Procmon64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Procmon64.exe
Size

2.6MB
MD5

233915449be7b863c39f5e5e0857447b
SHA1

92e886a4db334554dd1400b45ab06093f60d3459
SHA256

ddda2f81e0f13f065e7b2268db1d6e2ecfe01f05e72a1780af36c66e7ec6fa9e
SHA512

7195aa5ee759feafb4ad6a6bd0c41c25be6b802844ed6caefd0646b1f071addb87919c5162d5e56dd0eb9f9461d0350ccf6f4e3fc86c373a72480d7be63ca943
SSDEEP

49152:DPTvNoy+3HsLyBkKEBaxNAwNwNhhItBTNdzYuL:IXsLyBkKEBSYN7IHBdzYuL

Score

1^/10

Malware Config

Signatures

Files

Procmon64.exe
.exe windows x64

631833bfb6819a2585b78641742a7d20

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:5c:95:73:a0:44:e7:f7:12:c2:f6:b3:57:69:b0:53:0f:16:26:4d:c4:db:4c:1e:4a:d1:dd:64:22:ec:70:a4
Signer

Actual PE Digest

9a:5c:95:73:a0:44:e7:f7:12:c2:f6:b3:57:69:b0:53:0f:16:26:4d:c4:db:4c:1e:4a:d1:dd:64:22:ec:70:a4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

recv
listen
getsockname
send
socket
gethostbyname
connect
ntohs
WSAStartup
htonl
inet_addr
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
WSASetLastError
closesocket
htons
bind
accept
WSAGetLastError

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

ImageList_SetBkColor
ImageList_AddMasked
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_GetImageCount
ImageList_DrawIndirect
CreateStatusWindowW
ImageList_SetOverlayImage
InitCommonControlsEx
ImageList_Add
ImageList_Draw
ImageList_GetIcon
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon

fltlib

FilterSendMessage
FilterConnectCommunicationPort
FilterGetMessage
FilterReplyMessage

kernel32

SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
GetFileSize
SetFilePointer
CreateFileMappingW
UnmapViewOfFile
LoadLibraryExA
GetFullPathNameW
GlobalMemoryStatusEx
FreeResource
Sleep
CreateThread
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
InitializeCriticalSection
DeleteCriticalSection
ExpandEnvironmentStringsW
GetCurrentDirectoryW
DeleteFileW
SetFileAttributesW
GetSystemDirectoryW
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeSRWLock
GetSystemInfo
MulDiv
RaiseException
InitializeCriticalSectionEx
GlobalAddAtomW
EnumResourceNamesW
SetCurrentDirectoryW
CompareStringW
GetLocaleInfoW
lstrcmpW
GetCurrentProcess
MultiByteToWideChar
SetEndOfFile
TryEnterCriticalSection
MapViewOfFile
FileTimeToLocalFileTime
LocalFileTimeToFileTime
ReadFile
FormatMessageW
FileTimeToSystemTime
SystemTimeToFileTime
GetDateFormatW
GetTimeFormatW
GetNumberFormatW
QueryPerformanceCounter
QueryPerformanceFrequency
HeapCreate
SetEvent
ResetEvent
ReleaseSemaphore
CreateEventW
WaitForMultipleObjects
CreateSemaphoreW
SetThreadPriority
GetComputerNameA
GetFileAttributesExW
DecodePointer
GetCurrentProcessId
SetProcessShutdownParameters
GetComputerNameW
SetConsoleCtrlHandler
OpenThread
GetSystemDirectoryA
TrySubmitThreadpoolCallback
LoadLibraryA
FindClose
FindFirstFileW
FindNextFileW
SetEnvironmentVariableW
ExpandEnvironmentStringsA
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
InterlockedPopEntrySList
InterlockedPushEntrySList
WideCharToMultiByte
GetStringTypeW
LCMapStringEx
GetCPInfo
RtlPcToFileHeader
RtlUnwindEx
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetConsoleCP
ExitThread
FreeLibraryAndExitThread
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
IsWow64Process
OpenProcess
CreateProcessW
TerminateProcess
ExitProcess
WaitForSingleObject
GetLastError
GetEnvironmentVariableW
VerifyVersionInfoW
lstrlenW
LoadLibraryW
FreeLibrary
CreateRemoteThreadEx
GetThreadId
ResumeThread
GetCurrentThread
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetTempPathW
WriteFile
CreateFileW
VerSetConditionMask
GetModuleFileNameW
GetPrivateProfileStringW
EncodePointer
GetPrivateProfileIntW
GetCurrentThreadId
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetFileAttributesW
GlobalLock
GlobalUnlock
GlobalAlloc
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExW
GetVersionExW
SetLastError
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
ReadConsoleW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
WriteConsoleW
GetStartupInfoW
InitializeSListHead
OutputDebugStringW
lstrcmpiW
IsValidLocale

