E-XPLORER[.]EXE

Sharing

Copy URL Twitter E-mail

General

Target

E-XPLORER.EXE
Size

4.7MB
MD5

215220ed492ed274f41129d33a2df72d
SHA1

c3a69e8e335a0a2cc25a6b315537dca1c89109fa
SHA256

47d797e099057695e2a69377bba57f3a9eb40d26e4152448628626f9a3493d14
SHA512

1915bc4fbd137143027ac5c156ffb58ad2f9a1a59f9c2e44f4c7ffe6313114db33b9cb91504f5b79865e9daf68ad014999796a5f9ffe5191aa31727f4ae3d07f
SSDEEP

98304:DmOslvNIcnCyAr4xQVInLomA15gyWiJSFMO6w8a0cD5mVI:DmOslvNICCyAr4xQVo8mA3BWiJSF6wFd

Score

1^/10

Malware Config

Signatures

Files

E-XPLORER.EXE
.exe windows:10 windows x86 arch:x86

80a97730ff04f5da4c3bddd67af25605

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e5:e7:d3:99:71:47:c3:c1:55:c0:6b:25:cb:be:cc:af:ab:ef:16:03:73:84:80:cb:09:f9:01:20:ea:3c:3a:2b
Signer

Actual PE Digest

e5:e7:d3:99:71:47:c3:c1:55:c0:6b:25:cb:be:cc:af:ab:ef:16:03:73:84:80:cb:09:f9:01:20:ea:3c:3a:2b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

explorer.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
_Thrd_detach
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG0@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?tolower@?$ctype@G@std@@QBEPBGPAGPBG@Z
?_Xbad_alloc@std@@YAXXZ
?tolower@?$ctype@G@std@@QBEGG@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
_Wcscoll
_Wcsxfrm
?_Xout_of_range@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
??0_Lockit@std@@QAE@H@Z
??0_Locinfo@std@@QAE@PBD@Z
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??1_Lockit@std@@QAE@XZ
??1_Locinfo@std@@QAE@XZ
?is@?$ctype@G@std@@QBE_NFG@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Incref@facet@locale@std@@UAEXXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?width@ios_base@std@@QAE_J_J@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
_Mtx_init_in_situ
_Xtime_get_ticks
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?id@?$collate@G@std@@2V0locale@2@A

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_initterm
_register_thread_local_exe_atexit_callback
_set_error_mode

api-ms-win-crt-string-l1-1-0

_wcsrev
strncmp
wcsncmp
memset
wcscspn
wcsncpy

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-crt-private-l1-1-0

_o_exit
_o_floor
_o_free
_o_iswalnum
_o_iswspace
_o_memcpy_s
_o_realloc
_o_roundf
_o_terminate
_o_toupper
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
_o_wcstoll
_except_handler4_common
_o__wcsnicmp
_o__wcsicmp
memmove
_o__set_new_mode
_o__set_fmode
_o__set_errno
_o__set_app_type
_o__seh_filter_exe
_o__register_onexit_function
_o__recalloc
_o__purecall
_o__mktime32
_o_ceil
_o__wtoi
_o__localtime32
_o__itow_s
_o_bsearch
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
_o__get_errno
_o__exit
_o__errno
_o__difftime32
_o__crt_atexit
_o__controlfp_s
_o__configure_wide_argv
_o__configthreadlocale
_o__CIsqrt
_o__CIpow
_o__cexit
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
wcsstr
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy
_o_malloc

aepic

PicRetrieveFileInfo
PicFreeFileInfo

twinapi

ord9

api-ms-win-core-job-l2-1-0

CreateJobObjectW
SetInformationJobObject
AssignProcessToJobObject
QueryInformationJobObject

