procexp 16[.]21支持win7[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

procexp 16.21支持win7.exe
Size

2.5MB
MD5

f521d77ed0f1b9e61cf6ca52f74af924
SHA1

82df1881cdd78449a05548d487d9b093c4aecb72
SHA256

865d1fa7e7752020f16eba65f3fcb632d7b260bb8141b1f1dd61bf93e445549b
SHA512

fee8d6ad7a49ae4b780af223268d8169ecdee13f9a71773c982b48f96e0a3e19af2ae1c298aac3977d0898aaa90a7e6880f4216a173236310eef06ea511dbe3c
SSDEEP

24576:aISc2BFYRtiY+u7VPqmEQkQUsjdJgZHeZlGQbrht/TSWqJNG4WLbVDeupgWfyqBZ:aISc2oiZuZ1fJeeZkGLOWnVDPj7Om3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
procexp 16.21支持win7.exe

Files

procexp 16.21支持win7.exe
.exe windows:5 windows x86 arch:x86

437a32d267729d488159d2bd5a001700

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

ColorHLSToRGB
ColorRGBToHLS
ord176
UrlUnescapeW

ws2_32

ntohl
htonl
htons
gethostbyaddr
getservbyport
WSAStartup
ntohs

mpr

WNetGetConnectionW

comctl32

ImageList_Create
CreateStatusWindowW
CreatePropertySheetPageW
ord410
ord8
ord413
ImageList_ReplaceIcon
ImageList_Add
InitCommonControlsEx
ImageList_Destroy
ImageList_DrawEx
ord17
PropertySheetW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

credui

CredUIPromptForCredentialsW

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

crypt32

CertDuplicateCertificateContext
CertGetNameStringW

kernel32

VirtualQueryEx
GetProcessAffinityMask
GetCurrentProcessId
SetThreadAffinityMask
SetFilePointer
GetSystemDirectoryW
DeleteFileW
SearchPathW
OpenThread
GetThreadContext
SuspendThread
ResumeThread
Thread32First
Thread32Next
ResetEvent
QueryPerformanceCounter
QueryPerformanceFrequency
IsBadReadPtr
GetEnvironmentVariableW
GlobalMemoryStatus
SetProcessWorkingSetSize
TerminateProcess
GetProcessId
PulseEvent
SetPriorityClass
GetComputerNameW
VirtualAlloc
VirtualFree
GetProcessWorkingSetSize
DeviceIoControl
DuplicateHandle
OutputDebugStringW
GetDriveTypeW
GetCurrentDirectoryW
WideCharToMultiByte
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetSystemInfo
ExpandEnvironmentStringsA
LoadLibraryA
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
GetModuleHandleExW
ExitProcess
GetCurrentThreadId
IsProcessorFeaturePresent
RtlUnwind
IsDebuggerPresent
EncodePointer
GetStringTypeW
lstrlenA
lstrcmpiW
lstrcmpW
ReadProcessMemory
OpenEventW
SetLastError
IsBadStringPtrW
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
DeleteCriticalSection
Module32NextW
Module32FirstW
TerminateThread
GlobalUnlock
GlobalLock
GlobalReAlloc
GlobalAlloc
FindResourceExW
FindResourceW
SizeofResource
LoadResource
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
GetCommandLineW
GetFileType
LocalAlloc
FormatMessageW
GlobalAddAtomW
GetTickCount
MulDiv
GetFileSizeEx
GetExitCodeThread
CreateThread
CreateEventW
WaitForMultipleObjects
WaitForSingleObject
SetEvent
EnterCriticalSection
GetCurrentThread
LeaveCriticalSection
FindNextFileW
FindClose
MultiByteToWideChar
GetModuleHandleW
ReadFile
LoadLibraryExW
FreeLibrary
GetPrivateProfileStringW
FindFirstFileW
GetFileAttributesW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetNumberFormatW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
CreateFileW
GetFullPathNameW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
CreateProcessW
GetModuleFileNameW
LoadLibraryW
CreateFileMappingW
TlsSetValue
TlsAlloc
lstrlenW
UnmapViewOfFile
MapViewOfFile
FormatMessageA
FileTimeToSystemTime
FileTimeToLocalFileTime
CloseHandle
GetFileTime
WriteFile
GetStdHandle
GetFileSize
Sleep
InitializeCriticalSection
SetErrorMode
GetLastError
ExitThread
GetCurrentProcess
OpenProcess
LocalFree
GetVersion
GetProcAddress
InterlockedDecrement
InterlockedIncrement
TlsGetValue
FlushFileBuffers
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
SetFilePointerEx
SetStdHandle
WriteConsoleW
ReadConsoleW
SetEndOfFile
SetEnvironmentVariableA