user32

EqualRect
FlashWindowEx
LoadStringA
DrawEdge
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetMessagePos
PostQuitMessage
GetWindowPlacement
SetWindowPlacement
CheckRadioButton
CharLowerW
LoadAcceleratorsW
CreatePopupMenu
RemoveMenu
InsertMenuItemW
SetRectEmpty
ChildWindowFromPoint
DrawFrameControl
CheckMenuRadioItem
SetRect
WindowFromPoint
ClientToScreen
AdjustWindowRectEx
SetMenuDefaultItem
GetMenuItemInfoW
DeleteMenu
AppendMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
EnableMenuItem
DestroyMenu
LoadMenuW
GetCapture
SetFocus
GetDlgCtrlID
SetDlgItemInt
CreateDialogParamW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetClassInfoExW
RegisterClassExW
UnregisterClassW
UnregisterHotKey
RegisterHotKey
TrackMouseEvent
MonitorFromPoint
GetIconInfo
LoadIconW
MapWindowPoints
GetCursor
GetCursorPos
GetFocus
LoadStringW
MessageBeep
SetActiveWindow
GetDesktopWindow
DialogBoxParamW
LoadImageW
GetWindow
MessageBoxW
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextW
DestroyWindow
GetMenuStringW
GetClassLongPtrW
SetDlgItemTextW
GetAncestor
GetMonitorInfoW
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
DrawIconEx
DestroyIcon
CallNextHookEx
SetWindowsHookExW
GetClassNameW
GetParent
SetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ScreenToClient
GetClientRect
GetWindowTextLengthW
GetWindowTextW
ShowScrollBar
SetScrollPos
RedrawWindow
ValidateRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
DrawTextW
TrackPopupMenuEx
IntersectRect
ScrollWindowEx
GetUpdateRgn
GetUpdateRect
GetKeyState
IsDialogMessageW
UnhookWindowsHookEx
GetForegroundWindow
SetMenuItemInfoW
SetMenuInfo
ModifyMenuW
GetSystemMetrics
IsWindowEnabled
KillTimer
SetTimer
ReleaseCapture
SetCapture
IsZoomed
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
CreateWindowExW
SetMenu
GetMenu
TranslateAcceleratorW
CharNextW
IsMenu
GetWindowThreadProcessId
FindWindowExW
FindWindowW
SetForegroundWindow
IsIconic
WaitForInputIdle
CreateIconFromResourceEx
GetDlgItemInt
GetActiveWindow
RegisterWindowMessageW
GetAsyncKeyState
SetWindowTextA
EnumChildWindows
InsertMenuW
GetWindowRect
CheckMenuItem
CallWindowProcW
DefWindowProcW
PostMessageW
GetSysColor
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
SendMessageW
UnionRect
GetPropW
IsWindow
SetPropW
MonitorFromWindow

gdi32

GetBkMode
RectInRegion
SelectClipRgn
CreateBitmap
CreatePatternBrush
CreateRectRgnIndirect
GetPixel
PatBlt
SetPixel
SetBrushOrgEx
RestoreDC
SaveDC
SetROP2
CreateRectRgn
GdiFlush
GetCurrentObject
GetObjectW
GetBitmapBits
CreateDIBSection
SetViewportOrgEx
Polyline
Polygon
ExcludeClipRect
CreateFontW
ExtTextOutW
TextOutW
MoveToEx
GetTextMetricsW
SetTextAlign
SetTextColor
SetBkMode
SetBkColor
SelectObject
Rectangle
LineTo
GetTextExtentPoint32W
GetStockObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
CreateSolidBrush
EndPage
StartPage
EndDoc
StartDocW
GetBkColor
GetDeviceCaps
SetMapMode

comdlg32

GetSaveFileNameW
ChooseColorW
GetOpenFileNameW
ChooseFontW
FindTextW
PrintDlgW

advapi32

RegOpenKeyExA
RegQueryValueExA
ConvertStringSidToSidW
ConvertSidToStringSidW
RegSetValueW
RegEnumKeyW
LookupAccountSidW
MapGenericMask
GetTokenInformation
GetLengthSid
FreeSid
EqualSid
AllocateAndInitializeSid
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

shell32

SHGetSpecialFolderLocation
ShellExecuteW
SHGetPathFromIDListW
CommandLineToArgvW
SHChangeNotify
SHBrowseForFolderW
ExtractIconExW
SHGetMalloc
DragQueryFileW
ShellExecuteExW
SHGetFileInfoW

ole32

ReleaseStgMedium
OleInitialize
RegisterDragDrop
CreateBindCtx
CoInitializeEx
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoSetProxyBlanket
OleUninitialize

oleaut32

SysAllocStringLen
VariantTimeToSystemTime
VarUI4FromStr
VariantChangeType
VariantCopy
VariantClear
VariantInit
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString

shlwapi

SHAutoComplete

uxtheme

IsThemeActive
IsAppThemed
SetWindowTheme

dwmapi

DwmSetWindowAttribute
DwmDefWindowProc

ntdll

RtlGetVersion
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

Sections

.text
Size: 928KB - Virtual size: 928KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

631833bfb6819a2585b78641742a7d20

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:ccCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

9a:5c:95:73:a0:44:e7:f7:12:c2:f6:b3:57:69:b0:53:0f:16:26:4d:c4:db:4c:1e:4a:d1:dd:64:22:ec:70:a4Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

version

comctl32

fltlib

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

uxtheme

dwmapi

ntdll

Sections

.text Size: 928KB - Virtual size: 928KB

.rdata Size: 310KB - Virtual size: 309KB

.data Size: 23KB - Virtual size: 37KB

.pdata Size: 36KB - Virtual size: 35KB

.detourc Size: 26KB - Virtual size: 26KB

.detourd Size: 512B - Virtual size: 72B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 9KB - Virtual size: 9KB

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

9a:5c:95:73:a0:44:e7:f7:12:c2:f6:b3:57:69:b0:53:0f:16:26:4d:c4:db:4c:1e:4a:d1:dd:64:22:ec:70:a4
Signer

.text
Size: 928KB - Virtual size: 928KB

.rdata
Size: 310KB - Virtual size: 309KB

.data
Size: 23KB - Virtual size: 37KB

.pdata
Size: 36KB - Virtual size: 35KB

.detourc
Size: 26KB - Virtual size: 26KB

.detourd
Size: 512B - Virtual size: 72B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 9KB - Virtual size: 9KB