explorer[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

explorer.exe
Size

4.6MB
MD5

004695c197499eba4679ed11075157c8
SHA1

b1ea12aa727461c0a8262ccc28a38ed1c2165203
SHA256

17eddbedb74401fc26864771e301353d92dec32a6b7ecb90507b96148e8f61e8
SHA512

8e5dd0c6426acb2a5d9f97ec10c2799a272dd35269aa143bc013c6c474e24474012c863faaf4e811e2701ed74e8d90619e823db236c8d8acc8611fa1fcf5c619
SSDEEP

98304:oOLONJafu9scLTSnmrO2d5sVLRud+oIP+03Co2wdUOnFixxbEZNCRlzb+0Y9mVLJ:oOLONJafu9scLTSnmC2d5sVLYDIP+03g

Score

1^/10

Malware Config

Signatures

Files

explorer.exe
.exe windows:10 windows x86 arch:x86

5f48d47e6ff7a0ff6d9fd349fcfe3333

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:b0:01:be:a6:3b:f6:4e:aa:a2:60:4a:c7:3e:d8:f5:1b:c5:5e:0e:29:c0:e1:fb:bd:da:db:40:1c:cc:fb:1a
Signer

Actual PE Digest

55:b0:01:be:a6:3b:f6:4e:aa:a2:60:4a:c7:3e:d8:f5:1b:c5:5e:0e:29:c0:e1:fb:bd:da:db:40:1c:cc:fb:1a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

explorer.pdb

Imports

msvcp_win

?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
_Cnd_wait
?_Xinvalid_argument@std@@YAXPBD@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?tolower@?$ctype@G@std@@QBEPBGPAGPBG@Z
?tolower@?$ctype@G@std@@QBEGG@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
_Wcscoll
_Wcsxfrm
?id@?$collate@G@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
??0_Lockit@std@@QAE@H@Z
??0_Locinfo@std@@QAE@PBD@Z
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??1_Lockit@std@@QAE@XZ
??1_Locinfo@std@@QAE@XZ
?is@?$ctype@G@std@@QBE_NFG@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Incref@facet@locale@std@@UAEXXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?width@ios_base@std@@QAE_J_J@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
_Thrd_yield
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
_Mtx_unlock
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
_Thrd_detach
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_lock
_Thrd_join
_Thrd_id
?_Xlength_error@std@@YAXPBD@Z
_Cnd_do_broadcast_at_thread_exit
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_set_error_mode

api-ms-win-crt-string-l1-1-0

wcsncmp
strncmp
wcscspn
memset

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-crt-private-l1-1-0

_o_ceil
_o_exit
_o_floor
_o_free
_o_iswspace
_o_lround
_o_lroundf
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
_o_wcstoll
__current_exception
__current_exception_context
_except_handler4_common
_o__wtoi
_o__wcsnicmp
_o__wcslwr_s
_o__wcsicmp
memmove
_o__set_new_mode
_o__set_fmode
_o__set_errno
_o__set_app_type
_o_abort
_o__seh_filter_exe
_o__register_onexit_function
_o__recalloc
_o__purecall
_o__mktime32
_o__ltow_s
_o__localtime32
_o__itow_s
_o__itoa_s
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
_o__get_errno
_o__exit
_o__errno
_o__difftime32
_o__crt_atexit
_o__controlfp_s
_o__configure_wide_argv
_o__configthreadlocale
_o__CIsqrt
_o__CIpow
_o__CIfmod
_o__cexit
_o__beginthreadex
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
wcsrchr
wcsstr
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

aepic

PicFreeFileInfo
PicRetrieveFileInfo

twinapi

ord9

api-ms-win-core-job-l2-1-0

OpenJobObjectW
CreateJobObjectW
QueryInformationJobObject
AssignProcessToJobObject
SetInformationJobObject

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-core-url-l1-1-0

HashData
PathIsURLW
UrlUnescapeW

api-ms-win-core-windowserrorreporting-l1-1-1

WerUnregisterCustomMetadata
WerRegisterCustomMetadata

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled
CheckElevation

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetUSValueW
SHRegGetBoolUSValueW

api-ms-win-core-com-private-l1-1-0

CoRegisterMessageFilter
CoRegisterInitializeSpy
CoRevokeInitializeSpy

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
ReleaseActCtx
DeactivateActCtx
ActivateActCtx

ntdll

WinSqmAddToStream
RtlGetVersion
ZwQuerySystemInformation
ZwQueryValueKey
ZwOpenKey
ZwClose
RtlReAllocateHeap
ZwEnumerateValueKey
ZwCreateFile
NtQueryInformationFile
RtlAppendUnicodeToString
RtlAnsiStringToUnicodeString
RtlImageDirectoryEntryToData
ZwUnmapViewOfSection
RtlNtPathNameToDosPathName
RtlUpcaseUnicodeChar
ZwCreateSection
RtlxAnsiStringToUnicodeSize
ZwQueryInformationProcess
RtlpEnsureBufferSize
RtlGetNativeSystemInformation
RtlVerifyVersionInfo
ZwQueryDirectoryFile
ZwSetInformationProcess
RtlInitUnicodeStringEx
ZwMapViewOfSection
RtlFormatCurrentUserKeyPath
ZwEnumerateKey
RtlInitString
ZwOpenFile
ZwQueryInformationFile
LdrResSearchResource
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
NtQueryInformationProcess
WinSqmIsOptedIn
NtQueryWnfStateData
RtlInitUnicodeString
NtOpenFile
NtDeviceIoControlFile
NtClose
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlFlushHeaps
NtSetSystemInformation
RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlNtStatusToDosError
strchr
memmove_s
RtlAppendUnicodeStringToString
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
wcschr
RtlAllocateHeap
RtlFreeHeap
RtlCompareUnicodeString
NtOpenProcessToken
NtQueryInformationToken
NtOpenThreadToken
RtlRunOnceExecuteOnce
wcsspn
RtlGetNtSystemRoot
RtlCopyUnicodeString
RtlUpcaseUnicodeString
RtlNtStatusToDosErrorNoTeb
NtSetThreadExecutionState
NtPowerInformation
VerSetConditionMask
RtlQueryResourcePolicy
RtlQueryUnbiasedInterruptTime
NtQuerySystemInformation
NtSetInformationProcess

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
LoadLibraryExW
GetModuleHandleW
LoadStringW
FreeLibrary
FindStringOrdinal
GetModuleFileNameW
GetModuleFileNameA
LockResource
LoadResource
GetProcAddress
GetModuleHandleExW
GetModuleHandleA
FindResourceExW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
SleepEx
CreateMutexExW
TryEnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
ResetEvent
InitializeCriticalSectionAndSpinCount
OpenMutexW
WaitForMultipleObjectsEx
CreateEventExW
InitializeCriticalSection
OpenSemaphoreW
InitializeSRWLock
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateEventW
EnterCriticalSection
SetEvent
DeleteCriticalSection
OpenEventW
CreateSemaphoreExW
CreateMutexW
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetErrorMode
SetLastError

api-ms-win-core-file-l1-1-0

CreateFileW
FindFirstFileW
GetLongPathNameW
CompareFileTime
FindNextFileW
DeleteFileW
WriteFile
FindClose
GetFileAttributesW

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventUnregister
EventRegister
EventEnabled
EventWriteTransfer
EventSetInformation
EventActivityIdControl

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CloseThreadpoolWait
TrySubmitThreadpoolCallback
CreateThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
SubmitThreadpoolWork
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

GetPriorityClass
OpenThread
GetCurrentThreadId
OpenProcessToken
GetCurrentThread
OpenThreadToken
GetCurrentProcess
SetPriorityClass
SetThreadPriority
ResumeThread
CreateThread
TlsSetValue
QueueUserAPC
ProcessIdToSessionId
GetProcessId
GetThreadPriority
SetThreadPriorityBoost
CreateProcessW
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
TlsFree
InitializeProcThreadAttributeList
GetExitCodeProcess
GetCurrentProcessId
TlsAlloc
SetProcessShutdownParameters
TlsGetValue
ExitProcess
GetStartupInfoW
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetCalendarInfoW
GetLocaleInfoEx
GetThreadUILanguage
GetGeoInfoW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

SafeArrayAccessData
SysStringLen
SafeArrayCreate
SysAllocStringByteLen
SafeArrayUnaccessData
SysFreeString
SafeArrayDestroy
SysAllocString
VariantInit
VariantClear
VarUI4FromStr

