EaseOfAccessDialog[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

EaseOfAccessDialog.exe
Size

336KB
MD5

25779734eb7c795a7954140768dfdaad
SHA1

757eda3776e6e1da80a51c3a10b8ddb41cd531aa
SHA256

fe67ba13cd09a6dd26f70e123c65f7cb7d0d2762ab52ea3dcb13b015656f579e
SHA512

7a03ec8fb0d159c2aa099eede35b3d55e9dfda16db13a11165b0917cbb423e0bded422ed6b1c78b2d2755ad2ef8e75b57944fc1ca9e2ed6fc7c68c9fa1122e07
SSDEEP

3072:7ZJT7Ede0Biul0Zavht1sJp5uQwrnWdluNhlvA2aPjR+nne5v7EUeIZ+n+Av7EUq:7nT7EzBiuwe1sJp5JspA2mPKcvh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EaseOfAccessDialog.exe

Files

EaseOfAccessDialog.exe
.exe windows:10 windows x64 arch:x64

edd96c3dae8ec66b1693f69ca5866bad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EventRegister
EventUnregister
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
TraceMessage
RegEnumValueW
RegDeleteTreeW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
EventSetInformation
EventWriteTransfer
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegLoadMUIStringW

kernel32

InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
HeapSize
HeapReAlloc
HeapDestroy
InitializeCriticalSection
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
ExpandEnvironmentStringsW
GetLocaleInfoEx
CompareStringOrdinal
InitOnceComplete
LoadLibraryW
InterlockedPushEntrySList
OpenMutexW
MulDiv
LocalFree
OpenProcess
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CreateProcessW
DeleteProcThreadAttributeList
GetFileAttributesW
DeleteFileW
K32EnumProcesses
ProcessIdToSessionId
K32EnumProcessModules
LoadResource
FindResourceExW
LockResource
MultiByteToWideChar
CreateMutexW
GetProductInfo
SizeofResource
RaiseException
HeapSetInformation
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
GetThreadPreferredUILanguages
GetModuleFileNameA
AcquireSRWLockExclusive
CloseThreadpoolTimer
FreeLibrary
OpenJobObjectW
IsProcessInJob
CreateEventW
SetEvent
OOBEComplete
VirtualProtect
LoadLibraryExA
GetSystemInfo
VirtualQuery
InitializeCriticalSectionAndSpinCount
ResetEvent
K32GetModuleBaseNameW

user32

MessageBoxW
SetWindowTextW
SetWindowPos
LoadStringW
SystemParametersInfoW
SetFocus
GetFocus
GetWindowRect
GetWindowLongW
AdjustWindowRectExForDpi
ShowWindow
DispatchMessageW
TranslateMessage
GetMessageW
PostQuitMessage
DestroyWindow
PostMessageW
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
MoveWindow
IsWindow
CreateWindowExW
RegisterClassExW
MonitorFromWindow
GetMonitorInfoW
GetDpiForWindow
SetForegroundWindow
SetDesktopColorTransform
SendNotifyMessageW
GetWindowThreadProcessId
GetShellWindow
GetKeyState
SendInput
GetThreadDesktop
SetTimer
GetUserObjectInformationW
KillTimer
UnregisterClassA
LoadIconW

api-ms-win-crt-string-l1-1-0

wcscspn
memmove_s
wcscmp
memset
strncmp
wcsspn

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__ltow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr_s
_o__wtoi
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
wcsrchr
wcschr
wcsstr
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
memmove

ntdll

RtlCaptureContext
WinSqmIncrementDWORD
NtQueryWnfStateData
WinSqmIsOptedIn
WinSqmAddToStream
RtlVirtualUnwind
RtlLookupFunctionEntry

oleacc

AccessibleObjectFromWindow

ole32

CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoInitialize

oleaut32

SysFreeString
SysAllocString
SetErrorInfo
SysStringLen
GetErrorInfo

shell32

ShellExecuteW

shcore

IsProcessInIsolatedContainer

dui70

InitProcessPriv
InitThread
?Create@NativeHWNDHost@DirectUI@@SAJPEBG0PEAUHWND__@@PEAUHICON__@@HHHHHHPEAUHINSTANCE__@@IPEAPEAV12@@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?GetHWND@NativeHWNDHost@DirectUI@@QEAAPEAUHWND__@@XZ
?ShowWindow@NativeHWNDHost@DirectUI@@QEAAXH@Z
StartMessagePump
?Destroy@NativeHWNDHost@DirectUI@@QEAAXXZ
UnInitThread
UnInitProcessPriv
?_OnUIStateChanged@HWNDElement@DirectUI@@MEAAXGG@Z
?Initialize@HWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z
??1HWNDElement@DirectUI@@UEAA@XZ
??0HWNDElement@DirectUI@@QEAA@XZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?Register@HWNDElement@DirectUI@@SAJXZ
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UEAAXPEAPEBGPEAI@Z
?WndProc@HWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
?CreateStyleParser@HWNDElement@DirectUI@@UEAAJPEAPEAVDUIXmlParser@2@@Z
?RemoveTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?ActivateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@K@Z
?UpdateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnWmSettingChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UEAAXPEAUtagMSG@@PEA_J@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UEAAXPEAUKeyboardEvent@2@@Z
?OnInput@HWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z
?OnEvent@HWNDElement@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnDestroy@HWNDElement@DirectUI@@UEAAXXZ
?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?Host@NativeHWNDHost@DirectUI@@QEAAXPEAVElement@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?DoubleBuffered@Element@DirectUI@@QEAAX_N@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Destroy@Layout@DirectUI@@QEAAXXZ
?Create@FillLayout@DirectUI@@SAJPEAPEAVLayout@2@@Z
?LoadFromResource@DUIFactory@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG1PEAVElement@2@PEAKPEAPEAV42@1@Z
??1DUIFactory@DirectUI@@QEAA@XZ
??0DUIFactory@DirectUI@@QEAA@PEAUHWND__@@@Z
?DestroyWindow@NativeHWNDHost@DirectUI@@QEAAXXZ
?GetClassInfoW@HWNDElement@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ
?IsMSAAEnabled@HWNDElement@DirectUI@@UEAA_NXZ
?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
?SetLayout@Element@DirectUI@@QEAAJPEAVLayout@2@@Z
?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?GetKeyFocusedElement@HWNDElement@DirectUI@@SAPEAVElement@2@XZ
?Click@Button@DirectUI@@SA?AVUID@@XZ
?GetClassInfoPtr@CCPushButton@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetID@Element@DirectUI@@QEAAGXZ
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
StrToID

dwmapi

DwmSetWindowAttribute

msvcp_win

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xbad_alloc@std@@YAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ

Sections

.text
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edd96c3dae8ec66b1693f69ca5866bad

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

ntdll

oleacc

ole32

oleaut32

shell32

shcore

dui70

dwmapi

msvcp_win

Sections

.text Size: 184KB - Virtual size: 180KB

.rdata Size: 116KB - Virtual size: 114KB

.data Size: 8KB - Virtual size: 7KB

.pdata Size: 12KB - Virtual size: 11KB

.didat Size: 4KB - Virtual size: 16B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 856B

.text
Size: 184KB - Virtual size: 180KB

.rdata
Size: 116KB - Virtual size: 114KB

.data
Size: 8KB - Virtual size: 7KB

.pdata
Size: 12KB - Virtual size: 11KB

.didat
Size: 4KB - Virtual size: 16B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 856B