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-core-url-l1-1-0

HashData
PathIsURLW
UrlUnescapeW

api-ms-win-core-kernel32-private-l1-1-0

CheckElevation
CheckElevationEnabled

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetUSValueW
SHRegGetBoolUSValueW

api-ms-win-core-com-private-l1-1-0

CoRegisterMessageFilter

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx

ntdll

RtlInitString
wcsspn
RtlQueryResourcePolicy
NtOpenThreadToken
RtlGetVersion
ZwQuerySystemInformation
RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
ZwOpenFile
ZwEnumerateKey
RtlInitUnicodeStringEx
RtlFormatCurrentUserKeyPath
ZwCreateFile
ZwQueryInformationFile
ZwCreateSection
ZwQueryInformationProcess
ZwSetInformationProcess
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
NtClose
NtQueryInformationToken
NtOpenProcessToken
RtlCompareUnicodeString
RtlFreeHeap
RtlAllocateHeap
wcschr
ZwQueryDirectoryFile
wcsrchr
strchr
RtlPublishWnfStateData
NtSetSystemInformation
RtlFlushHeaps
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlInitUnicodeString
RtlQueryWnfStateData
RtlNtStatusToDosError
RtlGetDeviceFamilyInfoEnum
NtSetInformationProcess
ZwQueryValueKey
NtQueryInformationProcess
ZwOpenKey
ZwClose
RtlReAllocateHeap
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlRunOnceExecuteOnce
RtlCopyUnicodeString
RtlUpcaseUnicodeString
RtlIsStateSeparationEnabled
RtlDosPathNameToNtPathName_U_WithStatus
RtlNtStatusToDosErrorNoTeb
RtlFreeUnicodeString
NtSetThreadExecutionState
VerSetConditionMask
WinSqmSetDWORD
WinSqmIsOptedIn
WinSqmAddToStreamEx

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadStringW
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
GetProcAddress
GetModuleHandleW
FindResourceExW
SizeofResource
LoadLibraryExW
LoadResource
GetModuleHandleExW
LockResource
FindStringOrdinal

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockExclusive
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
ResetEvent
OpenMutexW
CreateMutexW
LeaveCriticalSection
TryEnterCriticalSection
TryAcquireSRWLockExclusive
ReleaseSemaphore
AcquireSRWLockShared
EnterCriticalSection
CreateMutexExW
OpenEventW
ReleaseSRWLockShared
CreateEventExW
OpenSemaphoreW
SetEvent
CreateEventW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
WaitForSingleObjectEx
SleepEx
WaitForMultipleObjectsEx
InitializeSRWLock
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSetInformation
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetErrorMode
SetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

FindFirstFileW
GetFileAttributesW
FindNextFileW
FindClose
CompareFileTime
DeleteFileW
CreateFileW
WriteFile
GetLongPathNameW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventWrite
EventSetInformation
EventRegister
EventEnabled
EventUnregister
EventProviderEnabled

api-ms-win-core-registry-l1-1-0

RegGetKeySecurity
RegQueryInfoKeyW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumValueW
RegDeleteValueW
RegGetValueW
RegSetKeySecurity
RegOpenCurrentUser
RegOpenKeyExW
RegDeleteTreeW
RegDeleteKeyExW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
CloseThreadpoolWait
SetThreadpoolTimer
CloseThreadpoolTimer
SubmitThreadpoolWork
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
TrySubmitThreadpoolCallback
CreateThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
OpenThreadToken
GetStartupInfoW
GetProcessId
GetCurrentThread
ResumeThread
GetPriorityClass
ExitProcess
SetThreadPriority
SetPriorityClass
GetCurrentThreadId
ProcessIdToSessionId
OpenThread
CreateProcessW
CreateThread
SetProcessShutdownParameters
QueueUserAPC
GetCurrentProcess
GetCurrentProcessId
SetThreadPriorityBoost
TerminateProcess
GetThreadPriority
GetExitCodeProcess

api-ms-win-core-localization-l1-2-0

GetUserDefaultLangID
GetLocaleInfoEx
GetCalendarInfoW
FormatMessageW
GetLocaleInfoW
GetGeoInfoW
GetUserDefaultLocaleName
GetThreadUILanguage

