ProximityUxHost[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ProximityUxHost.exe
Size

227KB
MD5

b765418464a273d6c1122f54aae20a3a
SHA1

710ff1952e0ba21c73a635fcbd57f357877849b6
SHA256

70ee182597dd295af5ca1d47e1ae2ef03e14cb21dec1ae1acd415938102b93da
SHA512

8b911d84f8ff3fca02fa502c80454b777443885675a06a4896713fef53320913cf36ab41be993ce325952ccd06ae81f9a2f6ea5475ba452d2499f50ab2da3657
SSDEEP

3072:EeYZoXSK+erS1g7UPx+4PeEKh7aq9n4443BXm+8tfnaB/v6FgzP5S:EjV0h2q43BXm+8xn0MgzhS

Score

1^/10

Malware Config

Signatures

Files

ProximityUxHost.exe
.exe windows:10 windows x86

3900aff9e004ca28350339d93c692287

Code Sign

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bc
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/08/2015, 17:15

Not After

18/11/2016, 17:15

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:92:9b:82:73:3f:cd:6c:bb:67:df:52:fd:e2:cb:47:94:d7:5e:1a:e9:d0:e1:b8:76:b2:08:87:80:03:32:bf
Signer

Actual PE Digest

18:92:9b:82:73:3f:cd:6c:bb:67:df:52:fd:e2:cb:47:94:d7:5e:1a:e9:d0:e1:b8:76:b2:08:87:80:03:32:bf

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_purecall
qsort_s
rand
srand
_except_handler4_common
_controlfp
?terminate@@YAXXZ
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
_wcmdln
__setusermatherr
__p__fmode
_cexit
_exit
exit
wcsrchr
__set_app_type
__wgetmainargs
_amsg_exit
_vsnwprintf
memcpy_s
malloc
memcpy
memcmp
__p__commode
_XcptFilter
_initterm
free
_callnewh
memset

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-synch-l1-2-0

CreateEventExW
WaitForMultipleObjectsEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitOnceBeginInitialize
SetEvent
InitOnceComplete
ResetEvent
CreateEventW
LeaveCriticalSection
CreateSemaphoreExW
EnterCriticalSection
AcquireSRWLockShared
ReleaseSemaphore
InitializeCriticalSection
ReleaseMutex
DeleteCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
TryEnterCriticalSection
CreateMutexExW
Sleep
WaitForSingleObject
InitializeCriticalSectionEx
ReleaseSRWLockShared
CreateMutexW

api-ms-win-core-com-l1-1-1

CoGetApartmentType
CoCreateFreeThreadedMarshaler
PropVariantClear
CoReleaseServerProcess
CoAddRefServerProcess
CoCreateInstance
CoWaitForMultipleHandles
CoTaskMemAlloc
CoGetMalloc
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoTaskMemFree
CoTaskMemRealloc
RoGetAgileReference
CoInitializeEx
CoEnableCallCancellation
CoUninitialize
CoCancelCall
CoDisableCallCancellation

api-ms-win-shcore-thread-l1-1-0

SHCreateThreadRef
SHSetThreadRef
SHCreateThread

api-ms-win-core-processthreads-l1-1-2

TlsSetValue
TlsFree
GetCurrentThreadId
GetStartupInfoW
TlsGetValue
GetCurrentProcessId
TlsAlloc
GetCurrentProcess
TerminateProcess
CreateThread

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoRevokeActivationFactories
RoUninitialize
RoGetActivationFactory
RoActivateInstance
RoInitialize

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWrite
EventUnregister
EventActivityIdControl
EventWriteTransfer
EventRegister

api-ms-win-core-winrt-error-l1-1-1

RoOriginateErrorW
SetRestrictedErrorInfo
RoGetMatchingRestrictedErrorInfo
RoOriginateError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-string-l1-1-0

WindowsCompareStringOrdinal
WindowsStringHasEmbeddedNull
WindowsGetStringLen
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCreateString
WindowsSubstringWithSpecifiedLength
WindowsDeleteString
WindowsIsStringEmpty
WindowsCreateStringReference

api-ms-win-core-libraryloader-l1-2-0

LoadResource
LoadLibraryExW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA
FindResourceExW
FreeLibraryAndExitThread
FreeLibrary
GetModuleHandleA
LockResource

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64

proximitycommon

ord20
ord21
ord22
ord24

proximityservicepal

PAL_RegisterConsoleDisplayStateNotifications
PAL_UnregisterConsoleDisplayStateNotifications

gdi32

D3DKMTNetDispQueryMiracastDisplayDeviceSupport

user32

LoadCursorW
DispatchMessageW
SetCursor
GetMessageW
TranslateMessage
PostMessageW
PostThreadMessageW
IsWindowVisible
SendMessageW
DefWindowProcW
SetForegroundWindow
PostQuitMessage
GetWindowLongW
DestroyWindow
PeekMessageW
KillTimer
LoadStringW
SetTimer
MsgWaitForMultipleObjectsEx

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SysFreeString

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-heap-l1-2-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-appmodel-runtime-l1-1-1

