explorer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

explorer.exe
Size

3.7MB
MD5

e2c42b80bf1a3b54fdd25993d67f5b2d
SHA1

a0b21c66caca7d17d62c5ed420a8830f7fb2656f
SHA256

0c360bc693572b3a97fb957cf825e7bb4fb8842567334dc96476bb38679f5b88
SHA512

b20d099eb8e36d59743175dd0d7d50618023310f03a18c0b301d1fc617907b7ecdef500d0101a29aac6c111a3ca67ddbbefa00a48748ad464906e5e1e2ff10a6
SSDEEP

98304:/+VNoZ/Wl+MznulUpm+6KhPM58iw8a0cDVCB:/+VNoZ/WgMznulUpm6hPM5PwFZa

Score

1^/10

Malware Config

Signatures

Files

explorer.exe
.exe windows:10 windows x86

f286894f8252487b629b97ae7b531556

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:f9:1c:76:0b:02:8c:6c:7a:b3:82:cd:da:5d:17:6d:c2:7d:c0:ec:e5:4d:18:5a:fc:8a:20:1e:b7:0a:fe:07
Signer

Actual PE Digest

c8:f9:1c:76:0b:02:8c:6c:7a:b3:82:cd:da:5d:17:6d:c2:7d:c0:ec:e5:4d:18:5a:fc:8a:20:1e:b7:0a:fe:07

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__CxxFrameHandler3
_controlfp
??1type_info@@UAE@XZ
_onexit
__dllonexit
strncmp
_CIpow
_initterm
__setusermatherr
_ftol2
_cexit
_snwprintf_s
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_vsnwprintf_s
_XcptFilter
___lc_handle_func
iswalnum
?terminate@@YAXXZ
__p__fmode
_ftol2_sse
toupper
malloc
free
realloc
bsearch
wcsncpy_s
wcscspn
_except_handler4_common
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
??0bad_cast@@QAE@ABV0@@Z
_errno
___lc_collate_cp_func
setlocale
_free_locale
_get_current_locale
__uncaught_exception
__pctype_func
___lc_codepage_func
calloc
memcmp
___mb_cur_max_func
_ismbblead
memset
abort
ceil
__crtLCMapStringW
__crtCompareStringW
_wcsdup
_unlock
_lock
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
memmove
memcpy
_CxxThrowException
_wcsicmp
_get_errno
_set_errno
wcsncmp
localtime
mktime
difftime
_CIsqrt
time
wcscat_s
wcscpy_s
_set_error_mode
wcsstr
memmove_s
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy_s
_vsnwprintf
_wcmdln
floor

twinapi

ord9

api-ms-win-core-job-l2-1-0

AssignProcessToJobObject
CreateJobObjectW
SetInformationJobObject
QueryInformationJobObject

api-ms-win-core-url-l1-1-0

UrlUnescapeW
HashData
PathIsURLW

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetBoolUSValueW
SHRegGetUSValueW

api-ms-win-core-com-private-l1-1-0

CoRegisterMessageFilter

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
DeactivateActCtx
CreateActCtxW
ActivateActCtx

ntdll

ZwCreateFile
ZwQueryInformationFile
ZwCreateSection
ZwQueryInformationProcess
ZwSetInformationProcess
RtlInitString
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlIsStateSeparationEnabled
RtlInitUnicodeStringEx
ZwEnumerateKey
RtlFormatCurrentUserKeyPath
ZwOpenFile
RtlNtPathNameToDosPathName
RtlpEnsureBufferSize
ZwQueryDirectoryFile
RtlFreeUnicodeString
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlIsMultiSessionSku
RtlIsMultiUsersInSessionSku
RtlDosPathNameToNtPathName_U_WithStatus
swscanf_s
WinSqmAddToStreamEx
WinSqmIsOptedIn
WinSqmSetDWORD
RtlQueryResourcePolicy
VerSetConditionMask
NtSetThreadExecutionState
RtlNtStatusToDosErrorNoTeb
RtlUpcaseUnicodeString
RtlCopyUnicodeString
RtlRunOnceExecuteOnce
RtlAppendUnicodeStringToString
NtQueryInformationProcess
RtlAppendUnicodeToString
NtSetInformationProcess
RtlAllocateHeap
RtlReAllocateHeap
RtlFreeHeap
ZwClose
ZwOpenKey
ZwQueryValueKey
RtlInitUnicodeString
ZwQuerySystemInformation
RtlGetVersion
wcsspn
wcsrchr
wcstol
_wcsnicmp
NtOpenThreadToken
NtClose
NtQueryInformationToken
NtOpenProcessToken
RtlCompareUnicodeString
wcschr
_itow_s
_wtoi
strchr
RtlNtStatusToDosError
NtQueryWnfStateData
RtlPublishWnfStateData
NtSetSystemInformation
RtlFlushHeaps
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
GetModuleHandleA
LoadStringW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW
SizeofResource
GetModuleFileNameW
LockResource
LoadResource
FindResourceExW
FindStringOrdinal
GetProcAddress