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

oleaut32

SysAllocString
VarUI4FromStr
SysStringLen
SafeArrayAccessData
SafeArrayCreate
SysFreeString
SysAllocStringByteLen
SafeArrayUnaccessData
VariantClear
SafeArrayDestroy
VariantInit

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-shcore-sysinfo-l1-1-0

SetCurrentProcessExplicitAppUserModelID
IsOS

api-ms-win-core-com-l1-1-0

PropVariantClear
CoUninitialize
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoTaskMemRealloc
CoCancelCall
CoDisableCallCancellation
IIDFromString
CoGetStdMarshalEx
CoEnableCallCancellation
CoGetMalloc
CoTaskMemAlloc
CoRevokeClassObject
CoRegisterClassObject
CLSIDFromString
CoIncrementMTAUsage
CoCreateFreeThreadedMarshaler
CoGetObjectContext
CoInitializeEx
CoWaitForMultipleHandles
CoCreateGuid
CoCreateInstance
CoTaskMemFree
StringFromIID
CoSetProxyBlanket
CoFreeUnusedLibraries
CoGetApartmentType
CoInitializeSecurity
CoGetCallContext
StringFromGUID2
CreateStreamOnHGlobal

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpW
StrCmpNIW
StrChrIW
StrChrW
StrCmpIW
StrToIntW
StrCmpICA
StrStrIW
StrCmpNICW
StrCmpICW
StrRChrW
QISearch

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW
CommandLineToArgvW

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_GetSite
IUnknown_Set
IUnknown_SetSite
IUnknown_QueryService

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalReAlloc
GlobalAlloc
LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy
OpenProcess

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetLogicalProcessorInformation
GetTickCount64
GetWindowsDirectoryW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW
GetSystemTime
GetLocalTime

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
SearchPathW
GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW
PathFileExistsW
PathQuoteSpacesW
PathCombineW
PathIsFileSpecW
PathRemoveFileSpecW
PathRemoveBlanksW
PathFindFileNameW
PathGetArgsW
PathCommonPrefixW
PathParseIconLocationW
SHExpandEnvironmentStringsW
PathGetDriveNumberW

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsCompareStringOrdinal
WindowsPreallocateStringBuffer
WindowsPromoteStringBuffer
WindowsDeleteStringBuffer
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsGetStringLen
WindowsCreateStringReference
WindowsCreateString
WindowsSubstringWithSpecifiedLength

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize
RoUninitialize
RoGetActivationFactory

api-ms-win-shcore-registry-l1-1-0

SHRegGetValueW
SHSetValueW
SHDeleteKeyW
SHDeleteValueW
SHGetValueW
SHEnumKeyExW
SHQueryInfoKeyW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef
SHSetThreadRef
SHCreateThread
SHCreateThreadRef
SetProcessReference

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiW

api-ms-win-security-base-l1-1-0

IsValidSid
GetLengthSid
CopySid
GetTokenInformation
SetKernelObjectSecurity
EqualSid
GetAclInformation
GetAce
DeleteAce
CreateWellKnownSid
CheckTokenMembership
MakeAbsoluteSD
DuplicateToken
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
InitializeAcl
AddAce

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-errorhandling-l1-1-1

RemoveVectoredExceptionHandler

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError
RoFailFastWithErrorContext
SetRestrictedErrorInfo
GetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoOriginateLanguageException

api-ms-win-core-path-l1-1-0

PathCchAddExtension
PathCchAppend
PathCchRemoveFileSpec
PathCchCombine
PathAllocCombine

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription
SetProcessInformation

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
CreateFileMappingW
VirtualAlloc
MapViewOfFile
VirtualFree
VirtualProtect
UnmapViewOfFile

