CredentialUIBroker[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CredentialUIBroker.exe
Size

170KB
MD5

bd7b6d1e03dee92bf86ed7481ede59a0
SHA1

c31126e9292670bb7396c9b95ba3260974b7a933
SHA256

2dcf110e73e5fc6dadeef47d3af597c3582135ba97b2ae1cf94de329d1d65fe6
SHA512

e569dfad9195ff19098338fcd90e20a58fee428a8e9d4e83014e231c4d5ea00ba4dfec0792cc039f38b09936ae63d67ab9e462e230f92bfaa15373342079dc2e
SSDEEP

3072:Dukl9RJsi/unl/OzwDSBYSVMldLSwX1XO3QV4jUOyYuyOUbG9jNgI/Ul:Dukl9RJsi/ungzwDAqLSwXVO3QV44OrX

Score

1^/10

Malware Config

Signatures

Files

CredentialUIBroker.exe
.exe windows:10 windows x64 arch:x64

63de4429b0797481145bd1b3583a0823

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:a2:2f:01:94:4c:56:43:ef:2c:d1:c5:f2:22:b8:df:04:e2:96:65:88:bd:d1:47:58:06:98:5f:c9:f7:90:94
Signer

Actual PE Digest

72:a2:2f:01:94:4c:56:43:ef:2c:d1:c5:f2:22:b8:df:04:e2:96:65:88:bd:d1:47:58:06:98:5f:c9:f7:90:94

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EventActivityIdControl
GetTokenInformation
EventUnregister
RegGetValueW
RegOpenKeyExW
CheckTokenMembership
OpenProcessToken
RegEnumKeyExW
EventSetInformation
AllocateAndInitializeSid
EventRegister
EventWriteTransfer
RegQueryInfoKeyW
RegCloseKey

kernel32

GetModuleFileNameA
FindStringOrdinal
InitOnceBeginInitialize
InitOnceExecuteOnce
CreateSemaphoreExW
HeapFree
SetLastError
CreateEventExW
EnterCriticalSection
ReleaseSemaphore
RegisterWaitForSingleObject
GetModuleHandleExW
UnregisterWait
GetProcessId
EncodePointer
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
OpenEventW
ReleaseMutex
OpenProcess
CreateEventW
GetExitCodeThread
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
SetEvent
CloseThreadpoolTimer
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
RaiseException
CreateThreadpoolTimer
CreateThread
HeapAlloc
DecodePointer
GetProcAddress
CreateMutexExW
LocalFree
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
QueryFullProcessImageNameW
DebugBreak
IsDebuggerPresent
DelayLoadFailureHook
ResolveDelayLoadedAPI
GlobalGetAtomNameW

user32

GetMessageW
GetWindowThreadProcessId
GetWindowRect
ord2521
GetWindowBand
IsWindow
IsWindowVisible
GetPropW
GetDesktopWindow
PostQuitMessage
DispatchMessageW
TranslateMessage
PostThreadMessageW
GetShellWindow

msvcrt

free
exit
_amsg_exit
memcmp
_callnewh
malloc
wcschr
_exit
__set_app_type
_initterm
__wgetmainargs
_cexit
__setusermatherr
memcpy
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
memmove_s
_purecall
memcpy_s
_vsnwprintf
__CxxFrameHandler3
_commode
_fmode
_wcmdln
__C_specific_handler
_XcptFilter
memset

shlwapi

SHSetThreadRef

api-ms-win-core-com-l1-1-0

CoAddRefServerProcess
CoTaskMemAlloc
CoCreateGuid
CoWaitForMultipleHandles
StringFromGUID2
CoUninitialize
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoRevokeClassObject
CoTaskMemFree
CoInitializeEx
CoRegisterClassObject
CoTaskMemRealloc
CoGetCallContext
CoReleaseServerProcess
CoResumeClassObjects

oleaut32

SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsDuplicateString
WindowsCreateString
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoUninitialize
RoInitialize
RoRevokeActivationFactories
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-security-base-l1-1-0

GetLengthSid
CopySid

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-heap-l2-1-0

LocalAlloc

ntdll

RtlFreeHeap
NtQueryInformationToken
RtlInitUnicodeString
RtlEqualSid
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlIsParentOfChildAppContainer

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63de4429b0797481145bd1b3583a0823

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3bCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

72:a2:2f:01:94:4c:56:43:ef:2c:d1:c5:f2:22:b8:df:04:e2:96:65:88:bd:d1:47:58:06:98:5f:c9:f7:90:94Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

shlwapi

api-ms-win-core-com-l1-1-0

oleaut32

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l2-1-0

ntdll

Sections

.text Size: 100KB - Virtual size: 98KB

.imrsiv Size: - Virtual size: 4B

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 4KB - Virtual size: 3KB

.pdata Size: 8KB - Virtual size: 6KB

.didat Size: 4KB - Virtual size: 32B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 936B

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

72:a2:2f:01:94:4c:56:43:ef:2c:d1:c5:f2:22:b8:df:04:e2:96:65:88:bd:d1:47:58:06:98:5f:c9:f7:90:94
Signer

.text
Size: 100KB - Virtual size: 98KB

.imrsiv
Size: - Virtual size: 4B

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 8KB - Virtual size: 6KB

.didat
Size: 4KB - Virtual size: 32B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 936B