GetExitCodeProcess
QueueUserAPC
TerminateProcess

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
GetUserDefaultLangID
GetLocaleInfoW
FormatMessageW
GetThreadUILanguage
GetLocaleInfoEx
GetCalendarInfoW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

oleaut32

SysFreeString
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
VariantClear
VarUI4FromStr
SafeArrayCreate
SysAllocString
SysStringLen
VariantInit
SysAllocStringByteLen

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-shcore-sysinfo-l1-1-0

SetCurrentProcessExplicitAppUserModelID
IsOS

api-ms-win-core-com-l1-1-0

CoRegisterClassObject
CoRevokeClassObject
IIDFromString
CoGetStdMarshalEx
CoTaskMemRealloc
CoCancelCall
CoDisableCallCancellation
CoGetInterfaceAndReleaseStream
CoGetObjectContext
CLSIDFromString
CoTaskMemAlloc
CoGetMalloc
CoInitializeEx
CoCreateGuid
CoUninitialize
StringFromIID
StringFromGUID2
CoMarshalInterThreadInterfaceInStream
CoTaskMemFree
CreateStreamOnHGlobal
CoReleaseMarshalData
CoIncrementMTAUsage
PropVariantClear
CoGetCallContext
CoSetProxyBlanket
CoEnableCallCancellation
CoInitializeSecurity
CoCreateInstance
CoFreeUnusedLibraries
CoGetApartmentType
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrToIntW
StrCmpICA
StrCmpICW
QISearch
StrRChrW
StrCmpW
StrStrIW
StrCmpNICW
StrCmpNIW
StrChrW
StrChrIW
StrCmpIW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW
CommandLineToArgvW

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_Set
IUnknown_GetSite
IUnknown_QueryService
IUnknown_SetSite

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalReAlloc
LocalAlloc
LocalFree
GlobalFree

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess
GetProcessMitigationPolicy

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTime
GetSystemTimeAsFileTime
GetVersionExW
GetLocalTime
GetTickCount64
GetWindowsDirectoryW
GetLogicalProcessorInformation
GetSystemDirectoryW

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetCurrentDirectoryW
SearchPathW
ExpandEnvironmentStringsW

api-ms-win-core-shlwapi-legacy-l1-1-0

SHExpandEnvironmentStringsW
PathFindFileNameW
PathQuoteSpacesW
PathGetDriveNumberW
PathFindExtensionW
PathCommonPrefixW
PathParseIconLocationW
PathIsFileSpecW
PathFileExistsW
PathRemoveFileSpecW
PathGetArgsW
PathRemoveBlanksW
PathCombineW

api-ms-win-core-winrt-string-l1-1-0

WindowsCompareStringOrdinal
WindowsGetStringLen
WindowsDeleteStringBuffer
WindowsPreallocateStringBuffer
WindowsDeleteString
WindowsPromoteStringBuffer
WindowsCreateStringReference
WindowsCreateString
WindowsSubstringWithSpecifiedLength
WindowsDuplicateString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory
RoActivateInstance

api-ms-win-shcore-registry-l1-1-0

SHSetValueW
SHQueryInfoKeyW
SHGetValueW
SHDeleteKeyW
SHDeleteValueW
SHEnumKeyExW
SHRegGetValueW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar
CompareStringW

api-ms-win-shcore-thread-l1-1-0

SHCreateThreadRef
SHCreateThread
SHSetThreadRef
SetProcessReference
SHGetThreadRef

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiW

api-ms-win-security-base-l1-1-0

CopySid
GetTokenInformation
EqualSid
GetAclInformation
GetAce
GetLengthSid
InitializeAcl
AddAce
SetKernelObjectSecurity
MakeAbsoluteSD
DeleteAce
IsValidSid
CreateWellKnownSid
CheckTokenMembership
DuplicateToken

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-errorhandling-l1-1-1

RemoveVectoredExceptionHandler

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoFailFastWithErrorContext
RoTransformError