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
WakeAllConditionVariable
SleepConditionVariableSRW
Sleep
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
InitializeSRWLock
InitializeCriticalSection
CreateEventW
AcquireSRWLockExclusive
WaitForSingleObject
CreateEventExW
TryEnterCriticalSection
ResetEvent
ReleaseMutex
SleepEx
WaitForSingleObjectEx
ReleaseSRWLockExclusive
OpenEventW
OpenSemaphoreW
CreateMutexW
SetEvent
OpenMutexW
DeleteCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockShared
CreateMutexExW
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
ReleaseSRWLockShared
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapSetInformation

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError
SetErrorMode

api-ms-win-core-file-l1-1-0

CreateFileW
CompareFileTime
GetFileAttributesW
WriteFile
GetLongPathNameW
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventEnabled
EventUnregister
EventWriteTransfer
EventProviderEnabled
EventSetInformation
EventWrite
EventActivityIdControl

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolWork
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolTimer
SubmitThreadpoolWork

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
SetThreadPriority
GetThreadPriority
GetPriorityClass
GetStartupInfoW
ResumeThread
ExitProcess
OpenThread
SetProcessShutdownParameters
GetExitCodeProcess
SetPriorityClass
TerminateProcess
TerminateThread
SetThreadPriorityBoost
CreateThread
QueueUserAPC
GetProcessId
CreateProcessW
ProcessIdToSessionId
OpenProcessToken
GetCurrentThread
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
GetThreadUILanguage
GetCalendarInfoW
FormatMessageW
GetUserDefaultLangID
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

oleaut32

SysAllocStringByteLen
VarUI4FromStr
SafeArrayAccessData
SafeArrayCreate
SafeArrayUnaccessData
VariantClear
SafeArrayDestroy
VariantInit
SysAllocString
SysFreeString

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-shcore-sysinfo-l1-1-0

SetCurrentProcessExplicitAppUserModelID
IsOS

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoFreeUnusedLibraries
CoTaskMemRealloc
CLSIDFromString
CoInitializeSecurity
CoWaitForMultipleHandles
CreateStreamOnHGlobal
PropVariantClear
CoGetStdMarshalEx
CoGetApartmentType
StringFromIID
CoEnableCallCancellation
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoReleaseMarshalData
CoSetProxyBlanket
CoDisableCallCancellation
CoGetCallContext
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoCreateGuid
CoRegisterClassObject
CoCreateFreeThreadedMarshaler
CoCancelCall
IIDFromString
CoGetMalloc

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch
StrRChrW
StrChrIW
StrCmpW
StrCmpNICW
StrCmpIW
StrToIntW
StrCmpICW
StrStrIW
StrChrW
StrCmpICA
StrCmpNIW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW
CommandLineToArgvW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegEnumValueW
RegDeleteKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegDeleteTreeW

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_SetSite
IUnknown_Set
IUnknown_QueryService
IUnknown_GetSite

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc
GlobalAlloc
GlobalFree

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetLocalTime
GetSystemTimeAsFileTime
GetSystemTime
GetVersionExW
GetWindowsDirectoryW
GetTickCount
GetTickCount64

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathCombineW
PathCommonPrefixW
PathIsRelativeW
PathRemoveBlanksW
PathFindExtensionW
PathParseIconLocationW
SHExpandEnvironmentStringsW
PathGetArgsW
PathRemoveFileSpecW
PathGetDriveNumberW
PathQuoteSpacesW
PathFindFileNameW
PathIsFileSpecW

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsCreateString
WindowsCompareStringOrdinal
WindowsDeleteString
WindowsSubstringWithSpecifiedLength
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef
SHCreateThreadRef
SHSetThreadRef
SHCreateThread
SetProcessReference

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
GetStringTypeW
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-shcore-registry-l1-1-0

