SearchProtocolHost[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SearchProtocolHost.exe
Size

337KB
MD5

7b8a9bca160593fcc090b7d39e93dd6d
SHA1

9c7757bd858fa51ae302fe9e4d436d2db59bbfc9
SHA256

d6ee481af07b0dc5a5754240127bec2c13e0b391d1c7285992de997d38d8dd6e
SHA512

fe8ef1ec4b6ad4d232939210a096f5f709311c9cc662ffde29cc10366bc37df26afe3c23538bed50488e8e8e0d44dd8c2ceade6bc891de8825b82e78959f8b8e
SSDEEP

6144:wgBsbQ6PtK7u9dcEo77/7dKpHVXqKOyIkU94rkR10efUK3:wgBiQ6lK7ui4pHVXgB94Qztf9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SearchProtocolHost.exe

Files

SearchProtocolHost.exe
.exe windows:10 windows x86 arch:x86

994f18cb9978574a2203372470f204bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

SearchProtocolHost.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_set_error_mode
_initterm

api-ms-win-crt-string-l1-1-0

wcsncmp
memset

api-ms-win-crt-private-l1-1-0

_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow
_o__itow_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsnicmp
_o__wtoi
_o__wtol
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_strerror
_o_terminate
_o_wcsncpy_s
_except_handler4_common
__current_exception
__current_exception_context
_CxxThrowException
_o__get_initial_wide_environment
_o__cexit
_o__callnewh
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o___p__commode
_o___p___wargv
_o___p___argc
_o__controlfp_s
_o__configure_wide_argv
_o__configthreadlocale
_o__exit
__std_terminate
wcschr
__CxxFrameHandler3
memcmp
memcpy
_o__wcsicmp

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation
EventEnabled

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
SetSecurityDescriptorDacl
AdjustTokenPrivileges
RevertToSelf
GetAclInformation
DeleteAce
EqualPrefixSid
SetSecurityDescriptorOwner
GetAce
CreateWellKnownSid
GetTokenInformation
SetSecurityDescriptorGroup
MakeSelfRelativeSD
AddAccessAllowedAce
CopySid
GetSecurityDescriptorLength
GetLengthSid
InitializeAcl
ImpersonateLoggedOnUser
IsValidSid
AddAce
SetSecurityDescriptorSacl
InitializeSecurityDescriptor

oleaut32

GetErrorInfo
VarUI4FromStr
CreateErrorInfo
SysFreeString
SysStringLen
SetErrorInfo
SysAllocString

api-ms-win-core-libraryloader-l1-2-0

LoadResource
FindResourceExW
GetModuleHandleW
LoadStringW
GetModuleFileNameA
GetModuleHandleExA
GetModuleFileNameW
SizeofResource
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleA
FreeLibrary
GetProcAddress

api-ms-win-core-windowserrorreporting-l1-1-0

WerSetFlags

api-ms-win-core-errorhandling-l1-1-1

AddVectoredExceptionHandler
RemoveVectoredExceptionHandler

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW
LookupAccountNameW
LookupPrivilegeValueW

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
PropVariantCopy
CoTaskMemAlloc
StringFromCLSID
CoUninitialize
PropVariantClear
CLSIDFromProgID
CoCreateInstance
CLSIDFromString
CoInitializeSecurity
CoTaskMemFree
CoDisconnectObject
CoTaskMemRealloc
CoInitializeEx

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegGetValueW
RegQueryInfoKeyW
RegSetValueExW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
ResolveLocaleName
GetSystemDefaultLCID
GetLocaleInfoEx
FormatMessageW
LCMapStringW
LocaleNameToLCID

api-ms-win-core-synch-l1-1-0

ResetEvent
InitializeSRWLock
CreateEventExW
ReleaseSemaphore
CreateEventW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
CreateSemaphoreExW
ReleaseMutex
CreateWaitableTimerExW
SetWaitableTimerEx
DeleteCriticalSection
AcquireSRWLockShared
LeaveCriticalSection
CreateMutexExW
InitializeCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockShared
WaitForSingleObject
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetEvent
TryAcquireSRWLockExclusive
OpenEventW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapSetInformation
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetErrorMode
SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext

api-ms-win-core-handle-l1-1-0

DuplicateHandle
GetHandleInformation
CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
SetPriorityClass
CreateThread
GetCurrentProcessId
TerminateProcess
OpenThreadToken
GetCurrentThread
GetProcessTimes
OpenProcessToken

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription
SetProcessInformation

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
ReadProcessMemory
WriteProcessMemory

api-ms-win-shell-namespace-l1-1-0

SHCreateItemFromIDList
SHParseDisplayName
ILFree

ntdll

RtlGetPersistedStateLocation
RtlNtStatusToDosError
NtCreateSection
RtlAppendUnicodeToString
NtMapViewOfSection
RtlAppendUnicodeStringToString
NtQueryInformationProcess
NtClose
RtlStringFromGUIDEx
NtCreateFile
RtlIsStateSeparationEnabled
NtCreateCrossVmEvent
RtlFreeUnicodeString
RtlQueryPackageClaims
RtlReportException

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy
IsProcessorFeaturePresent
GetThreadTimes

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SearchPathW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

shcore

ord107

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-file-l1-1-0

GetFileSize
UnlockFile
LockFile
DeleteFileW
FlushFileBuffers
GetFileTime
SetEndOfFile
SetFilePointer
WriteFile
CreateFileW
ReadFile

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Sections

.text
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

994f18cb9978574a2203372470f204bc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-base-l1-1-0

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-windowserrorreporting-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processthreads-l1-1-3

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-shell-namespace-l1-1-0

ntdll

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-debug-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

shcore

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-localization-l1-2-2

api-ms-win-core-libraryloader-l1-2-1

Sections

.text Size: 225KB - Virtual size: 225KB

.data Size: 3KB - Virtual size: 5KB

.idata Size: 11KB - Virtual size: 10KB

.didat Size: 512B - Virtual size: 76B

.rsrc Size: 85KB - Virtual size: 84KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 225KB - Virtual size: 225KB

.data
Size: 3KB - Virtual size: 5KB

.idata
Size: 11KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 76B

.rsrc
Size: 85KB - Virtual size: 84KB

.reloc
Size: 11KB - Virtual size: 11KB