SearchProtocolHost[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SearchProtocolHost.exe
Size

333KB
MD5

e7c9519b2038b3dc6e630922a6e7efac
SHA1

1a0094ee3b1d6e7aa44e70259c79b435da055f57
SHA256

7f8f27f248cd2a22adfd25632d1c16c8e602fe58d743ce73f9408c4b79c29739
SHA512

6f19a2828ffc00ded525528de737887648eeee669b5336d5145adc0515f20f426513caf3c207ab6d4a5ddf1b5f69c3bc947456444759e0b6f47428cd35140452
SSDEEP

6144:0al07nEk9JXslf0nfqXgVsQYfb3robQnVz8Vs8rkR10efUK3viJh:3u7nE8Jmf0nhslSQcs8Qztf9vc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SearchProtocolHost.exe

Files

SearchProtocolHost.exe
.exe windows:10 windows x86

1f5b4307b67ae3b1cba7ca7438b42bd1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

free
__wgetmainargs
__dllonexit
__set_app_type
_amsg_exit
exit
_exit
__CxxFrameHandler3
memcmp
_onexit
_wcsnicmp
_cexit
memmove_s
__p__fmode
__iob_func
__setusermatherr
_initterm
wcschr
_vsnprintf_s
_except_handler4_common
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_lock
_purecall
_wtoi
_wcsicmp
memcpy_s
iswspace
_wtol
_itow_s
strerror
_vsnprintf
fprintf
strncmp
bsearch
toupper
??1type_info@@UAE@XZ
_XcptFilter
__p__commode
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
_set_error_mode
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
wcsncpy_s
_errno
_controlfp
_unlock
malloc
_vsnwprintf
realloc
_itow
wcsncmp
memset

tquery

ciDelete
ciNew
ciNewNoThrow

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventEnabled
EventUnregister
EventWriteTransfer
EventProviderEnabled
EventRegister
EventActivityIdControl

api-ms-win-security-base-l1-1-0

EqualPrefixSid
SetSecurityDescriptorSacl
InitializeSid
DeleteAce
GetSidLengthRequired
GetSidSubAuthority
SetSecurityDescriptorGroup
AddAce
MakeAbsoluteSD
IsValidSid
CreateWellKnownSid
SetSecurityDescriptorOwner
CopySid
ImpersonateLoggedOnUser
GetAclInformation
InitializeSecurityDescriptor
AddAccessAllowedAce
GetSecurityDescriptorLength
InitializeAcl
RevertToSelf
AdjustTokenPrivileges
MakeSelfRelativeSD
SetSecurityDescriptorDacl
GetLengthSid
GetAce
GetTokenInformation

oleaut32

SysFreeString
VarUI4FromStr
CreateErrorInfo
SysStringLen
SetErrorInfo
GetErrorInfo

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameW
GetModuleHandleExW
LoadStringW
FreeLibrary
FindResourceExW
SizeofResource
LoadLibraryExW
LoadResource

api-ms-win-core-windowserrorreporting-l1-1-0

WerSetFlags

api-ms-win-core-errorhandling-l1-1-1

AddVectoredExceptionHandler
RemoveVectoredExceptionHandler

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW
LookupPrivilegeValueW
LookupAccountNameW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce
Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegQueryInfoKeyW
RegEnumValueW
RegGetValueW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegDeleteKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-com-l1-1-0

CLSIDFromProgID
StringFromCLSID
CoUninitialize
CoCreateInstance
PropVariantClear
CLSIDFromString
CoDisconnectObject
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
PropVariantCopy
CoInitializeSecurity
CreateStreamOnHGlobal
CoUnmarshalInterface

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLCID
FormatMessageW
GetLocaleInfoW
ResolveLocaleName
LocaleNameToLCID
LCMapStringW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
OpenSemaphoreW
AcquireSRWLockExclusive
CreateEventExW
DeleteCriticalSection
ReleaseSRWLockShared
ReleaseMutex
LeaveCriticalSection
ReleaseSRWLockExclusive
ReleaseSemaphore
CreateMutexExW
CreateEventW
SetEvent
CreateSemaphoreExW
InitializeCriticalSectionEx
OpenEventW
SetWaitableTimerEx
ResetEvent
WaitForSingleObjectEx
InitializeCriticalSection
WaitForSingleObject
EnterCriticalSection
CreateWaitableTimerExW

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
SetErrorMode
UnhandledExceptionFilter
RaiseException

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext

api-ms-win-core-handle-l1-1-0

DuplicateHandle
GetHandleInformation
CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
CreateThread
OpenThreadToken
GetCurrentProcess
OpenProcessToken
GetProcessTimes
SetPriorityClass
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-memory-l1-1-0

WriteProcessMemory
CreateFileMappingW
FlushViewOfFile
UnmapViewOfFile
OpenFileMappingW
ReadProcessMemory
MapViewOfFile

api-ms-win-shell-namespace-l1-1-0

ILFree
SHCreateItemFromIDList
SHParseDisplayName

ntdll

EtwEventWriteTransfer
NtQueryInformationProcess
RtlNtStatusToDosError
RtlIsStateSeparationEnabled
RtlGetPersistedStateLocation
RtlQueryPackageClaims
RtlReportException

api-ms-win-core-processthreads-l1-1-1

GetThreadTimes
SetProcessMitigationPolicy

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalAlloc
GlobalFree

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetVersionExA
GetVersionExW
GetLocalTime
GetSystemTimeAsFileTime

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SearchPathW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-file-l1-1-0

ReadFile
GetFileSize
GetFileTime
FlushFileBuffers
UnlockFile
DeleteFileW
SetFilePointer
WriteFile
SetEndOfFile
CreateFileA
CreateFileW
DeleteFileA
LockFile

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileA

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

shcore

ord107

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f5b4307b67ae3b1cba7ca7438b42bd1

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

tquery

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-base-l1-1-0

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-windowserrorreporting-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processthreads-l1-1-3

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-shell-namespace-l1-1-0

ntdll

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-debug-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-apiquery-l1-1-0

shcore

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 219KB - Virtual size: 219KB

.data Size: 2KB - Virtual size: 4KB

.idata Size: 10KB - Virtual size: 10KB

.didat Size: 512B - Virtual size: 76B

.rsrc Size: 85KB - Virtual size: 84KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 219KB - Virtual size: 219KB

.data
Size: 2KB - Virtual size: 4KB

.idata
Size: 10KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 76B

.rsrc
Size: 85KB - Virtual size: 84KB

.reloc
Size: 14KB - Virtual size: 14KB