Explorer (1)[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Explorer (1).exe
Size

1.8MB
MD5

e18e3e97006f26595b73a76ff9836fa9
SHA1

e43b33f3ef1183b43df1496cbbabd456afd50b75
SHA256

1e2ac076bd8af7d01eed4476d0d10472a4aa31bc5f1b41364d97af674b115db3
SHA512

a4a620b8e64867b43ac1a6589d0265d92dc3ed682e66d5b9ef9e3bb50ba9c5cb8a07ff20be7ccc6d48690903ea84dda94138a56b57c3fd260aee53c571307469
SSDEEP

24576:h6k7pOBF4uXElXx9xK9efv35/TPh3caSKs/hkz2Z9eOeOp8lQ/8leeRVOljoZ:hR7pOBFoD9xK9efPhJbS3hZrp8ekVO8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Explorer (1).exe

Files

Explorer (1).exe
.exe windows:5 windows x64 arch:x64

9cc532aaeadf1bf53d5b2f8cabc76755

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\David\Documents\Visual Studio 2010\Projects\Explorer++ 1.3.5 (Tag - DON'T UPDATE)\Explorer++\Explorer++\x64\Release\Explorer++.pdb

Imports

shell32

SHFreeNameMappings
ShellExecuteExW
SHBrowseForFolderW
ShellExecuteW
SHBindToParent
ord23
ord2
SHGetFolderLocation
ord16
ord17
ord18
SHGetDesktopFolder
ord727
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ord152
SHGetFileInfoW
ord25
SHGetFolderPathW
ord71
DragQueryFileW
SHFileOperationW

gdiplus

GdipCreatePath
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDeletePath
GdipGetAllPropertyItems
GdipGetPropertySize
GdipSetPathGradientCenterColor
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipGetImageWidth
GdipAddPathRectangleI
GdipCreatePathGradientFromPath
GdiplusShutdown
GdipSetPathGradientCenterPointI
GdipCloneImage
GdipLoadImageFromFile
GdipFree
GdipAlloc
GdipDisposeImage
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipCreatePen1
GdipDeletePen
GdiplusStartup
GdipDrawLineI
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0

shlwapi

StrCatW
PathStripPathW
PathRemoveExtensionW
PathIsDirectoryW
StrRetToBufW
PathStripToRootW
StrChrW
PathAppendW
PathFindExtensionW
PathRemoveFileSpecW
StrCmpLogicalW
PathCombineW
StrCmpW
PathIsUNCW
PathIsRootW
SHDeleteKeyW
PathRemoveBlanksW
StrCmpIW
PathIsSameRootW
SHAutoComplete
PathRemoveBackslashW
PathRenameExtensionW
SHStrDupW
PathIsRelativeW
PathIsURLW
PathCanonicalizeW

psapi

GetModuleFileNameExW

mpr

WNetGetUniversalNameW

uxtheme

SetWindowTheme

winmm

PlaySoundW

kernel32

GetSystemTime
GetModuleHandleW
SetLastError
DeactivateActCtx
GetLastError
LoadLibraryW
GetProcAddress
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleFileNameW
GetModuleHandleExW
QueryActCtxW
OutputDebugStringA
lstrlenW
GlobalLock
GlobalUnlock
lstrcmpiW
GetFileAttributesExW
GetLogicalDriveStringsW
lstrcmpW
InitializeCriticalSection
GetVersionExW
FreeLibrary
CreateThread
SetThreadPriority
CloseHandle
DeleteCriticalSection
CreateFileW
GetFileSizeEx
ReadFile
WriteFile
EnterCriticalSection
LeaveCriticalSection
GetDriveTypeW
GetCurrentDirectoryW
GetComputerNameW
MultiByteToWideChar
GlobalMemoryStatusEx
GetFileAttributesW
GetDiskFreeSpaceExW
GetVolumeInformationW
SleepEx
QueueUserAPC
GetUserDefaultUILanguage
FindFirstFileW
FindNextFileW
FindClose
SetCurrentDirectoryW
GetLocaleInfoW
SetFileAttributesW
SetFileTime
WideCharToMultiByte
GlobalAlloc
CreateMutexW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCommandLineW
SetUnhandledExceptionFilter
OpenProcess
GetFullPathNameW
GetCurrentDirectoryA
GetProcessHeap
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetSystemTimeAsFileTime
CreateFileA
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
HeapSize
HeapCreate
GetVersion
HeapSetInformation
GetStdHandle
ExitProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetCPInfo
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
RaiseException
GetTimeFormatA
GetDateFormatA
GetStartupInfoW
GetCommandLineA
HeapReAlloc
HeapFree
HeapAlloc
DecodePointer
EncodePointer
Sleep
GetStringTypeW
CompareFileTime
ResetEvent
GetCurrentThread
CancelIo
ReadDirectoryChangesW
SetEvent
SetErrorMode
WaitForSingleObject
CreateEventW
ExitThread
GlobalSize
DeleteFileW
CreateHardLinkW
LocalFileTimeToFileTime
CreateDirectoryW
CompareStringW
LCMapStringW
FlushFileBuffers
SetFileValidData
SetEndOfFile
SetFilePointerEx
GetDiskFreeSpaceW
SetFilePointer
GetFileInformationByHandle
GetUserDefaultLangID
GlobalFree
LocalFree
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileSize
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcpyW
GetTickCount
FormatMessageA