SHDeleteValueW
SHQueryInfoKeyW
SHEnumKeyExW
SHSetValueW
SHGetValueW
SHDeleteKeyW
SHRegGetValueW

api-ms-win-security-base-l1-1-0

AddAce
InitializeAcl
GetTokenInformation
CopySid
MakeAbsoluteSD
GetLengthSid
IsValidSid
DeleteAce
GetAce
GetAclInformation
CreateWellKnownSid
CheckTokenMembership
DuplicateToken
EqualSid

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-errorhandling-l1-1-1

RemoveVectoredExceptionHandler

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchAppend
PathCchCombine
PathCchAddExtension

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualFree
VirtualProtect
CreateFileMappingW
UnmapViewOfFile
VirtualAlloc

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-shcore-stream-l1-1-0

IStream_Read
IStream_Write
IStream_Reset
SHOpenRegStream2W
SHCreateStreamOnFileEx
SHCreateStreamOnFileW
SHCreateMemStream

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
ChangeTimerQueueTimer
DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToFileTime
GetDynamicTimeZoneInformation

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
GetComputerNameW
GetSystemPowerStatus

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-shcore-registry-l1-1-1

SHRegGetValueFromHKCUHKLM

api-ms-win-shcore-scaling-l1-1-1

ord244
GetDpiForMonitor

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-core-stringansi-l1-1-0

CharNextA

api-ms-win-power-base-l1-1-0

CallNtPowerInformation
GetPwrCapabilities
PowerDeterminePlatformRoleEx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-shlwapi-winrt-storage-l1-1-1

SHPinDllOfCLSID
ShellMessageBoxW
ord509
PathRemoveArgsW
StrRetToBufW
StrRetToStrW
IUnknown_GetWindow
ord292
ord635
ord544
SHCreateWorkerWindowW
ord481
ord479
ord478
SHIsChildOrSelf
ord197
AssocQueryStringW
ord279
ord165

api-ms-win-ntuser-sysparams-l1-1-0

EnumDisplayDevicesW
GetMonitorInfoW
EnumDisplayMonitors
GetSystemMetrics
SystemParametersInfoW

api-ms-win-ntuser-rectangle-l1-1-0

PtInRect
OffsetRect
SetRectEmpty
IntersectRect
IsRectEmpty
InflateRect
CopyRect
EqualRect
SetRect
SubtractRect
UnionRect

api-ms-win-rtcore-ntuser-winevent-l1-1-0

UnhookWinEvent
SetWinEventHook
NotifyWinEvent

api-ms-win-shell-namespace-l1-1-0

SHCreateItemFromParsingName
ILFindLastID
SHParseDisplayName
ILClone
SHBindToObject
SHBindToParent
ILFree
SHGetIDListFromObject
ILCombine
ILCloneFirst
ILGetSize
ILRemoveLastID
ILIsEqual
SHGetNameFromIDList
SHCreateItemFromIDList
ILIsParent
SHBindToFolderIDListParent

dxgi

DXGIDeclareAdapterRemovalSupport

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

GetCurrentInputMessageSource
GetPointerType
EnableMouseInPointer
GetPointerInfo
GetPointerDevices

api-ms-win-storage-exports-internal-l1-1-0

GetThreadFlags
SHGetFolderPathEx
SHGetKnownFolderIDList
SetThreadFlags

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects

api-ms-win-rtcore-ntuser-wmpointer-l1-1-2

SetWindowFeedbackSetting

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

RegisterClipboardFormatW

api-ms-win-rtcore-ntuser-private-l1-1-0

CreateWindowInBand
GetWindowBand

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

RegisterPowerSettingNotification
UnregisterPowerSettingNotification

propsys

InitVariantFromGUIDAsString
InitVariantFromResource
PSPropertyBag_WriteStr
PSCreateMemoryPropertyStore
PropVariantToUInt32
PSPropertyBag_WriteDWORD
PropVariantToStringAlloc

api-ms-win-appmodel-runtime-l1-1-0

GetPackagesByPackageFamily
GetPackageFullName

api-ms-win-mm-playsound-l1-1-0

PlaySoundW

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

api-ms-win-shell-dataobject-l1-1-0

SHCreateDataObject

api-ms-win-appmodel-runtime-l1-1-1

GetStagedPackagePathByFullName
FindPackagesByPackageFamily
ParseApplicationUserModelId