GetPackagesByPackageFamily

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegGetValueW
RegCloseKey
RegSetValueExW

api-ms-win-shlwapi-winrt-storage-l1-1-0

IUnknown_GetWindow
SHCreateWorkerWindowW
AssocQueryStringW

api-ms-win-core-file-l1-2-1

WriteFile
GetTempPathW
CreateFileW
RemoveDirectoryW

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-mm-playsound-l1-1-0

PlaySoundW

api-ms-win-devices-query-l1-1-1

DevCloseObjectQuery
DevGetObjectPropertiesEx
DevFreeObjectProperties
DevCreateObjectQuery
DevCreateObjectQueryFromId

api-ms-win-shcore-sysinfo-l1-1-0

SetCurrentProcessExplicitAppUserModelID

api-ms-win-core-kernel32-legacy-l1-1-1

PowerSetRequest
PowerCreateRequest
PowerClearRequest

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileEx

bcrypt

BCryptDestroyKey
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptDecrypt
BCryptGetProperty
BCryptEncrypt
BCryptGenRandom

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
FreeLibraryWhenCallbackReturns
TrySubmitThreadpoolCallback
CallbackMayRunLong
CloseThreadpoolTimer

ws2_32

ntohl
ntohs

shell32

SHCreateItemInKnownFolder
ShellExecuteExW
SHCreateAssociationRegistration

ole32

CoAllowSetForegroundWindow

propsys

PropVariantToStringAlloc

dwmapi

DwmGetWindowAttribute

deviceassociation

DafCloseChallengeContext
DafSelectCeremony
DafStartRemoveAssociation
DafCreateAssociationContext
DafCloseAssociationContext
DafMemFree
DafStartEnumCeremonies
DafStartReadCeremonyData
DafCreateChallengeContext
DafStartDeviceStatusNotification
DafStartFinalize
DafCreateAssociationContextFromOobBlob
DafChallengeDevicePresence

opcservices

ord4
ord7

dui70

?SetValue@Element@DirectUI@@QAEJP6GPBUPropertyInfo@2@XZHPAVValue@2@@Z
?CreateInt@Value@DirectUI@@SGPAV12@HW4DynamicScaleValue@@@Z
?GetClassInfoPtr@ModernProgressBar@DirectUI@@SGPAUIClassInfo@2@XZ
?StateProp@ModernProgressBar@DirectUI@@SGPBUPropertyInfo@2@XZ
?PositionProp@ModernProgressBar@DirectUI@@SGPBUPropertyInfo@2@XZ
?GetRoot@Element@DirectUI@@QAEPAV12@XZ
UnInitProcessPriv
UnInitThread
InitThread
InitProcessPriv
?DeterminateProp@ModernProgressBar@DirectUI@@SGPBUPropertyInfo@2@XZ
DuiCreateObject
?GetValue@Element@DirectUI@@QAEPAVValue@2@P6GPBUPropertyInfo@2@XZHPAUUpdateCache@2@@Z
?CustomProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?CreateString@Value@DirectUI@@SGPAV12@PBGPAUHINSTANCE__@@@Z
?Destroy@DUIXmlParser@DirectUI@@QAEXXZ
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
?AccessibleProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?AddListener@Element@DirectUI@@QAEJPAUIElementListener@2@@Z
?CreateElement@DUIXmlParser@DirectUI@@QAEJPBGPAVElement@2@1PAKPAPAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QAEJIPAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SGJPAPAV12@P6GPAVValue@2@PBGPAX@Z2P6GX11H2@Z2@Z
?VisibleProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?_ZeroRelease@Value@DirectUI@@AAEXXZ
StrToID
?ContentProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?Click@TouchButton@DirectUI@@SG?AVUID@@XZ
?CreateBool@Value@DirectUI@@SGPAV12@_N@Z
?Click@Button@DirectUI@@SG?AVUID@@XZ

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord237

api-ms-win-rtcore-ntuser-private-l1-1-0

CreateWindowInBand

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveBackslashW

api-ms-win-core-url-l1-1-0

UrlUnescapeW

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3900aff9e004ca28350339d93c692287

Code Sign

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bcCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

18:92:9b:82:73:3f:cd:6c:bb:67:df:52:fd:e2:cb:47:94:d7:5e:1a:e9:d0:e1:b8:76:b2:08:87:80:03:32:bfSigner

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

proximitycommon

proximityservicepal

gdi32

user32

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-core-string-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-localization-l1-2-1

api-ms-win-core-heap-l1-2-0

api-ms-win-appmodel-runtime-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-shlwapi-winrt-storage-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-shell-shellfolders-l1-1-0

api-ms-win-shell-shdirectory-l1-1-0

api-ms-win-mm-playsound-l1-1-0

api-ms-win-devices-query-l1-1-1

api-ms-win-shcore-sysinfo-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-shcore-stream-l1-1-0

bcrypt

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-threadpool-l1-2-0

ws2_32

shell32

ole32

propsys

dwmapi

deviceassociation

opcservices

dui70

api-ms-win-shlwapi-winrt-storage-l1-1-1

api-ms-win-rtcore-ntuser-private-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-url-l1-1-0

Sections

.text Size: 182KB - Virtual size: 182KB

.imrsiv Size: - Virtual size: 4B

.data Size: 512B - Virtual size: 1KB

.idata Size: 12KB - Virtual size: 11KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 14KB - Virtual size: 13KB

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bc
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

18:92:9b:82:73:3f:cd:6c:bb:67:df:52:fd:e2:cb:47:94:d7:5e:1a:e9:d0:e1:b8:76:b2:08:87:80:03:32:bf
Signer

.text
Size: 182KB - Virtual size: 182KB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 14KB - Virtual size: 13KB