user32

UnregisterDeviceNotification
GetSysColorBrush
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
IsDialogMessageW
GetMessageW
SetRect
DrawIconEx
RedrawWindow
EndPaint
BeginPaint
GetUpdateRect
RegisterClassW
DrawTextW
DrawEdge
GetMenuState
FrameRect
GetSysColor
GetTabbedTextExtentW
GetMenuStringW
SystemParametersInfoW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnableMenuItem
CreateDialogParamW
RegisterDeviceNotificationW
AppendMenuW
wsprintfW
LoadImageW
SendMessageW
LoadBitmapW
LoadAcceleratorsW
SetWindowPlacement
GetSystemMetrics
FindWindowW
RegisterClipboardFormatW
CopyIcon
FindWindowExW
WindowFromPoint
GetCapture
SetCapture
ReleaseCapture
UnregisterClassW
GetClassLongPtrW
GetMenuBarInfo
PrintWindow
IsWindowVisible
IsIconic
RegisterClassExW
CreateWindowExW
SendDlgItemMessageW
SetTimer
ShowWindow
GetWindowPlacement
EnableWindow
GetCursorPos
DestroyWindow
ChangeClipboardChain
MoveWindow
SetClipboardViewer
SetMenu
RegisterWindowMessageW
IsClipboardFormatAvailable
PostMessageW
ClientToScreen
IntersectRect
UpdateWindow
SetMenuInfo
CreatePopupMenu
GetMenuItemID
DefWindowProcW
SetWindowLongPtrW
PostQuitMessage
LoadCursorW
SetCursor
TrackPopupMenu
LoadMenuW
DestroyMenu
SetForegroundWindow
GetKeyState
CallWindowProcW
PtInRect
ReleaseDC
GetDC
GetWindowLongPtrW
GetIconInfo
CheckMenuItem
CheckMenuRadioItem
GetWindowLongW
GetFocus
GetDlgItemInt
SetDlgItemInt
LoadIconW
SetClassLongPtrW
FillRect
GetClientRect
InvalidateRect
InsertMenuW
CreateMenu
GetMenuItemCount
GetMessagePos
SetMenuItemInfoW
GetSubMenu
GetMenu
DeleteMenu
GetMenuItemInfoW
InsertMenuItemW
GetWindowTextW
CheckDlgButton
MessageBoxW
ScreenToClient
InflateRect
MapWindowPoints
OffsetRect
GetWindowRect
DialogBoxParamW
IsDlgButtonChecked
GetWindowTextLengthW
SetWindowPos
SetFocus
SetWindowTextW
DestroyIcon
GetDlgItem
EndDialog
GetParent
SetDlgItemTextW
GetDlgItemTextW
LoadStringW
KillTimer

gdi32

TextOutW
CreateCompatibleBitmap
BitBlt
DeleteDC
StretchBlt
SetBrushOrgEx
SetStretchBltMode
SelectObject
CreateCompatibleDC
GetBitmapDimensionEx
SetBitmapDimensionEx
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
CreateFontW
GetStockObject
SetBkMode
SetTextColor
CreateSolidBrush
DeleteObject

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegOpenKeyA
RegQueryValueExA
CryptGenRandom
CryptAcquireContextW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetTokenInformation
ConvertSidToStringSidW
LookupAccountSidW
GetSecurityInfo
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoUninitialize
CLSIDFromString
OleSetClipboard
OleDuplicateData
StgCreateStorageEx
CoInitializeEx
OleGetClipboard
DoDragDrop
CoTaskMemFree
RegisterDragDrop
CoCreateInstance
ReleaseStgMedium
RevokeDragDrop
CoTaskMemAlloc
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

iphlpapi

GetAdaptersAddresses

userenv

ExpandEnvironmentStringsForUserW

comctl32

ord410
ord412
ord413
ImageList_Draw

winspool.drv

GetPrinterW
OpenPrinterW
ClosePrinter

comdlg32

GetSaveFileNameW

Sections

.text
Size: 989KB - Virtual size: 988KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 448KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cc532aaeadf1bf53d5b2f8cabc76755

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

gdiplus

shlwapi

psapi

mpr

uxtheme

winmm

kernel32

user32

gdi32

advapi32

ole32

oleaut32

version

iphlpapi

userenv

comctl32

winspool.drv

comdlg32

Sections

.text Size: 989KB - Virtual size: 988KB

.rdata Size: 241KB - Virtual size: 241KB

.data Size: 69KB - Virtual size: 95KB

.pdata Size: 50KB - Virtual size: 49KB

text Size: 3KB - Virtual size: 2KB

data Size: 10KB - Virtual size: 9KB

.rsrc Size: 448KB - Virtual size: 448KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 989KB - Virtual size: 988KB

.rdata
Size: 241KB - Virtual size: 241KB

.data
Size: 69KB - Virtual size: 95KB

.pdata
Size: 50KB - Virtual size: 49KB

text
Size: 3KB - Virtual size: 2KB

data
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 448KB - Virtual size: 448KB

.reloc
Size: 9KB - Virtual size: 8KB