PasswordOnWakeSettingFlyout[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PasswordOnWakeSettingFlyout.exe
Size

37KB
MD5

b6ca7279dad5b748772b7e5d4b8b2c36
SHA1

b540d21017a70ba86ff8490600bd7e4d60f50f60
SHA256

36f5eee6132629d9df4aef052ff5ad3d44bdcdccc006f78ea35c46e3856622fd
SHA512

8cf8ee52e720a5bbffa17987ef8d165f69253adeddc9d5c1a8990082a3e9940694b369d38cd177cc02aa346b9b38da0425f5e480ffe604a213067d7824d46227
SSDEEP

768:KChl03AlHcpOAn6KcjGMZHxl3vbOOLAK1qr6wD1P2W9V7E:Lhl0JyKcTZRl3vbOOLAK1kP2uK

Score

1^/10

Malware Config

Signatures

Files

PasswordOnWakeSettingFlyout.exe
.exe windows:10 windows x86

33d63270d927c05e54560a274d4d4932

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f6:6b:ba:d5:94:9c:63:f8:a9:f3:c2:46:e0:cb:da:4c:08:2a:96:43:99:80:48:53:23:b5:e6:5b:fa:cc:ca:05
Signer

Actual PE Digest

f6:6b:ba:d5:94:9c:63:f8:a9:f3:c2:46:e0:cb:da:4c:08:2a:96:43:99:80:48:53:23:b5:e6:5b:fa:cc:ca:05

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError

user32

LoadStringW

msvcrt

_vsnwprintf
memcpy_s
free
_callnewh
_wtoi
malloc
_purecall
_controlfp
_XcptFilter
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
memset
?terminate@@YAXXZ
__CxxFrameHandler3
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoGetMalloc

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentThreadId
GetCurrentProcessId
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

shell32

CommandLineToArgvW

shlwapi

PathAppendW
SHGetThreadRef
PathRemoveFileSpecW

uxtheme

GetCurrentThemeName

dui70

?CreateElement@DUIXmlParser@DirectUI@@QAEJPBGPAVElement@2@1PAKPAPAV32@@Z
InitThread
?GetSheet@DUIXmlParser@DirectUI@@QAEJPBGPAPAVValue@2@@Z
?Create@DUIXmlParser@DirectUI@@SGJPAPAV12@P6GPAVValue@2@PBGPAX@Z2P6GX11H2@Z2@Z
UnInitProcessPriv
?SetRootWindowForTheming@DUIXmlParser@DirectUI@@QAEXPAUHWND__@@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QAEJIPAUHINSTANCE__@@0@Z
UnInitThread
?EndDefer@Element@DirectUI@@QAEXK@Z
?Destroy@Element@DirectUI@@QAEJ_N@Z
InitProcessPriv
?SetXMLFromResourceWithTheme@DUIXmlParser@DirectUI@@QAEJIPAUHINSTANCE__@@00@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QAEJPBGPAUHINSTANCE__@@1@Z
StartMessagePump
?Destroy@DUIXmlParser@DirectUI@@QAEXXZ

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33d63270d927c05e54560a274d4d4932

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

f6:6b:ba:d5:94:9c:63:f8:a9:f3:c2:46:e0:cb:da:4c:08:2a:96:43:99:80:48:53:23:b5:e6:5b:fa:cc:ca:05Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcrt

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-apiquery-l1-1-0

shell32

shlwapi

uxtheme

dui70

Sections

.text Size: 17KB - Virtual size: 16KB

.imrsiv Size: - Virtual size: 4B

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

f6:6b:ba:d5:94:9c:63:f8:a9:f3:c2:46:e0:cb:da:4c:08:2a:96:43:99:80:48:53:23:b5:e6:5b:fa:cc:ca:05
Signer

.text
Size: 17KB - Virtual size: 16KB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB