xpsrchvw[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

xpsrchvw.exe
Size

4.1MB
MD5

ef98f65ec9fe15054923c042c440f220
SHA1

0402598a0535813379d0b04fa7da323edcf58b01
SHA256

c8b864706ca79a7d7e9f4908cc7634154774dcfe47cf2a8abe9e9d91fa601478
SHA512

3e8dd379fbc4c8e61af83f53c806e4e439febbed82ddc28fee7dd7d293ef61157cd7a878cec7483dddbc8cb90e429e8a91362f52bbe2dfcf381c5348c641c91c
SSDEEP

49152:p9EsPOrHKeUxpt5i744MQFWMDh2uExPmRukwrl9isaXf6MXMTLxaQKnFibRHQiPc:p9Foh8xuNfFlyctaQMw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xpsrchvw.exe

Files

xpsrchvw.exe
.exe windows:10 windows x64 arch:x64

afb9653b443b00eb7329a247ceff95fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

XpsRchVw.pdb

Imports

advapi32

TraceMessage
CryptAcquireContextW
CryptGenKey
CryptReleaseContext
CryptDuplicateKey
CryptContextAddRef
CryptDestroyKey
CryptEncrypt
CryptDecrypt
EventWriteTransfer
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegFlushKey
RegDeleteKeyW
EventUnregister
EventRegister
EventSetInformation
RegGetValueW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegQueryValueExA
RegOpenKeyExA
CryptDestroyHash
CryptSignHashW
CryptCreateHash
RegOpenKeyExW

kernel32

LockResource
GlobalUnlock
GlobalFree
SetEvent
GetExitCodeThread
CreateEventW
GetSystemInfo
CreateThread
ResumeThread
WaitForMultipleObjects
GetCurrentDirectoryW
SetCurrentDirectoryW
GetTickCount
LocalAlloc
LocalFree
GetModuleFileNameW
RaiseFailFastException
GetLongPathNameW
DecodePointer
SizeofResource
FindResourceW
GlobalLock
GlobalAlloc
FlushFileBuffers
FindClose
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
InitOnceComplete
InitOnceBeginInitialize
ReplaceFileW
GetFileAttributesW
SetFileAttributesW
CopyFileW
FindNextFileW
FindFirstFileExW
OpenSemaphoreW
WaitForSingleObject
WaitForSingleObjectEx
ReleaseMutex
LoadResource
EncodePointer
GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeExW
CompareStringW
ReleaseSemaphore
GetCurrentThreadId
FormatMessageW
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
GetFullPathNameW
Sleep
LoadLibraryW
TerminateProcess
GetCurrentProcess
GetLastError
CloseHandle
GetTempFileNameW
CreateFileW
DuplicateHandle
SetFilePointer
ReadFile
WriteFile
CreateFileA
DeleteFileW
DeleteFileA
GetFileSize
LeaveCriticalSection
InitializeCriticalSectionEx
GetLocaleInfoW
GetStartupInfoW
SetUnhandledExceptionFilter
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
OutputDebugStringA
SystemTimeToFileTime
GetFileSizeEx
GetUserDefaultUILanguage
ResetEvent
GetVersionExW
GetFileInformationByHandle
GetUserDefaultLocaleName
FindNLSStringEx
IsValidLocaleName
CompareStringEx
LocaleNameToLCID
GetSystemDirectoryW
GetDateFormatEx
GetLocalTime
InitializeCriticalSectionAndSpinCount
GetTempPathW
SetFilePointerEx
SearchPathW
GetSystemDefaultUILanguage
FindResourceExW
LoadLibraryExW
LoadLibraryExA
VirtualQuery
IsDebuggerPresent
OutputDebugStringW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GetSystemTime
GetTimeFormatW
GetDateFormatW
SystemTimeToTzSpecificLocalTime
CompareStringOrdinal
MulDiv
DebugBreak
SetLastError
CompareFileTime
InitializeCriticalSection
FoldStringW
HeapFree
GetModuleFileNameA
HeapSize
HeapReAlloc
HeapDestroy
EnterCriticalSection
GetUserDefaultLCID
IsProcessorFeaturePresent
GetModuleHandleA
RaiseException
DeleteCriticalSection
WriteProcessMemory
VirtualProtect
LoadLibraryA
FreeLibrary
GetTempFileNameA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileMappingW
GetModuleHandleExW
SetEndOfFile
UnhandledExceptionFilter

gdi32

SetStretchBltMode
StretchBlt
CreateDIBSection
GetCurrentObject
LineTo
MoveToEx
CreatePen
SelectClipRgn
GetRandomRgn
CreateRectRgn
GetWorldTransform
SetWorldTransform
SetGraphicsMode
ExtTextOutW
TextOutW
ExtEscape
RestoreDC
SaveDC
GetTextExtentPoint32W
SetBkMode
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPointW
SelectObject
GetClipBox
DeleteDC
SetBkColor
SetTextColor
CreateICW
CreateFontIndirectW
DeleteObject
GetObjectW
GetDeviceCaps

user32

CreatePopupMenu
GetMenuItemCount
RemoveMenu
CloseClipboard
DrawTextExW
CopyRect
OpenIcon
FlashWindowEx
SetClipboardData
RegisterClipboardFormatW
EmptyClipboard
OpenClipboard
EqualRect
UnionRect
IntersectRect
GetDlgItemInt
SetMenu
GetWindowPlacement
SetCursor
IsZoomed
GetForegroundWindow
SetForegroundWindow
AdjustWindowRect
IsIconic
InsertMenuItemW
OffsetRect
MonitorFromRect
SetWindowPlacement
DeleteMenu
GetShellWindow
DrawFrameControl
DrawTextW
RemovePropW
IsWindowEnabled
PtInRect
GetDlgCtrlID
RedrawWindow
IsRectEmpty
GetCapture
ValidateRect
SetGestureConfig
CloseGestureInfoHandle
GetGestureInfo
SetScrollInfo
GetScrollInfo
ScrollWindowEx
KillTimer
SetTimer
GetUpdateRgn
GetUpdateRect
ClientToScreen
DrawIconEx
GetIconInfo
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
GetDesktopWindow
ScreenToClient
GetCursorPos
CheckMenuRadioItem
InflateRect
SetWindowTextW
SystemParametersInfoW
SetParent
TrackMouseEvent
LoadImageW
IsProcessDPIAware
DestroyIcon
GetPropW
SetPropW
GetSysColorBrush
GetSysColor
IsWindow
MessageBoxW
SetWindowLongW
GetSystemMetrics
GetScrollBarInfo
CheckDlgButton
CallWindowProcW
SendMessageW
MonitorFromWindow
GetMonitorInfoW
GetWindowLongW
GetWindow
GetParent
GetDC
ReleaseDC
IsChild
GetFocus
SetRectEmpty
PostQuitMessage
GetKeyState
DestroyMenu
CallNextHookEx
UnhookWindowsHookEx
CreateWindowExW
SetWindowsHookExW
GetMenuState
GetAncestor
SetWindowLongPtrW
GetWindowLongPtrW
EndPaint
FillRect
BeginPaint
TranslateAcceleratorW
IsDlgButtonChecked
GetWindowTextLengthW
GetWindowTextW
GetDlgItem
SendDlgItemMessageW
MessageBeep
EndDialog
GetDlgItemTextW
SetDlgItemTextW
GetMenu
CheckMenuItem
EnableMenuItem
GetMessageTime
GetMessagePos
SetFocus
DialogBoxParamW
EndDeferWindowPos
SetRect
DeferWindowPos
MapWindowPoints
ReleaseCapture
SetCapture
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
SetMenuItemInfoW
GetWindowRect
IsWindowVisible
BeginDeferWindowPos
GetClientRect
SetWindowPos
InvalidateRect
RegisterClassExW
LoadCursorW
DefWindowProcW
UpdateWindow
LoadMenuW
LoadAcceleratorsW
LoadStringW
ShowWindow
DestroyWindow
PostMessageW
GetSubMenu
TrackPopupMenuEx
EnableWindow
DestroyCursor
LoadIconW

msvcrt

strcmp
sqrtf
sinf
sin
powf
fmodf
floorf
cosf
cos
atanf
atan2f
atan2
acosf
memcpy
_strdup
??1type_info@@UEAA@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
isdigit
isalnum
memcmp
memchr
tolower
islower
_wsetlocale
__crtLCMapStringA
__crtLCMapStringW
_wcsdup
memset
ldexp
realloc
abort
__uncaught_exception
isupper
__pctype_func
_ismbblead
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
_unlock
_lock
_errno
setlocale
memmove
tanh
calloc
_CxxThrowException
malloc
_callnewh
towupper
wcstombs
_isnan
iswxdigit
_finite
atol
swprintf_s
wcsncmp
wcstod
_wcsnicmp
bsearch
towlower
wcsstr
isspace
_beginthreadex
?set_terminate@@YAP6AXXZP6AXXZ@Z
wcsncpy_s
_wtoi
_wcsicmp
iswspace
ldiv
_stricmp
mbstowcs
strcspn
sprintf_s
localeconv
free
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
_wtol
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
__CxxFrameHandler3

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
WinSqmAddToStream

netutils

NetApiBufferFree

wkscli

NetGetJoinInformation

comctl32

HIMAGELIST_QueryInterface
ImageList_Draw
ImageList_LoadImageW
ImageList_ReplaceIcon
InitCommonControlsEx
ord381
ord345
ImageList_DrawEx
ImageList_GetIconSize
ord380
ImageList_Destroy
ImageList_AddMasked
ImageList_Create

dwrite

DWriteCreateFactory

gdiplus

GdipGetWorldTransform
GdipScaleMatrix
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipSetPageUnit
GdipScaleWorldTransform
GdipSetClipRect
GdipIsVisibleRect
GdipDrawRectangle
GdipTranslateMatrix
GdipSetWorldTransform
GdipGetPathWorldBounds
GdipDeleteRegion
GdipCombineRegionRegion
GdipCreateRegionPath
GdipCombineRegionPath
GdipCreateRegion
GdipSetEmpty
GdipMultiplyMatrix
GdipIsVisibleRectI
GdipGetBrushType
GdipGetSolidFillColor
GdipTransformPath
GdipFillPath
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipFillRectangleI
GdipCreateTexture2
GdipScaleTextureTransform
GdipTranslateTextureTransform
GdipTranslateLineTransform
GdipScaleLineTransform
GdipSetClipPath
GdipSetPenTransform
GdipSetPenWidth
GdipSetPenLineJoin
GdipSetPenMiterLimit
GdipSetPenLineCap197819
GdipSetPenDashOffset
GdipSetPenDashArray
GdipIsVisibleClipEmpty
GdipGetPenWidth
GdipSetPenBrushFill
GdipDrawPath
GdipGetPathData
GdipGetPointCount
GdipCreatePath
GdipDeletePath
GdipStartPathFigure
GdipAddPathLine
GdipAddPathBezier
GdipCloneMatrix
GdipGetInterpolationMode
GdipSetInterpolationMode
GdipGetDpiX
GdipGetDpiY
GdipGetVisibleClipBounds
GdipBitmapSetResolution
GdipTranslateWorldTransform
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRect
GdipIsMatrixInvertible
GdipIsMatrixIdentity
GdipIsVisibleRegionPoint
GdipGetRegionBounds
GdipCreateMatrix2
GdipGetImagePixelFormat
GdipSetPixelOffsetMode
GdipDrawImageRectI
GdipSetImageAttributesWrapMode
GdipCreateTextureIA
GdipAddPathRectangle
GdipResetTextureTransform
GdipMultiplyTextureTransform
GdipGetPageUnit
GdipSetTextureTransform
GdipInvertMatrix
GdipCreateLineBrush
GdipSetLineWrapMode
GdipSetLinePresetBlend
GdipMultiplyLineTransform
GdipVectorTransformMatrixPoints
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipRotateMatrix
GdipDrawImageRectRectI
GdipSetPathFillMode
GdipClosePathFigure
GdipSetPathMarker
GdipSetPageScale
GdipResetWorldTransform
GdipDrawRectangleI
GdipSetClipRegion
GdipFillRegion
GdipCreateRegionHrgn
GdipGetClip
GdipTransformRegion
GdipCreateRegionRectI
GdipDrawImageI
GdipFlush
GdipDrawImage
GdipSaveAddImage
GdipSaveAdd
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipRotateWorldTransform
GdipMeasureDriverString
GdipDrawString
GdipCreateBitmapFromFileICM
GdipGetImageRawFormat
GdipGetImageFlags
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipAddPathBeziers
GdipSetMatrixElements
GdipDeleteMatrix
GdipCreateMatrix
GdipGetMatrixElements
GdipRestoreGraphics
GdipTransformPoints
GdipMultiplyWorldTransform
GdipSaveGraphics
GdipDeletePen
GdipCreatePen1
GdipTransformMatrixPoints
GdiplusShutdown
GdiplusStartup
GdipReleaseDC
GdipGetDC
GdipDrawImageRect
GdipGraphicsClear
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromStream
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromHBITMAP
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipGetPageScale
GdipFillRectangle
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipSetStringFormatLineAlign
GdipSetStringFormatFlags
GdipMeasureString
GdipCloneBrush
GdipDeleteBrush
GdipGetTextureTransform
GdipCreateSolidFill

ole32

CLSIDFromString
CoTaskMemAlloc
CoCreateInstance
StgIsStorageFile
CreateStreamOnHGlobal
ReleaseStgMedium
CoInitialize
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
StgOpenStorageOnILockBytes
StgCreateStorageEx
IIDFromString
StringFromGUID2
CoCreateGuid
StgOpenStorageEx
CoInitializeEx
CoUninitialize

shell32

DragAcceptFiles
DragQueryFileW
ShellAboutW
SHAppBarMessage
SHCreateItemFromParsingName
SHParseDisplayName
ShellExecuteW
ShellExecuteExW

winmm

timeGetTime

cryptxml

CryptXmlEnumAlgorithmInfo

ncrypt

NCryptSignHash

xpspushlayer

ord5

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 645KB - Virtual size: 645KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afb9653b443b00eb7329a247ceff95fb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

netutils

wkscli

comctl32

dwrite

gdiplus

ole32

shell32

winmm

cryptxml

ncrypt

xpspushlayer

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 645KB - Virtual size: 645KB

.data Size: 10KB - Virtual size: 31KB

.pdata Size: 91KB - Virtual size: 90KB

.didat Size: 1KB - Virtual size: 1KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 645KB - Virtual size: 645KB

.data
Size: 10KB - Virtual size: 31KB

.pdata
Size: 91KB - Virtual size: 90KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 11KB - Virtual size: 11KB