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileEx
IStream_Read
SHOpenRegStream2W
IStream_Write
SHCreateMemStream
IStream_Reset
SHCreateStreamOnFileW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
ChangeTimerQueueTimer
CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
GetOsSafeBootMode

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

userenv

DeriveAppContainerSidFromAppContainerName
GetProfileType

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDynamicTimeZoneInformation
GetTimeZoneInformation
SystemTimeToFileTime

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
RegisterWaitForSingleObject
GetSystemPowerStatus

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW
QueryServiceConfigW

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-shcore-registry-l1-1-1

SHRegGetValueFromHKCUHKLM

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
ord244

iphlpapi

GetNetworkConnectivityHint

api-ms-win-core-toolhelp-l1-1-0

Process32NextW
CreateToolhelp32Snapshot
Process32FirstW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-stringansi-l1-1-0

CharNextA

api-ms-win-power-base-l1-1-0

GetPwrCapabilities
CallNtPowerInformation
PowerDeterminePlatformRoleEx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord292
IUnknown_GetWindow
ord279
SHPinDllOfCLSID
ShellMessageBoxW
ord481
StrRetToStrW
ord544
ord165
ord479
AssocQueryStringW
PathRemoveArgsW
StrRetToBufW
ord478
ord635
ord509
SHIsChildOrSelf
ord197
SHCreateWorkerWindowW

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
SystemParametersInfoW
QueryDisplayConfig
GetDisplayConfigBufferSizes
GetMonitorInfoW
EnumDisplayDevicesW
EnumDisplayMonitors

api-ms-win-ntuser-rectangle-l1-1-0

UnionRect
InflateRect
SetRect
IntersectRect
OffsetRect
SubtractRect
EqualRect
PtInRect
IsRectEmpty
CopyRect
SetRectEmpty

api-ms-win-rtcore-ntuser-winevent-l1-1-0

UnhookWinEvent
NotifyWinEvent
SetWinEventHook

api-ms-win-shell-namespace-l1-1-0

SHBindToParent
SHBindToFolderIDListParent
ILFindLastID
ILIsParent
ILFree
SHGetIDListFromObject
SHGetNameFromIDList
SHParseDisplayName
SHCreateItemFromIDList
SHBindToObject
ILIsEqual
ILRemoveLastID
ILCombine
ILCloneFirst
SHCreateItemFromParsingName
ILGetSize
ILClone

dxgi

DXGIDeclareAdapterRemovalSupport

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

GetPointerType
EnableMouseInPointer
GetPointerInfo
GetPointerDevices
GetCurrentInputMessageSource

api-ms-win-storage-exports-internal-l1-1-0

SHGetFolderPathEx
SHGetKnownFolderIDList
SetThreadFlags
GetThreadFlags

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects

api-ms-win-appmodel-runtime-l1-1-0

GetPackagesByPackageFamily
GetPackageFullName

api-ms-win-rtcore-ntuser-wmpointer-l1-1-2

SetWindowFeedbackSetting

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

RegisterClipboardFormatW

api-ms-win-rtcore-ntuser-private-l1-1-0

GetWindowBand
CreateWindowInBand

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

RegisterPowerSettingNotification
UnregisterPowerSettingNotification

propsys

PSCreateMemoryPropertyStore
PropVariantToBoolean
PSPropertyBag_WriteStr
InitVariantFromGUIDAsString
PropVariantToUInt32
PSPropertyBag_WriteDWORD
PropVariantToStringAlloc
InitVariantFromResource
PSGetPropertyFromPropertyStorage

coremessaging

CreateDispatcherQueueController

urlmon

URLOpenBlockingStreamW

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

api-ms-win-shell-dataobject-l1-1-0

SHCreateDataObject

api-ms-win-appmodel-runtime-l1-1-1

FindPackagesByPackageFamily
ParseApplicationUserModelId

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

gdi32

CreateRectRgn
SetRectRgn
OffsetRgn
GetDeviceCaps
GetOutlineTextMetricsW
CombineRgn
DeleteObject
GetObjectW
DeleteDC
CreateCompatibleDC
SelectObject
GetClipBox
CreateFontIndirectW
SetTextColor
SetTextAlign
GetTextMetricsW
ExtTextOutW
GetStockObject
GetTextExtentPoint32W
CreateRectRgnIndirect
GetGlyphOutlineW
GetClipRgn
SelectClipRgn
GetCurrentObject
StretchBlt
ExcludeClipRect
SetStretchBltMode
Rectangle

kernel32

IsBadWritePtr
SetProcessDEPPolicy

rpcrt4

NdrClientCall2
UuidFromStringW
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW
RpcStringFreeW

wininet

InternetCrackUrlW

shcore

ord123
ord190
ord109
ord187
ord186
ord184
ord200
ord142
ord162
SHUnicodeToAnsi
ord1
ord174
ord192
ord183
ord121
ord126

shell32

ord723
ord885
ord95
ord850
SHGetPathFromIDListW
ord743
ord907
ord43
Shell_GetCachedImageIndexW
ord790
ord792
ord727
ord162
SHAppBarMessage
ord894
ord193
ord906
ord895
SHGetLocalizedName
SHGetPropertyStoreForWindow
ord764
ord866
SHEvaluateSystemCommandTemplate
ord181
ord244
ExtractIconExW
ShellExecuteW
ord132
ord137
Shell_NotifyIconW
ord680
ord6
SHGetStockIconInfo
DuplicateIcon
ord91
ord254
ord54
SHEnableServiceObject
ord61
ord896
SHAddToRecentDocs
ord60
SHUpdateRecycleBinIcon
ord2
ord711
SHFileOperationW
ord4
ord22
ord645
ord644
ord753
ord733
SHChangeNotifyRegisterThread
DragQueryFileW
ord67
SHCreateItemInKnownFolder
ord206
ord201
ord188
ord899
ShellExecuteExW
ord245
ord200
ord89
ord190
ord85
ord100
Shell_NotifyIconGetRect
ord134
ord172

shlwapi

PathIsRelativeW
ord164
PathIsDirectoryW
ord413
ord548
ord163
ord467
AssocQueryKeyW
ChrCmpIW
AssocCreate

uxtheme

ord86
DrawThemeBackground
DrawThemeParentBackground
CloseThemeData
BufferedPaintInit
BeginBufferedPaint
EndBufferedPaint
BufferedPaintUnInit
GetWindowTheme
GetThemeFont
GetThemeMetric
GetThemeColor
GetThemeInt
GetBufferedPaintBits
IsThemeActive
DrawThemeTextEx
GetThemePartSize
ord126
BufferedPaintSetAlpha
IsCompositionActive
ord138
SetWindowTheme
IsAppThemed
GetThemeMargins
OpenThemeDataForDpi
OpenThemeData
GetThemeBool
GetThemeBackgroundExtent

dwmapi

DwmQueryThumbnailSourceSize
ord138
ord139
DwmGetWindowAttribute
ord140
ord159
ord124
DwmUpdateThumbnailProperties
DwmUnregisterThumbnail
DwmIsCompositionEnabled
DwmEnableBlurBehindWindow
DwmSetWindowAttribute
ord141
DwmRegisterThumbnail
ord114
ord113

