LegacyNetUXHost[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

LegacyNetUXHost.exe
Size

151KB
MD5

bb77223b02f392982efe55c5a4ac652d
SHA1

096dd2f8b6b6131be1807b4d3f78339fcb4fb427
SHA256

9a3600697fc57fcccf2c63d91eb6e7898e3702be42a7c705017b10e74133219a
SHA512

9c298de61052cc2ac40c1d96c78301a29ec7a7d4c12d1a248f1830c6485bec624b68555eba99bfc5f59342cc58c1d7447b9bb82d9e066b6dd40061d29e20195a
SSDEEP

3072:SB+e6/Wcn6AoSliI1yfQJ6Dg5Ncubv7hh5iHvf9LOfTzv6IXcvP:SB2Wc9l18s6Dg5ND73APOiIXU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
LegacyNetUXHost.exe

Files

LegacyNetUXHost.exe
.exe windows:10 windows x86

9e4562f702a7b6bd3a62d8ae860c73da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_CxxThrowException
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
_XcptFilter
__p__commode
_amsg_exit
??0exception@@QAE@ABQBD@Z
memcpy
__set_app_type
_exit
malloc
_cexit
free
??0exception@@QAE@ABV0@@Z
__wgetmainargs
__CxxFrameHandler3
??1exception@@UAE@XZ
__p__fmode
__setusermatherr
_initterm
_wcmdln
_lock
_vsnprintf
swprintf_s
_wtol
_purecall
_unlock
__dllonexit
memmove
wcsrchr
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_vsnwprintf
_controlfp
_except_handler4_common
_beginthreadex
memcmp
wcscat_s
_endthreadex
exit
memset

ntdll

EtwEventEnabled
EtwEventWrite
DbgPrint
EtwTraceMessage
NtQueryWnfStateData

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
GetModuleHandleW
GetProcAddress
GetModuleHandleExW

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentProcess
GetStartupInfoW
GetCurrentThreadId
GetCurrentProcessId
ProcessIdToSessionId

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceLoggerHandle

api-ms-win-core-com-l1-1-1

CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx
CLSIDFromString
CoUninitialize
CoGetMalloc

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-2-0

InitializeCriticalSectionAndSpinCount
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
Sleep
WaitForMultipleObjectsEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetVersionExW
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo

wlanapi

WlanDisconnect
WlanOpenHandle
WlanSendUIResponse
WlanIsUIRequestPending
WlanCloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-heap-l1-2-0

HeapFree
GetProcessHeap
HeapAlloc
HeapSize

api-ms-win-core-file-l1-2-1

CreateFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-2

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryW

api-ms-win-core-debug-l1-1-1

DebugBreak
IsDebuggerPresent

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

oleaut32

SysFreeString
SysAllocString
GetErrorInfo

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegLoadMUIStringW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e4562f702a7b6bd3a62d8ae860c73da

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

wlanapi

api-ms-win-core-heap-l2-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-debug-l1-1-1

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-string-l1-1-0

oleaut32

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-delayload-l1-1-1

Sections

.text Size: 131KB - Virtual size: 130KB

.data Size: 4KB - Virtual size: 6KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 32B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 131KB - Virtual size: 130KB

.data
Size: 4KB - Virtual size: 6KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 32B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB