procexp[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

procexp.exe
Size

2.6MB
MD5

62028945d0ab974e183756ebbb1ca07f
SHA1

d04eff8417d6d78567032bb7eb7ffacc9b10d03c
SHA256

a718176110bc41bd357af92ae69bd0b6a9f223f8f13e91ed8dc8ec19d46c0d0c
SHA512

3139fb4cdc6f9fb6b500c9d4ab0a30fcba84f73d8241969fce48df4ce43d086c0ecc03c45042b9f7c8f0391fe3175d7cbd89960d66f0308632bb7278ef2a4159
SSDEEP

24576:xISc2BFYRtiY+u7VPqmEQkQUsjm7RZSeZlGQbrht/TSWqJNG4WLsRDespTWzgrBZ:xISc2oiZuZ1w7KeZkGLOWYRDpcYOm3

Score

1^/10

Malware Config

Signatures

Files

procexp.exe
.exe windows:5 windows x86

437a32d267729d488159d2bd5a001700

Code Sign

33:00:00:00:cc:cb:b8:13:eb:5d:72:2d:45:00:00:00:00:00:cc
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:148C-C4B9-2066,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/08/2016, 20:17

Not After

02/11/2017, 20:17

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/11/2016, 22:09

Not After

17/02/2018, 22:09

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:94:0e:33:fc:69:64:53:ad:bc:cc:95:e7:12:5f:5f:ef:3f:63:21:1b:af:c7:9a:81:a5:14:c3:78:76:70:18
Signer

Actual PE Digest

82:94:0e:33:fc:69:64:53:ad:bc:cc:95:e7:12:5f:5f:ef:3f:63:21:1b:af:c7:9a:81:a5:14:c3:78:76:70:18

Digest Algorithm

sha256

PE Digest Matches

true

05:e8:a4:83:c1:ef:5e:36:76:72:7c:33:fb:41:e8:dc:49:c3:cc:0a
Signer

Actual PE Digest

05:e8:a4:83:c1:ef:5e:36:76:72:7c:33:fb:41:e8:dc:49:c3:cc:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

ColorHLSToRGB
ColorRGBToHLS
ord176
UrlUnescapeW

ws2_32

ntohl
htonl
htons
gethostbyaddr
getservbyport
WSAStartup
ntohs

mpr

WNetGetConnectionW

comctl32

ImageList_Create
CreateStatusWindowW
CreatePropertySheetPageW
ord410
ord8
ord413
ImageList_ReplaceIcon
ImageList_Add
InitCommonControlsEx
ImageList_Destroy
ImageList_DrawEx
ord17
PropertySheetW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

credui

CredUIPromptForCredentialsW

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

crypt32

CertDuplicateCertificateContext
CertGetNameStringW

kernel32

VirtualQueryEx
GetProcessAffinityMask
GetCurrentProcessId
SetThreadAffinityMask
SetFilePointer
GetSystemDirectoryW
DeleteFileW
SearchPathW
OpenThread
GetThreadContext
SuspendThread
ResumeThread
Thread32First
Thread32Next
ResetEvent
QueryPerformanceCounter
QueryPerformanceFrequency
IsBadReadPtr
GetEnvironmentVariableW
GlobalMemoryStatus
SetProcessWorkingSetSize
TerminateProcess
GetProcessId
PulseEvent
SetPriorityClass
GetComputerNameW
VirtualAlloc
VirtualFree
GetProcessWorkingSetSize
DeviceIoControl
DuplicateHandle
OutputDebugStringW
GetDriveTypeW
GetCurrentDirectoryW
WideCharToMultiByte
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetSystemInfo
ExpandEnvironmentStringsA
LoadLibraryA
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
GetModuleHandleExW
ExitProcess
GetCurrentThreadId
IsProcessorFeaturePresent
RtlUnwind
IsDebuggerPresent
EncodePointer
GetStringTypeW
lstrlenA
lstrcmpiW
lstrcmpW
ReadProcessMemory
OpenEventW
SetLastError
IsBadStringPtrW
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
DeleteCriticalSection
Module32NextW
Module32FirstW
TerminateThread
GlobalUnlock
GlobalLock
GlobalReAlloc
GlobalAlloc
FindResourceExW
FindResourceW
SizeofResource
LoadResource
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
GetCommandLineW
GetFileType
LocalAlloc
FormatMessageW
GlobalAddAtomW
GetTickCount
MulDiv
GetFileSizeEx
GetExitCodeThread
CreateThread
CreateEventW
WaitForMultipleObjects
WaitForSingleObject
SetEvent
EnterCriticalSection
GetCurrentThread
LeaveCriticalSection
FindNextFileW
FindClose
MultiByteToWideChar
GetModuleHandleW
ReadFile
LoadLibraryExW
FreeLibrary
GetPrivateProfileStringW
FindFirstFileW
GetFileAttributesW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetNumberFormatW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
CreateFileW
GetFullPathNameW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
CreateProcessW
GetModuleFileNameW
LoadLibraryW
CreateFileMappingW
TlsSetValue
TlsAlloc
lstrlenW
UnmapViewOfFile
MapViewOfFile
FormatMessageA
FileTimeToSystemTime
FileTimeToLocalFileTime
CloseHandle
GetFileTime
WriteFile
GetStdHandle
GetFileSize
Sleep
InitializeCriticalSection
SetErrorMode
GetLastError
ExitThread
GetCurrentProcess
OpenProcess
LocalFree
GetVersion
GetProcAddress
InterlockedDecrement
InterlockedIncrement
TlsGetValue
FlushFileBuffers
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
SetFilePointerEx
SetStdHandle
WriteConsoleW
ReadConsoleW
SetEndOfFile
SetEnvironmentVariableA

user32

CopyImage
GetWindow
GetDesktopWindow
KillTimer
MsgWaitForMultipleObjects
GetDlgCtrlID
CheckRadioButton
SendMessageTimeoutW
PeekMessageW
GetUserObjectSecurity
SetUserObjectSecurity
IsDialogMessageW
DrawIconEx
CheckMenuRadioItem
WindowFromPoint
RedrawWindow
TrackPopupMenu
RemoveMenu
CreateMenu
DrawMenuBar
LoadMenuW
TranslateAcceleratorW
LoadAcceleratorsW
IsWindowEnabled
GetDlgItemTextW
CreateDialogParamW
IsWindow
PostQuitMessage
ExitWindowsEx
DispatchMessageW
TranslateMessage
GetMessageW
DrawEdge
RegisterWindowMessageW
GetWindowDC
SetMenuItemInfoW
IsIconic
ShowWindowAsync
SystemParametersInfoW
EnumWindows
SetClassLongW
GetWindowTextW
InvalidateRgn
TrackPopupMenuEx
ModifyMenuW
AppendMenuW
GetMenuItemCount
GetMenuItemID
EnableMenuItem
CreatePopupMenu
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetWindowPlacement
LoadIconW
SetWindowPlacement
DefMDIChildProcW
DefFrameProcW
DefDlgProcW
CreateIconIndirect
FrameRect
ClientToScreen
IsWindowVisible
DestroyWindow
GetClassNameW
EnumChildWindows
PtInRect
UnionRect
CopyRect
ScreenToClient
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsZoomed
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DrawFrameControl
ChildWindowFromPoint
SetDlgItemTextW
DialogBoxParamW
MoveWindow
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
GetScrollInfo
SetScrollInfo
GetParent
GetClassLongW
SetWindowLongW
GetWindowLongW
OffsetRect
IntersectRect
InflateRect
FillRect
GetSysColorBrush
GetSysColor
MapWindowPoints
GetCursorPos
SendMessageW
WaitForInputIdle
ShowWindow
SetFocus
GetSystemMetrics
GetMenu
CheckMenuItem
GetSubMenu
InsertMenuW
GetWindowRect
GetClientRect
GetPropW
SetPropW
ScrollWindowEx
ValidateRect
InvalidateRect
GetUpdateRgn
GetUpdateRect
EndPaint
BeginPaint
UpdateWindow
DrawTextW
SetTimer
ReleaseCapture
SetCapture
DeleteMenu
SetForegroundWindow
MessageBoxW
SetCursor
FindWindowW
FindWindowExW
GetWindowThreadProcessId
LoadCursorW
DestroyIcon
LoadImageW
EnumDisplaySettingsW
GetDC
ReleaseDC
GetCapture
GetKeyState
GetFocus
SetWindowPos
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
PostMessageW
LoadStringW
RegisterClassW

gdi32

SetMapMode
Polyline
SelectObject
SetBkColor
SetBkMode
SetTextColor
StartDocW
EndDoc
StartPage
EndPage
CreateFontIndirectW
GetTextExtentPoint32W
GetTextMetricsW
MoveToEx
SetROP2
SaveDC
RestoreDC
Rectangle
LineTo
ExtTextOutW
CreateDIBSection
GetObjectW
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
GetBkColor
GetBkMode
GetDeviceCaps
GetStockObject
RectInRegion
SelectClipRgn
SetTextAlign

comdlg32

FindTextW
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW
PrintDlgW
ChooseFontW

advapi32

RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
LookupPrivilegeNameW
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetKernelObjectSecurity
CreateProcessAsUserW
RegConnectRegistryW
FlushTraceW
ConvertSidToStringSidW
LsaEnumerateAccountRights
RegCloseKey
LsaOpenPolicy
LsaClose
LsaFreeMemory
SetSecurityInfo
GetSecurityInfo
AddAccessAllowedAce
GetAce
AddAce
InitializeAcl
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
IsValidSid
SetTokenInformation
QueryServiceConfigW
CopySid
RevertToSelf
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
EqualSid
AllocateAndInitializeSid
GetLengthSid
CloseTrace
ProcessTrace
OpenTraceW
ControlTraceW
StartTraceW
SetServiceObjectSecurity
QueryServiceObjectSecurity
MapGenericMask
RegCreateKeyW
StartServiceW
QueryServiceStatus
FreeSid
LookupAccountSidW
LookupAccountNameW
LookupPrivilegeValueW
ImpersonateLoggedOnUser
DuplicateTokenEx
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
RegLoadKeyW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegUnLoadKeyW
RegQueryValueW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegDeleteValueW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
ControlService

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetMalloc
Shell_NotifyIconW
ShellExecuteExW
SHGetFileInfoW
ShellExecuteW

ole32

CoGetInterfaceAndReleaseStream
CoInitialize
CoInitializeEx
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoMarshalInterThreadInterfaceInStream
CoTaskMemFree

oleaut32

SafeArrayGetLBound
SysAllocStringLen
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocString
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType
SafeArrayDestroy
SafeArrayGetUBound

winhttp

WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpWriteData

psapi

GetModuleFileNameExW

Sections

.text
Size: 746KB - Virtual size: 745KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

437a32d267729d488159d2bd5a001700

Code Sign

33:00:00:00:cc:cb:b8:13:eb:5d:72:2d:45:00:00:00:00:00:ccCertificate

Extended Key Usages

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8eCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

82:94:0e:33:fc:69:64:53:ad:bc:cc:95:e7:12:5f:5f:ef:3f:63:21:1b:af:c7:9a:81:a5:14:c3:78:76:70:18Signer

05:e8:a4:83:c1:ef:5e:36:76:72:7c:33:fb:41:e8:dc:49:c3:cc:0aSigner

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ws2_32

mpr

comctl32

version

credui

setupapi

crypt32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

winhttp

psapi

Sections

.text Size: 746KB - Virtual size: 745KB

.rdata Size: 181KB - Virtual size: 181KB

.data Size: 36KB - Virtual size: 182KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 49KB - Virtual size: 49KB

33:00:00:00:cc:cb:b8:13:eb:5d:72:2d:45:00:00:00:00:00:cc
Certificate

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

82:94:0e:33:fc:69:64:53:ad:bc:cc:95:e7:12:5f:5f:ef:3f:63:21:1b:af:c7:9a:81:a5:14:c3:78:76:70:18
Signer

05:e8:a4:83:c1:ef:5e:36:76:72:7c:33:fb:41:e8:dc:49:c3:cc:0a
Signer

.text
Size: 746KB - Virtual size: 745KB

.rdata
Size: 181KB - Virtual size: 181KB

.data
Size: 36KB - Virtual size: 182KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 49KB - Virtual size: 49KB