MicrosoftEdge[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MicrosoftEdge.exe
Size

4.8MB
MD5

dc7a02077fa4f54a8b24e6a6e725b3f8
SHA1

eb6b040e838525218b5cd3bc110ca1f3602b2043
SHA256

e922b70ad667f6997c1d7982bea608360a3a0a2b1d4ae7d4d160859d68b6aa9a
SHA512

c65312cf5513931c8622eb094d11407ac423c292f5d8ab730012b9ed14d6070f34db11d833bc2178d25fa74effb0e0eba867e7e8a1039ddc2b913e47d7cdaf4e
SSDEEP

98304:8M5yhf9Gvu+kTg5FRzUOxZhFd6eZqBIZHUFYFSRPxM:h5qI2o5zUOrd6eZq8

Score

1^/10

Malware Config

Signatures

Files

MicrosoftEdge.exe
.exe windows:6 windows x86

adc411db5839c3e0a57f2accdd06105a

Code Sign

33:00:00:00:e9:b3:90:b8:f3:2b:05:39:68:00:00:00:00:00:e9
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/05/2016, 17:17

Not After

03/08/2017, 17:17

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:2b:95:17:fd:05:84:d6:8b:4c:87:a3:34:2f:a2:c1:a9:3d:67:b3:49:9b:4e:b1:58:34:63:1a:fc:77:5f:15
Signer

Actual PE Digest

49:2b:95:17:fd:05:84:d6:8b:4c:87:a3:34:2f:a2:c1:a9:3d:67:b3:49:9b:4e:b1:58:34:63:1a:fc:77:5f:15

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

EventSetInformation
EventRegister
EventWriteEx
EventUnregister
EventActivityIdControl
ConvertStringSecurityDescriptorToSecurityDescriptorW
EventWrite
RegGetValueW
MakeAbsoluteSD

api-ms-win-core-memory-l1-1-3

SetProcessValidCallTargets

kernel32

GetModuleHandleA
InitializeCriticalSectionEx
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
GetCurrentThreadId
FormatMessageW
OpenEventW
SetEvent
CloseHandle
CreateSemaphoreExW
HeapFree
SetLastError
CreateEventExW
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
GetLastError
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ResetEvent
HeapAlloc
CreateMutexExW
DeleteCriticalSection
GetCurrentProcessId
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitOnceBeginInitialize
InitOnceComplete
GetModuleFileNameA
GetModuleHandleExW
SetErrorMode
GetVersionExW
LoadPackagedLibrary
RaiseException
CreateThread
HeapSetInformation
GetProcAddress
LocalFree
FreeLibrary
LoadLibraryExW
IsDebuggerPresent
GetCurrentProcess
GetProcessMitigationPolicy
GetModuleHandleW
GetUserDefaultLangID
OpenThread
Sleep
InitOnceExecuteOnce
GetStartupInfoA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
EncodePointer
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
DecodePointer
GetTickCount
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetProcessHeap

msvcrt

memcpy
setlocale
_lock
_unlock
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
_ismbblead
__pctype_func
calloc
___lc_collate_cp_func
abort
_wcsdup
__crtCompareStringW
__crtLCMapStringW
_get_current_locale
_free_locale
??1type_info@@UAE@XZ
__dllonexit
_onexit
_XcptFilter
__p__commode
_amsg_exit
__CxxFrameHandler3
__set_app_type
exit
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
_acmdln
_except_handler4_common
_controlfp
_ftol2_sse
_ftol2
wcslen
memset
_wcsnicmp
_wcsicmp
realloc
strchr
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
wcsrchr
wcstol
_errno
wcschr
towlower
__ExceptionPtrRethrow
wcstok_s
_wtoi
swprintf_s
malloc
free
wcsstr
_vsnprintf_s
memcpy_s
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_vsnwprintf
__ExceptionPtrCurrentException
__ExceptionPtrCreate
__ExceptionPtrDestroy
__ExceptionPtrCopy
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
?terminate@@YAXXZ
memmove
_purecall
??3@YAXPAX@Z
_callnewh
__getmainargs
??0exception@@QAE@ABQBDH@Z
_CxxThrowException
floor

wincorlib

??0InvalidArgumentException@Platform@@Q$AAA@XZ
?ToString@Guid@Platform@@QAAP$AAVString@2@XZ
??0GridLength@Xaml@UI@Windows@@QAA@NW4GridUnitType@123@@Z
??0InvalidArgumentException@Platform@@Q$AAA@P$AAVString@1@@Z
??0Exception@Platform@@Q$AAA@HP$AAVString@1@@Z
?ReferenceEquals@Object@Platform@@SA_NP$AAV12@0@Z
??0RepeatBehavior@Animation@Media@Xaml@UI@Windows@@QAA@N@Z
?CreateException@Exception@Platform@@SAP$AAV12@HP$AAVString@2@@Z
?Equals@Object@Platform@@Q$AAA_NP$AAV12@@Z
?Equals@ValueType@Platform@@Q$AAA_NP$AAVObject@2@@Z
?InitializeData@Details@Platform@@YGJH@Z
?UninitializeData@Details@Platform@@YGXH@Z
?GetActivationFactoryByPCWSTR@@YGJPAXAAVGuid@Platform@@PAPAX@Z
?GetIidsFn@@YGJHPAKPBU__s_GUID@@PAPAVGuid@Platform@@@Z
?get@Message@Exception@Platform@@Q$AAAP$AAVString@3@XZ
?ReCreateException@Exception@Platform@@SAP$AAV12@H@Z
?ResolveWeakReference@Details@Platform@@YGP$AAVObject@2@ABU_GUID@@PAPAU__abi_IUnknown@@@Z
?ToString@int32@default@@QAAP$AAVString@Platform@@XZ
?CreateException@Exception@Platform@@SAP$AAV12@H@Z
?GetWeakReference@Details@Platform@@YGPAU__abi_IUnknown@@Q$ADVObject@2@@Z
??0FailureException@Platform@@Q$AAA@P$AAVString@1@@Z
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@P$AAV01@@Z
?get@FullName@Type@Platform@@Q$AAAP$AAVString@3@XZ
??0NullReferenceException@Platform@@Q$AAA@XZ
?EventSourceGetTargetArrayEvent@Details@Platform@@YGPAXPAXIPBXPA_J@Z
??0ObjectDisposedException@Platform@@Q$AAA@P$AAVString@1@@Z
?EventSourceGetTargetArray@Details@Platform@@YGPAXPAXPAUEventLock@12@@Z
?GetIBoxArrayVtable@Details@Platform@@YGPAXPAX@Z
?Allocate@Heap@Details@Platform@@SAPAXI@Z
??0Delegate@Platform@@Q$AAA@XZ
??0DisconnectedException@Platform@@Q$AAA@XZ
??0ChangedStateException@Platform@@Q$AAA@XZ
?EventSourceInitialize@Details@Platform@@YGXPAPAX@Z
??0OutOfBoundsException@Platform@@Q$AAA@XZ
??0FailureException@Platform@@Q$AAA@XZ
??0OutOfMemoryException@Platform@@Q$AAA@XZ
??0NotImplementedException@Platform@@Q$AAA@XZ
?AllocateException@Heap@Details@Platform@@SAPAXII@Z
?EventSourceUninitialize@Details@Platform@@YGXPAPAX@Z
?__abi_cast_Object_to_String@__abi_details@@YGP$AAVString@Platform@@_NP$AAVObject@3@@Z
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@P$AAV12@@Z
?__abi_make_type_id@@YGP$AAVType@Platform@@ABU__abi_type_descriptor@@@Z
?CreateValue@Details@Platform@@YGP$AAVObject@2@W4TypeCode@2@PBX@Z
?__abi_ObjectToString@__abi_details@@YGP$AAVString@Platform@@P$AAVObject@3@_N@Z
?__abi_translateCurrentException@@YGJ_N@Z
?GetIBoxVtable@Details@Platform@@YGPAXPAX@Z
?__abi_cast_String_to_Object@__abi_details@@YGP$AAVObject@Platform@@P$AAVString@3@@Z
?Allocate@Heap@Details@Platform@@SAPAXII@Z
?__abi_WinRTraiseNotImplementedException@@YGXXZ
?__abi_WinRTraiseInvalidCastException@@YGXXZ
?__abi_WinRTraiseNullReferenceException@@YGXXZ
?__abi_WinRTraiseOperationCanceledException@@YGXXZ
?__abi_WinRTraiseFailureException@@YGXXZ
?__abi_WinRTraiseAccessDeniedException@@YGXXZ
?__abi_WinRTraiseOutOfMemoryException@@YGXXZ
?__abi_WinRTraiseInvalidArgumentException@@YGXXZ
?__abi_WinRTraiseOutOfBoundsException@@YGXXZ
?__abi_WinRTraiseChangedStateException@@YGXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YGXXZ
?__abi_WinRTraiseWrongThreadException@@YGXXZ
?__abi_WinRTraiseDisconnectedException@@YGXXZ
?__abi_WinRTraiseObjectDisposedException@@YGXXZ
?__abi_WinRTraiseCOMException@@YGXJ@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AAEXXZ
?AlignedFree@Heap@Details@Platform@@SAXPAX@Z
?Free@Heap@Details@Platform@@SAXPAX@Z
??0Object@Platform@@Q$AAA@XZ
?GetCmdArguments@Details@Platform@@YGPAPA_WPAH@Z
?EventSourceRemove@Details@Platform@@YGXPAPAXPAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?EventSourceAdd@Details@Platform@@YG?AVEventRegistrationToken@Foundation@Windows@@PAPAXPAUEventLock@12@P$AAVDelegate@2@@Z
?EventSourceGetTargetArraySize@Details@Platform@@YGIPAX@Z