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoOriginateLanguageException

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchRemoveFileSpec
PathCchAddExtension
PathCchAppend
PathAllocCombine

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation
SetThreadDescription

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
VirtualFree
VirtualProtect
MapViewOfFile
VirtualAlloc
UnmapViewOfFile
OpenFileMappingW

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileEx
IStream_Write
SHOpenRegStream2W
IStream_Reset
SHCreateMemStream
IStream_Read
SHCreateStreamOnFileW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-threadpool-legacy-l1-1-0

ChangeTimerQueueTimer
CreateTimerQueueTimer
DeleteTimerQueueTimer
UnregisterWaitEx

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
GetOsSafeBootMode

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

userenv

DeriveAppContainerSidFromAppContainerName
GetProfileType

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GetTimeZoneInformation
GetDynamicTimeZoneInformation

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
RegisterWaitForSingleObject
GetComputerNameW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW
QueryServiceConfigW

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-shcore-registry-l1-1-1

SHRegGetValueFromHKCUHKLM

api-ms-win-shcore-scaling-l1-1-1

ord244
GetDpiForMonitor

iphlpapi

GetNetworkConnectivityHint

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-stringansi-l1-1-0

CharNextA

api-ms-win-power-base-l1-1-0

CallNtPowerInformation
PowerDeterminePlatformRoleEx
GetPwrCapabilities

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord279
ord479
ShellMessageBoxW
ord478
ord635
AssocQueryStringW
SHPinDllOfCLSID
StrRetToStrW
ord509
SHIsChildOrSelf
ord197
ord292
PathRemoveArgsW
ord544
ord481
ord165
StrRetToBufW
IUnknown_GetWindow
SHCreateWorkerWindowW

api-ms-win-ntuser-sysparams-l1-1-0

EnumDisplayMonitors
QueryDisplayConfig
GetDisplayConfigBufferSizes
SystemParametersInfoW
GetMonitorInfoW
GetSystemMetrics
EnumDisplayDevicesW

api-ms-win-ntuser-rectangle-l1-1-0

SetRectEmpty
PtInRect
IsRectEmpty
IntersectRect
InflateRect
OffsetRect
SubtractRect
CopyRect
UnionRect
EqualRect
SetRect

api-ms-win-rtcore-ntuser-winevent-l1-1-0

NotifyWinEvent
UnhookWinEvent
SetWinEventHook

api-ms-win-shell-namespace-l1-1-0

SHParseDisplayName
ILClone
SHBindToFolderIDListParent
SHBindToParent
ILFindLastID
SHBindToObject
ILIsParent
ILCombine
ILCloneFirst
ILGetSize
SHGetNameFromIDList
ILFree
SHGetIDListFromObject
SHCreateItemFromParsingName
ILRemoveLastID
SHCreateItemFromIDList
ILIsEqual

dxgi

DXGIDeclareAdapterRemovalSupport

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

GetPointerType
GetPointerDevices
EnableMouseInPointer
GetCurrentInputMessageSource
GetPointerInfo

api-ms-win-storage-exports-internal-l1-1-0

SetThreadFlags
SHGetKnownFolderIDList
SHGetFolderPathEx
GetThreadFlags

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFullName
GetPackagesByPackageFamily

api-ms-win-rtcore-ntuser-wmpointer-l1-1-2

SetWindowFeedbackSetting

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

RegisterClipboardFormatW

api-ms-win-rtcore-ntuser-private-l1-1-0

GetWindowBand
CreateWindowInBand

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

RegisterPowerSettingNotification
UnregisterPowerSettingNotification

propsys

InitVariantFromResource
InitVariantFromGUIDAsString
PropVariantToStringAlloc
PSPropertyBag_WriteDWORD
PropVariantToUInt32
PSPropertyBag_WriteStr
PSGetPropertyFromPropertyStorage
PSCreateMemoryPropertyStore
PropVariantToBoolean

coremessaging

CreateDispatcherQueueController

urlmon

URLOpenBlockingStreamW

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

api-ms-win-shell-dataobject-l1-1-0

SHCreateDataObject

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId
FindPackagesByPackageFamily

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

gdi32

CreateFontIndirectW
GetStockObject
ExtTextOutW
GetTextMetricsW
SetTextAlign
SetTextColor
GetClipBox
SelectObject
CreateCompatibleDC
DeleteDC
GetObjectW
DeleteObject
CombineRgn
OffsetRgn
SetRectRgn
CreateRectRgn
GetDeviceCaps
CreateRectRgnIndirect
GetGlyphOutlineW
GetOutlineTextMetricsW
StretchBlt
ExcludeClipRect
SetStretchBltMode
Rectangle
GetClipRgn
SelectClipRgn
GetCurrentObject
GetTextExtentPoint32W

kernel32

SetProcessDEPPolicy
IsBadWritePtr

rpcrt4

RpcStringBindingComposeW
I_RpcExceptionFilter
UuidFromStringW
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
RpcBindingFromStringBindingW
NdrClientCall2

wininet

InternetCrackUrlW

shcore

SHUnicodeToAnsi
ord109
ord1
ord121
ord123
ord190
ord187
ord186
ord184
ord162
ord192
ord126
ord183
ord174
ord142
ord200

shell32

ord680
ord723
ord885
ord95
ord850
ord743
ord907
ord43
Shell_GetCachedImageIndexW
ord790
ord792
ord727
ord162
SHAppBarMessage
ord894
ord193
ord906
ord895
ShellExecuteW
SHGetLocalizedName
SHGetPropertyStoreForWindow
ord764
ord866
SHEvaluateSystemCommandTemplate
ord181
ord244
ExtractIconExW
ord132
ord137
Shell_NotifyIconW
Shell_NotifyIconGetRect
ord6
SHGetStockIconInfo
DuplicateIcon
ord91
ord254
ord54
SHEnableServiceObject
ord61
ord896
SHAddToRecentDocs
ord60
SHUpdateRecycleBinIcon
ord2
ord711
SHFileOperationW
ord4
SHGetPathFromIDListW
ord645
ord644
ord753
ord733
SHChangeNotifyRegisterThread
DragQueryFileW
ord67
SHCreateItemInKnownFolder
ord206
ord201
ord188
ord899
ShellExecuteExW
ord245
ord200
ord89
ord190
ord85
ord100
ord172
ord22
ord134

shlwapi

ord164
PathIsDirectoryW
ord413
ord548
ord163
ord467
AssocQueryKeyW
ChrCmpIW
PathIsRelativeW
AssocCreate

uxtheme

OpenThemeData
OpenThemeDataForDpi
GetThemeMargins
ord138
BufferedPaintSetAlpha
ord126
GetThemePartSize
IsThemeActive
GetBufferedPaintBits
GetThemeInt
GetThemeColor
GetThemeMetric
SetWindowTheme
GetWindowTheme
BufferedPaintUnInit
EndBufferedPaint
BeginBufferedPaint
BufferedPaintInit
CloseThemeData
DrawThemeParentBackground
DrawThemeBackground
GetThemeBackgroundExtent
GetThemeFont
DrawThemeTextEx
IsCompositionActive
IsAppThemed
GetThemeBool
ord86

dwmapi

DwmRegisterThumbnail
ord113
ord141
ord140
DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmIsCompositionEnabled
ord138
ord114
ord159
DwmQueryThumbnailSourceSize
DwmSetWindowAttribute
ord124
DwmUpdateThumbnailProperties
DwmUnregisterThumbnail
ord139