api-ms-onecoreuap-settingsync-status-l1-1-0

IsRoamingEnabled
IsSettingSyncEnabled

gdi32

SetTextAlign
SetTextColor
CreateFontIndirectW
PatBlt
CreateBitmap
SetBkMode
BitBlt
OffsetWindowOrgEx
GetDeviceCaps
CreateRectRgn
SetRectRgn
CreateCompatibleBitmap
GetClipBox
Rectangle
SetStretchBltMode
ExcludeClipRect
StretchBlt
ExtTextOutW
StretchDIBits
GdiAlphaBlend
SelectObject
GdiFlush
Polyline
CreatePen
GetCurrentObject
SelectClipRgn
SetViewportOrgEx
GetViewportOrgEx
CreateCompatibleDC
GetClipRgn
GetBkColor
CreateSolidBrush
GetOutlineTextMetricsW
GetGlyphOutlineW
CreateRectRgnIndirect
GetTextExtentPoint32W
SetBkColor
GetDIBits
GetStockObject
DeleteDC
CreateDIBSection
GetObjectW
DeleteObject
CombineRgn
OffsetRgn
GetTextMetricsW

kernel32

RegisterApplicationRestart
SetProcessDEPPolicy
IsBadWritePtr

wininet

InternetCrackUrlW

shcore

ord1
ord142
ord200
ord184
ord186
ord187
ord123
ord162
ord190
ord121
ord174
ord109
ord126
ord183
SHUnicodeToAnsi
ord192

shell32

ord100
ord85
ord190
ShellExecuteW
ord89
ord200
ord245
ShellExecuteExW
ord899
ord188
ord201
ord206
SHCreateItemInKnownFolder
DragQueryFileW
SHChangeNotifyRegisterThread
ord733
ord67
ord753
ord644
ord645
SHGetPathFromIDListW
ord4
SHFileOperationW
ord711
ord2
SHUpdateRecycleBinIcon
ord60
SHAddToRecentDocs
ord896
SHEnableServiceObject
ord54
ord254
ord91
DuplicateIcon
SHGetStockIconInfo
ord6
Shell_NotifyIconGetRect
Shell_NotifyIconW
ord137
ord132
ExtractIconExW
ord244
ord181
ord866
ord764
SHEvaluateSystemCommandTemplate
SHGetLocalizedName
ord895
ord906
ord193
SHGetPropertyStoreForWindow
ord894
SHAppBarMessage
ord162
ord727
ord792
ord790
Shell_GetCachedImageIndexW
ord743
ord907
ord134
ord22
ord850
ord95
ord885
ord723
ord680
ord172
ord61

shlwapi

AssocCreate
ChrCmpIW
AssocQueryKeyW
ord467
ord163
ord548
ord413
PathIsDirectoryW
ord164

uxtheme

GetThemeColor
SetWindowTheme
GetWindowTheme
BufferedPaintUnInit
EndBufferedPaint
BeginBufferedPaint
BufferedPaintInit
CloseThemeData
DrawThemeParentBackground
DrawThemeBackground
ord106
ord104
ord121
GetThemeInt
ord86
ord118
ord98
GetThemeFont
DrawThemeTextEx
IsCompositionActive
BufferedPaintSetAlpha
GetThemeMargins
GetThemeMetric
GetThemePartSize
OpenThemeDataForDpi
OpenThemeData
GetThemeBool
GetThemeBackgroundExtent
GetBufferedPaintBits
IsThemeActive
ord120
ord122
IsAppThemed
ord126

dwmapi

ord114
DwmUnregisterThumbnail
DwmUpdateThumbnailProperties
ord124
DwmQueryThumbnailSourceSize
ord159
DwmGetWindowAttribute
ord140
ord141
ord138
ord139
DwmSetWindowAttribute
DwmIsCompositionEnabled
DwmRegisterThumbnail
DwmEnableBlurBehindWindow
ord113