ole32

CoCreateFreeThreadedMarshaler
CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoGetApartmentType
CoGetObjectContext

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsGetStringLen
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsConcatString
WindowsCompareStringOrdinal
WindowsCreateString
WindowsDuplicateString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
RoFailFastWithErrorContext

api-ms-win-core-winrt-error-l1-1-1

RoReportUnhandledError

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 883KB - Virtual size: 882KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 3B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 330KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adc411db5839c3e0a57f2accdd06105a

Code Sign

33:00:00:00:e9:b3:90:b8:f3:2b:05:39:68:00:00:00:00:00:e9Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

49:2b:95:17:fd:05:84:d6:8b:4c:87:a3:34:2f:a2:c1:a9:3d:67:b3:49:9b:4e:b1:58:34:63:1a:fc:77:5f:15Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

api-ms-win-core-memory-l1-1-3

kernel32

msvcrt

wincorlib

ole32

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 883KB - Virtual size: 882KB

.data Size: 133KB - Virtual size: 135KB

.didat Size: 512B - Virtual size: 92B

.tls Size: 512B - Virtual size: 3B

.rsrc Size: 29KB - Virtual size: 28KB

.reloc Size: 330KB - Virtual size: 329KB

33:00:00:00:e9:b3:90:b8:f3:2b:05:39:68:00:00:00:00:00:e9
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

49:2b:95:17:fd:05:84:d6:8b:4c:87:a3:34:2f:a2:c1:a9:3d:67:b3:49:9b:4e:b1:58:34:63:1a:fc:77:5f:15
Signer

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 883KB - Virtual size: 882KB

.data
Size: 133KB - Virtual size: 135KB

.didat
Size: 512B - Virtual size: 92B

.tls
Size: 512B - Virtual size: 3B

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 330KB - Virtual size: 329KB