user32

GetMenuState
SetScrollInfo
GetScrollInfo
SetScrollPos
GetMenuStringW
InternalGetWindowText
GetLayeredWindowAttributes
SetLayeredWindowAttributes
DrawTextExW
IsProcessDPIAware
SetThreadDpiAwarenessContext
GetWindowCompositionAttribute
GetWindowProcessHandle
UpdateLayeredWindow
ord2521
GetCursorInfo
GetPhysicalCursorPos
GetClassLongW
GetClassWord
GetIconInfo
GetIconInfoExW
GhostWindowFromHungWindow
GetSysColorBrush
GetSystemMenu
ModifyMenuW
GetAsyncKeyState
ReplyMessage
MonitorFromPoint
GetMenuItemInfoW
GetMenuItemCount
CreateIconIndirect
AdjustWindowRectEx
GetDC
ReleaseDC
MonitorFromWindow
IsIconic
CreatePopupMenu
GetMenuDefaultItem
DestroyMenu
LoadCursorW
SetCursor
SetMenuItemInfoW
DefWindowProcA
IsWindowUnicode
LoadAcceleratorsW
ChangeWindowMessageFilterEx
TranslateAcceleratorW
ord2611
MonitorFromRect
GetGuiResources
IsHungAppWindow
ord2574
SwitchToThisWindow
EndTask
UnregisterHotKey
RegisterHotKey
DeleteMenu
SendDlgItemMessageW
UnregisterClassW
ord2522
EndDialog
GetMenuInfo
SetMenuInfo
GetDpiForSystem
GetWindowDpiAwarenessContext
AreDpiAwarenessContextsEqual
CharLowerW
IsCharAlphaNumericW
ExitWindowsEx
GetKeyState
FillRect
LoadIconW
HungWindowFromGhostWindow
CascadeWindows
ord2573
TileWindows
LockWorkStation
InjectMouseInput
MapVirtualKeyExW
InjectKeyboardInput
BringWindowToTop
InsertMenuW
ShowWindowAsync
UnregisterClassA
PostThreadMessageW
GetCaretBlinkTime
GetSysColor
CopyImage
DestroyIcon
DrawIconEx
GetSystemMetricsForDpi
ord2005
TrackMouseEvent
SetCapture
GetCapture
ReleaseCapture
GetDoubleClickTime
CalculatePopupWindowPosition
CopyIcon
GetLastInputInfo
AdjustWindowRect
GetDpiForWindow
IsTopLevelWindow
SetWindowCompositionAttribute
SetGestureConfig
LoadImageW
GetLastActivePopup
DrawTextW
CheckMenuItem
EnableMenuItem
RemoveMenu
LoadMenuW
SetMenuDefaultItem
TrackPopupMenuEx
GetSubMenu

sspicli

GetUserNameExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-1

PowerSetRequest
VerifyVersionInfoW
PowerCreateRequest

api-ms-win-security-isolatedcontainer-l1-1-1

IsProcessInWDAGContainer

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-kernel32-legacy-l1-1-2

SetTermsrvAppInstallMode

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-eventing-controller-l1-1-0

StartTraceW
StopTraceW
EnableTraceEx2

api-ms-win-appmodel-runtime-l1-1-3

GetStagedPackagePathByFullName2

api-ms-win-core-biptcltapi-l1-1-7

BiPtFreeMemory
BiPtEnumerateWorkItemsForPackageName
BiPtAssociateApplicationEntryPoint
BiPtQueryWorkItem

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b5affe9b569b5a02b277258a4e2c45a

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

c4:6b:f2:88:28:ad:27:3e:ce:62:73:97:41:07:3c:c5:ca:8a:61:55:38:3f:fe:aa:7e:8a:86:d5:a6:27:3c:23Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

aepic

twinapi

api-ms-win-core-job-l2-1-0

api-ms-win-core-windowserrorreporting-l1-1-3

api-ms-win-core-url-l1-1-0

api-ms-win-core-kernel32-private-l1-1-0

api-ms-win-core-registryuserspecific-l1-1-0

api-ms-win-core-com-private-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-shcore-sysinfo-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-l2-1-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-registry-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-shcore-unicodeansi-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-processthreads-l1-1-3

api-ms-win-core-memory-l1-1-0

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

c4:6b:f2:88:28:ad:27:3e:ce:62:73:97:41:07:3c:c5:ca:8a:61:55:38:3f:fe:aa:7e:8a:86:d5:a6:27:3c:23
Signer