win32u

NtDCompositionGetFrameStatistics

user32

IsCharAlphaNumericW
CharLowerW
AreDpiAwarenessContextsEqual
GetWindowDpiAwarenessContext
GetDpiForSystem
SetMenuInfo
GetMenuInfo
ord2522
UnregisterClassW
UpdateLayeredWindow
GetWindowProcessHandle
GetWindowCompositionAttribute
SetThreadDpiAwarenessContext
IsProcessDPIAware
SetLayeredWindowAttributes
GetLayeredWindowAttributes
InternalGetWindowText
GetMenuStringW
SetScrollPos
GetScrollInfo
SetScrollInfo
IsZoomed
GetMenuState
IsTopLevelWindow
EndTask
ord2573
BringWindowToTop
InsertMenuW
ShowWindowAsync
GetCursorInfo
DrawTextExW
GetPhysicalCursorPos
GetClassLongW
GetClassWord
GetIconInfo
GetIconInfoExW
GhostWindowFromHungWindow
GetSysColorBrush
GetSystemMenu
ModifyMenuW
GetAsyncKeyState
ReplyMessage
MonitorFromPoint
GetMenuItemInfoW
GetMenuItemCount
CreateIconIndirect
GetSubMenu
DrawTextW
DeleteMenu
TrackPopupMenuEx
SetMenuDefaultItem
RemoveMenu
EnableMenuItem
CheckMenuItem
LoadImageW
SetGestureConfig
SetWindowCompositionAttribute
GetDpiForWindow
AdjustWindowRect
GetLastInputInfo
CopyIcon
CalculatePopupWindowPosition
GetDoubleClickTime
ReleaseCapture
GetCapture
SetCapture
TrackMouseEvent
ord2005
GetSystemMetricsForDpi
DrawIconEx
DestroyIcon
CopyImage
GetSysColor
GetCaretBlinkTime
InjectKeyboardInput
MapVirtualKeyExW
InjectMouseInput
LockWorkStation
TileWindows
CascadeWindows
SetWindowPlacement
HungWindowFromGhostWindow
LoadIconW
IsIconic
GetKeyState
ExitWindowsEx
EndDialog
SendDlgItemMessageW
MonitorFromWindow
RegisterHotKey
UnregisterHotKey
GetLastActivePopup
SwitchToThisWindow
ord2574
IsHungAppWindow
GetGuiResources
GetWindowPlacement
MonitorFromRect
ord2611
TranslateAcceleratorW
ChangeWindowMessageFilterEx
LoadAcceleratorsW
IsWindowUnicode
DefWindowProcA
SetMenuItemInfoW
SetCursor
LoadCursorW
DestroyMenu
GetMenuDefaultItem
CreatePopupMenu
ReleaseDC
GetDC
AdjustWindowRectEx
FillRect
UnregisterClassA
PostThreadMessageW
LoadMenuW

sspicli

GetUserNameExW

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW
PowerSetRequest
PowerCreateRequest

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

userenv

GetProfileType
DeriveAppContainerSidFromAppContainerName

api-ms-win-security-isolatedcontainer-l1-1-0

IsProcessInIsolatedContainer

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
NotifyServiceStatusChangeW

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

api-ms-win-core-kernel32-legacy-l1-1-2

SetTermsrvAppInstallMode

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StartTraceW
StopTraceW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

rpcrt4

NdrClientCall2
RpcBindingFree
RpcBindingSetAuthInfoExW
I_RpcExceptionFilter
UuidFromStringW
RpcStringFreeW
RpcStringBindingComposeW
RpcBindingFromStringBindingW

api-ms-win-core-biptcltapi-l1-1-7

BiPtQueryWorkItem
BiPtAssociateApplicationEntryPoint
BiPtEnumerateWorkItemsForPackageName
BiPtFreeMemory

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

api-ms-win-security-lsalookup-l1-1-1

GetDefaultIdentityProvider
EnumerateIdentityProviders
ReleaseIdentityProviderEnumContext
GetIdentityProviderInfoByGUID

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f286894f8252487b629b97ae7b531556

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

c8:f9:1c:76:0b:02:8c:6c:7a:b3:82:cd:da:5d:17:6d:c2:7d:c0:ec:e5:4d:18:5a:fc:8a:20:1e:b7:0a:fe:07Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

twinapi

api-ms-win-core-job-l2-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-core-kernel32-private-l1-1-0

api-ms-win-core-registryuserspecific-l1-1-0

api-ms-win-core-com-private-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-shcore-sysinfo-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-l2-1-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-shcore-unicodeansi-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-processthreads-l1-1-3

api-ms-win-core-memory-l1-1-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-shcore-path-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-timezone-l1-1-0

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

c8:f9:1c:76:0b:02:8c:6c:7a:b3:82:cd:da:5d:17:6d:c2:7d:c0:ec:e5:4d:18:5a:fc:8a:20:1e:b7:0a:fe:07
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 5KB - Virtual size: 17KB

.idata
Size: 32KB - Virtual size: 31KB

.didat
Size: 1024B - Virtual size: 904B

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 120KB - Virtual size: 119KB