PickerHost[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PickerHost.exe
Size

95KB
MD5

c77290f0a578999ed8f6b4aedf86de28
SHA1

1331cc8e86e0d60e85d4edc58d0f4f12876aa9e6
SHA256

0eadc5a9f142ba6d6908c4609e5ebeec80e29b148ec904a7e2ba48934d9af8dd
SHA512

a38429a319ad22f459cc60bad1387fad61be0c3972af6fb0c232458bdd295373a48f8f1751d41165ca8953b01c3381f56267342a5f711bffb70b53ed668a01ce
SSDEEP

1536:f+HsLtOKmdDNk99LKMzGzPOGvOdDp1C09z0blorEABPX/8ytN/RXP+zB:f+ctzmFO/5zymGvOdDprYb25PXkyn92l

Score

1^/10

Malware Config

Signatures

Files

PickerHost.exe
.exe windows:10 windows x86

e5d303f591eee2d5ef12c121cde12115

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:1c:2a:f6:8e:3d:b3:b7:65:8f:19:ae:2b:74:69:e3:3b:68:b2:b3:a3:72:7d:e2:19:e6:4c:54:7c:6b:5c:47
Signer

Actual PE Digest

be:1c:2a:f6:8e:3d:b3:b7:65:8f:19:ae:2b:74:69:e3:3b:68:b2:b3:a3:72:7d:e2:19:e6:4c:54:7c:6b:5c:47

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__wgetmainargs
__set_app_type
exit
_amsg_exit
_exit
_cexit
__p__commode
_XcptFilter
__p__fmode
??_V@YAXPAX@Z
__setusermatherr
_initterm
memmove_s
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_wcmdln
_lock
??1exception@@UAE@XZ
_unlock
__dllonexit
memcpy_s
_vsnwprintf
_purecall
??3@YAXPAX@Z
_onexit
??1type_info@@UAE@XZ
_controlfp
_except_handler4_common
memcmp
__CxxFrameHandler3
?terminate@@YAXXZ
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
malloc
memset

api-ms-win-core-com-l1-1-0

CoAddRefServerProcess
CoRevokeClassObject
CoInitializeEx
CoCreateInstance
CoResumeClassObjects
CoRegisterClassObject
CoUninitialize
CoGetCallContext
CoReleaseServerProcess
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventRegister
EventUnregister

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSRWLockExclusive
EnterCriticalSection
ReleaseSemaphore
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseMutex
DeleteCriticalSection
ReleaseSRWLockShared
LeaveCriticalSection
AcquireSRWLockShared
CreateSemaphoreExW
CreateMutexExW
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString
WindowsDeleteString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryInfoKeyW
RegGetValueW
RegEnumKeyExW
RegCloseKey

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoRevokeActivationFactories
RoRegisterActivationFactories

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess
GetProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-rtcore-ntuser-window-l1-1-0

TranslateMessage
PostThreadMessageW
DispatchMessageW
GetMessageW

api-ms-win-shcore-thread-l1-1-0

SHSetThreadRef

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5d303f591eee2d5ef12c121cde12115

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

be:1c:2a:f6:8e:3d:b3:b7:65:8f:19:ae:2b:74:69:e3:3b:68:b2:b3:a3:72:7d:e2:19:e6:4c:54:7c:6b:5c:47Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-shcore-thread-l1-1-0

Sections

.text Size: 72KB - Virtual size: 71KB

.imrsiv Size: - Virtual size: 4B

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 4KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

be:1c:2a:f6:8e:3d:b3:b7:65:8f:19:ae:2b:74:69:e3:3b:68:b2:b3:a3:72:7d:e2:19:e6:4c:54:7c:6b:5c:47
Signer

.text
Size: 72KB - Virtual size: 71KB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 4KB