proext[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

proext.exe
Size

4.6MB
MD5

0f770bd0aac212c09ceddcf9c4231f22
SHA1

cd0276006e2229c1d9d4551cda4e776566a2500a
SHA256

abcf74588cd40e509ffaec80353c8f6dbcd06ff4b7dc80cfe81f319419855267
SHA512

dabcc39d97a4fb866e29462e390b3d145b5749b1eb840590557e38a86a676188a8c9be905d714ef2104da624cd32c5c1401d4bf49ef790be6b74f3b25a2eb81f
SSDEEP

49152:1ewWMAskCJzG+tPwqWu/H2y6Tr6BPfnc0mZvve8m9MtAQuoV93tbepshLwkqvncJ:ZA0JzVth/H2XTr6BHcW9MOQky/+r5F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
proext.exe

Files

proext.exe
.exe windows:6 windows x64 arch:x64

ba094365ca22f21a8811b1c83ebc14f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\user\Desktop\ProExt-main\target\release\deps\proext.pdb

Imports

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

kernel32

FreeLibrary
GetProcAddress
LoadLibraryExA
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
LoadLibraryW
RtlVirtualUnwind
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameW
SetThreadErrorMode
CreateFileW
WriteFile
ReadFile
GetOverlappedResult
WaitForSingleObject
CreateNamedPipeW
CreateEventW
CancelIoEx
AcquireSRWLockShared
ReleaseSRWLockShared
SetNamedPipeHandleState
WaitNamedPipeW
TryAcquireSRWLockExclusive
Module32NextW
VirtualQueryEx
ReadProcessMemory
OpenProcess
Process32NextW
CreateToolhelp32Snapshot
GetCurrentThreadId
InitializeSListHead
LoadLibraryA
IsDebuggerPresent
FormatMessageW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateMutexA
WaitForSingleObjectEx
GetSystemTimeAsFileTime
GetCurrentThread
CreateThread
WriteConsoleW
MultiByteToWideChar
UpdateProcThreadAttribute
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
GetLastError
Sleep
GetModuleHandleA
InitializeProcThreadAttributeList
GetFileAttributesW
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetCurrentProcess
CreateProcessW
SetFileInformationByHandle
DuplicateHandle
SetFilePointerEx
GetWindowsDirectoryW
GetSystemDirectoryW
ReadFileEx
GetFullPathNameW
ExitProcess
GetConsoleMode
GetStdHandle
GetCurrentProcessId
SetHandleInformation
WriteFileEx
SleepEx
GetExitCodeProcess
TerminateProcess
QueryPerformanceFrequency
HeapReAlloc
ReleaseMutex
FindNextFileW
FindClose
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
IsProcessorFeaturePresent

user32

SetWindowPlacement
InvalidateRgn
GetDC
FindWindowW
DestroyIcon
GetSystemMetrics
GetRawInputData
SystemParametersInfoA
GetClientRect
IsWindow
SetClassLongPtrW
ClientToScreen
RegisterTouchWindow
SetWindowPos
GetWindowPlacement
CreateWindowExW
GetWindowRect
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
IsProcessDPIAware
ShowCursor
ClipCursor
GetClipCursor
GetActiveWindow
AdjustWindowRectEx
GetMenu
GetWindowLongW
ShowWindow
SetWindowLongW
SendMessageW
ReleaseCapture
SetCapture
PeekMessageW
MsgWaitForMultipleObjectsEx
SetWindowDisplayAffinity
RegisterRawInputDevices
ChangeDisplaySettingsExW
SendInput
DefWindowProcW
RedrawWindow
GetClassInfoExW
GetClassNameW
SetWindowLongPtrW
GetWindowLongPtrW
PostThreadMessageW
CallNextHookEx
SetWindowsHookExW
MapVirtualKeyW
GetKeyState
DispatchMessageW
TranslateMessage
GetMessageW
MapVirtualKeyA
PostMessageW
DestroyWindow
GetForegroundWindow
SetForegroundWindow
SetCursorPos
MessageBoxW
GetMonitorInfoW
MonitorFromWindow
MonitorFromRect
CloseTouchInputHandle
GetTouchInputInfo
TrackMouseEvent
SetCursor
LoadCursorW
ScreenToClient
RegisterWindowMessageA
GetUpdateRect
ValidateRect
GetCursorPos
RegisterClassExW

opengl32

wglGetProcAddress
wglCreateContext
wglDeleteContext
wglShareLists
wglGetCurrentDC
wglMakeCurrent
wglGetCurrentContext

gdi32

GetDeviceCaps
DescribePixelFormat
SetPixelFormat
CreateRectRgn
SwapBuffers
DeleteObject
ChoosePixelFormat
GetPixelFormat

ole32

CoUninitialize
CoInitializeEx
OleInitialize
CoTaskMemFree
RevokeDragDrop
RegisterDragDrop
CoCreateInstance

dwmapi

DwmEnableBlurBehindWindow

ws2_32

getaddrinfo
closesocket
accept
WSASocketW
getsockname
listen
bind
WSAStartup
WSACleanup
freeaddrinfo
WSAGetLastError
setsockopt
getsockopt
recv
WSARecv
select
connect
WSASend
send
WSADuplicateSocketW
getpeername
ioctlsocket

shell32

DragQueryFileW
DragFinish
SHGetKnownFolderPath

oleaut32

SysFreeString
GetErrorInfo
SysStringLen

winmm

timeGetDevCaps
timeBeginPeriod
timeEndPeriod

uxtheme

SetWindowTheme

imm32

ImmAssociateContextEx
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext

ntdll

RtlNtStatusToDosError
NtWriteFile
NtReadFile

vcruntime140

memmove
_CxxThrowException
__C_specific_handler
strstr
memcmp
memchr
__current_exception_context
memcpy
__CxxFrameHandler3
memset
__current_exception

api-ms-win-crt-string-l1-1-0

strcmp
strncpy
strncmp
strlen

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow
tanf
atanf
logf
sqrtf
log
fmodf
round
trunc
cosf
sinf
powf
truncf
floorf
ceilf
floor
atan2f
acosf

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initialize_narrow_environment
_configure_narrow_argv
exit
_exit
_wassert
__p___argc
__p___argv
_cexit
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_initterm
_c_exit
_get_initial_narrow_environment

api-ms-win-crt-stdio-l1-1-0

fflush
_set_fmode
__p__commode
fclose
__acrt_iob_func
__stdio_common_vsscanf
__stdio_common_vsprintf
__stdio_common_vfprintf
fwrite
ftell
fopen
fseek
fread

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
free

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba094365ca22f21a8811b1c83ebc14f7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcrypt

advapi32

kernel32

user32

opengl32

gdi32

ole32

dwmapi

ws2_32

shell32

oleaut32

winmm

uxtheme

imm32

ntdll

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 3KB - Virtual size: 57KB

.pdata Size: 115KB - Virtual size: 115KB

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 3KB - Virtual size: 57KB

.pdata
Size: 115KB - Virtual size: 115KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 14KB - Virtual size: 13KB