user32

CopyImage
GetWindow
GetDesktopWindow
KillTimer
MsgWaitForMultipleObjects
GetDlgCtrlID
CheckRadioButton
SendMessageTimeoutW
PeekMessageW
GetUserObjectSecurity
SetUserObjectSecurity
IsDialogMessageW
DrawIconEx
CheckMenuRadioItem
WindowFromPoint
RedrawWindow
TrackPopupMenu
RemoveMenu
CreateMenu
DrawMenuBar
LoadMenuW
TranslateAcceleratorW
LoadAcceleratorsW
IsWindowEnabled
GetDlgItemTextW
CreateDialogParamW
IsWindow
PostQuitMessage
ExitWindowsEx
DispatchMessageW
TranslateMessage
GetMessageW
DrawEdge
RegisterWindowMessageW
GetWindowDC
SetMenuItemInfoW
IsIconic
ShowWindowAsync
SystemParametersInfoW
EnumWindows
SetClassLongW
GetWindowTextW
InvalidateRgn
TrackPopupMenuEx
ModifyMenuW
AppendMenuW
GetMenuItemCount
GetMenuItemID
EnableMenuItem
CreatePopupMenu
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetWindowPlacement
LoadIconW
SetWindowPlacement
DefMDIChildProcW
DefFrameProcW
DefDlgProcW
CreateIconIndirect
FrameRect
ClientToScreen
IsWindowVisible
DestroyWindow
GetClassNameW
EnumChildWindows
PtInRect
UnionRect
CopyRect
ScreenToClient
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsZoomed
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DrawFrameControl
ChildWindowFromPoint
SetDlgItemTextW
DialogBoxParamW
MoveWindow
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
GetScrollInfo
SetScrollInfo
GetParent
GetClassLongW
SetWindowLongW
GetWindowLongW
OffsetRect
IntersectRect
InflateRect
FillRect
GetSysColorBrush
GetSysColor
MapWindowPoints
GetCursorPos
SendMessageW
WaitForInputIdle
ShowWindow
SetFocus
GetSystemMetrics
GetMenu
CheckMenuItem
GetSubMenu
InsertMenuW
GetWindowRect
GetClientRect
GetPropW
SetPropW
ScrollWindowEx
ValidateRect
InvalidateRect
GetUpdateRgn
GetUpdateRect
EndPaint
BeginPaint
UpdateWindow
DrawTextW
SetTimer
ReleaseCapture
SetCapture
DeleteMenu
SetForegroundWindow
MessageBoxW
SetCursor
FindWindowW
FindWindowExW
GetWindowThreadProcessId
LoadCursorW
DestroyIcon
LoadImageW
EnumDisplaySettingsW
GetDC
ReleaseDC
GetCapture
GetKeyState
GetFocus
SetWindowPos
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
PostMessageW
LoadStringW
RegisterClassW

gdi32

SetMapMode
Polyline
SelectObject
SetBkColor
SetBkMode
SetTextColor
StartDocW
EndDoc
StartPage
EndPage
CreateFontIndirectW
GetTextExtentPoint32W
GetTextMetricsW
MoveToEx
SetROP2
SaveDC
RestoreDC
Rectangle
LineTo
ExtTextOutW
CreateDIBSection
GetObjectW
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
GetBkColor
GetBkMode
GetDeviceCaps
GetStockObject
RectInRegion
SelectClipRgn
SetTextAlign

comdlg32

FindTextW
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW
PrintDlgW
ChooseFontW

advapi32

RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
LookupPrivilegeNameW
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetKernelObjectSecurity
CreateProcessAsUserW
RegConnectRegistryW
FlushTraceW
ConvertSidToStringSidW
LsaEnumerateAccountRights
RegCloseKey
LsaOpenPolicy
LsaClose
LsaFreeMemory
SetSecurityInfo
GetSecurityInfo
AddAccessAllowedAce
GetAce
AddAce
InitializeAcl
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
IsValidSid
SetTokenInformation
QueryServiceConfigW
CopySid
RevertToSelf
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
EqualSid
AllocateAndInitializeSid
GetLengthSid
CloseTrace
ProcessTrace
OpenTraceW
ControlTraceW
StartTraceW
SetServiceObjectSecurity
QueryServiceObjectSecurity
MapGenericMask
RegCreateKeyW
StartServiceW
QueryServiceStatus
FreeSid
LookupAccountSidW
LookupAccountNameW
LookupPrivilegeValueW
ImpersonateLoggedOnUser
DuplicateTokenEx
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
RegLoadKeyW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegUnLoadKeyW
RegQueryValueW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegDeleteValueW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
ControlService

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetMalloc
Shell_NotifyIconW
ShellExecuteExW
SHGetFileInfoW
ShellExecuteW

ole32

CoGetInterfaceAndReleaseStream
CoInitialize
CoInitializeEx
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoMarshalInterThreadInterfaceInStream
CoTaskMemFree

oleaut32

SafeArrayGetLBound
SysAllocStringLen
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocString
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType
SafeArrayDestroy
SafeArrayGetUBound

winhttp

WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpWriteData

psapi

GetModuleFileNameExW

Sections

.text
Size: 746KB - Virtual size: 745KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

437a32d267729d488159d2bd5a001700

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ws2_32

mpr

comctl32

version

credui

setupapi

crypt32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

winhttp

psapi

Sections

.text Size: 746KB - Virtual size: 745KB

.rdata Size: 181KB - Virtual size: 181KB

.data Size: 36KB - Virtual size: 182KB

.rsrc Size: 1.5MB - Virtual size: 1.6MB

.reloc Size: 49KB - Virtual size: 49KB

.text
Size: 746KB - Virtual size: 745KB

.rdata
Size: 181KB - Virtual size: 181KB

.data
Size: 36KB - Virtual size: 182KB

.rsrc
Size: 1.5MB - Virtual size: 1.6MB

.reloc
Size: 49KB - Virtual size: 49KB