user32

BringWindowToTop
ord2573
EndTask
IsTopLevelWindow
GetMenuState
SetScrollInfo
GetScrollInfo
SetScrollPos
GetMenuStringW
InternalGetWindowText
GetLayeredWindowAttributes
SetLayeredWindowAttributes
DrawTextExW
IsProcessDPIAware
SetThreadDpiAwarenessContext
CascadeWindows
HungWindowFromGhostWindow
LoadIconW
GetKeyState
GetCursorInfo
InsertMenuW
UnregisterClassA
InjectKeyboardInput
GetCaretBlinkTime
GetSysColor
CopyImage
DestroyIcon
DrawIconEx
GetSystemMetricsForDpi
ord2005
TrackMouseEvent
SetCapture
GetCapture
ReleaseCapture
GetDoubleClickTime
CalculatePopupWindowPosition
CopyIcon
PostThreadMessageW
GetIconInfo
GetIconInfoExW
GhostWindowFromHungWindow
GetSysColorBrush
GetPhysicalCursorPos
ShowWindowAsync
GetLastInputInfo
AdjustWindowRect
GetDpiForWindow
SetWindowCompositionAttribute
SetGestureConfig
LoadImageW
ModifyMenuW
GetAsyncKeyState
ReplyMessage
MonitorFromPoint
GetWindowCompositionAttribute
GetWindowProcessHandle
UpdateLayeredWindow
CheckMenuItem
GetMenuItemInfoW
ord2521
GetMenuItemCount
UnregisterClassW
ord2522
GetMenuInfo
SetMenuInfo
GetDpiForSystem
GetWindowDpiAwarenessContext
AreDpiAwarenessContextsEqual
CreateIconIndirect
GetSubMenu
CharLowerW
IsCharAlphaNumericW
EnableMenuItem
LoadMenuW
DrawTextW
FillRect
ExitWindowsEx
EndDialog
SendDlgItemMessageW
RegisterHotKey
GetClassLongW
UnregisterHotKey
GetLastActivePopup
RemoveMenu
SwitchToThisWindow
GetClassWord
TileWindows
MapVirtualKeyExW
LockWorkStation
GetSystemMenu
InjectMouseInput
ord2574
IsHungAppWindow
AdjustWindowRectEx
GetDC
ReleaseDC
MonitorFromWindow
IsIconic
CreatePopupMenu
GetMenuDefaultItem
DestroyMenu
LoadCursorW
SetMenuDefaultItem
SetCursor
TrackPopupMenuEx
SetMenuItemInfoW
DefWindowProcA
IsWindowUnicode
LoadAcceleratorsW
ChangeWindowMessageFilterEx
TranslateAcceleratorW
ord2611
MonitorFromRect
DeleteMenu
GetGuiResources

sspicli

GetUserNameExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-1

PowerSetRequest
VerifyVersionInfoW
PowerCreateRequest

api-ms-win-security-isolatedcontainer-l1-1-1

IsProcessInWDAGContainer

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-kernel32-legacy-l1-1-2

SetTermsrvAppInstallMode

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-eventing-controller-l1-1-0

StartTraceW
EnableTraceEx2
StopTraceW

api-ms-win-appmodel-runtime-l1-1-3

GetStagedPackagePathByFullName2

api-ms-win-core-biptcltapi-l1-1-7

BiPtEnumerateWorkItemsForPackageName
BiPtAssociateApplicationEntryPoint
BiPtQueryWorkItem
BiPtFreeMemory

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80a97730ff04f5da4c3bddd67af25605

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

e5:e7:d3:99:71:47:c3:c1:55:c0:6b:25:cb:be:cc:af:ab:ef:16:03:73:84:80:cb:09:f9:01:20:ea:3c:3a:2bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-private-l1-1-0

aepic

twinapi

api-ms-win-core-job-l2-1-0

api-ms-win-core-windowserrorreporting-l1-1-3

api-ms-win-core-url-l1-1-0

api-ms-win-core-kernel32-private-l1-1-0

api-ms-win-core-registryuserspecific-l1-1-0

api-ms-win-core-com-private-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-shcore-sysinfo-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-l2-1-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-registry-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-shcore-unicodeansi-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-processthreads-l1-1-3

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

e5:e7:d3:99:71:47:c3:c1:55:c0:6b:25:cb:be:cc:af:ab:ef:16:03:73:84:80:cb:09:f9:01:20:ea:3c:3a:2b
Signer