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-shcore-sysinfo-l1-1-0

IsOS
SetCurrentProcessExplicitAppUserModelID

api-ms-win-core-com-l1-1-0

CoReleaseMarshalData
CoGetCallContext
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
StringFromCLSID
CoGetObjectContext
CoGetApartmentType
CoInitializeSecurity
CoCancelCall
CoDisableCallCancellation
IIDFromString
CoSetProxyBlanket
CoEnableCallCancellation
CLSIDFromString
CoUninitialize
CoGetInterfaceAndReleaseStream
CoInitializeEx
CoGetMalloc
CoTaskMemAlloc
PropVariantClear
CoGetStdMarshalEx
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoMarshalInterThreadInterfaceInStream
CoCreateGuid
CreateStreamOnHGlobal
StringFromIID
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoFreeUnusedLibraries

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNIW
StrChrIW
StrCmpICA
StrChrW
StrCmpW
QISearch
StrCmpIW
StrCmpICW
StrCmpNICW
StrToIntW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegDeleteTreeW
RegEnumValueW
RegOpenKeyExW
RegOpenCurrentUser
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegLoadMUIStringW

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_Set
IUnknown_SetSite
IUnknown_GetSite
IUnknown_QueryService

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree
GlobalFree
GlobalAlloc

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetWindowsDirectoryW
GetTickCount64
GetSystemTime
GetSystemDirectoryW
GetLocalTime
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetCommandLineW
SearchPathW
GetCurrentDirectoryW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathParseIconLocationW
PathIsFileSpecW
PathGetArgsW
PathCommonPrefixW
PathCombineW
PathQuoteSpacesW
PathFileExistsW
SHExpandEnvironmentStringsW
PathFindExtensionW
PathFindFileNameW
PathRemoveBlanksW
PathRemoveFileSpecW
PathGetDriveNumberW

api-ms-win-shcore-registry-l1-1-0

SHQueryInfoKeyW
SHRegGetValueW
SHEnumKeyExW
SHDeleteKeyW
SHDeleteValueW
SHSetValueW
SHGetValueW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-winrt-string-l1-1-0

WindowsPromoteStringBuffer
WindowsCompareStringOrdinal
WindowsCreateString
WindowsDeleteStringBuffer
WindowsSubstringWithSpecifiedLength
WindowsPreallocateStringBuffer
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference
WindowsDuplicateString

api-ms-win-shcore-thread-l1-1-0

SHSetThreadRef
SHCreateThreadRef
SHCreateThread
SetProcessReference
SHGetThreadRef

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-security-base-l1-1-0

EqualSid
IsValidSid
GetSecurityDescriptorDacl
GetLengthSid
CopySid
GetTokenInformation
CreateWellKnownSid
CheckTokenMembership
DuplicateToken
AllocateAndInitializeSid
GetAclInformation
DeleteAce
InitializeAcl
FreeSid
AddAce
SetKernelObjectSecurity
MakeAbsoluteSD
GetAce

api-ms-win-core-psapi-l1-1-0

K32EnumProcesses
K32GetModuleBaseNameW
K32EnumProcessModules
K32GetModuleFileNameExW
QueryFullProcessImageNameW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
RegisterTraceGuidsW
GetTraceEnableFlags
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation
SetThreadDescription

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoActivateInstance
RoInitialize
RoGetActivationFactory

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathAllocCombine
PathCchAppend
PathCchAddExtension
PathCchCombine

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualProtect
CreateFileMappingW
UnmapViewOfFile
VirtualAlloc
MapViewOfFile
OpenFileMappingW

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-shcore-scaling-l1-1-1

ord244
GetDpiForMonitor

api-ms-win-shcore-stream-l1-1-0

SHOpenRegStream2W
SHCreateStreamOnFileEx
IStream_Read
IStream_Write
SHCreateMemStream
IStream_Reset
SHCreateStreamOnFileW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
UnregisterWaitEx
DeleteTimerQueueTimer
ChangeTimerQueueTimer

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetProductInfo
GetSystemTimePreciseAsFileTime

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

userenv

DeriveAppContainerSidFromAppContainerName
GetProfileType

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
GetTimeZoneInformation
GetDynamicTimeZoneInformation
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
GetComputerNameW
RegisterWaitForSingleObject

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
NotifyServiceStatusChangeW

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus
DeviceIoControl

api-ms-win-shcore-registry-l1-1-1

SHRegGetValueFromHKCUHKLM

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-stringansi-l1-1-0

CharNextA

api-ms-win-power-base-l1-1-0

CallNtPowerInformation
GetPwrCapabilities

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord197
SHCreateWorkerWindowW
ord635
ord509
SHPinDllOfCLSID
ord544
ord478
ord479
ord481
StrRetToBufW
ord165
StrRetToStrW
AssocQueryStringW
SHIsChildOrSelf
IUnknown_GetWindow
ord279
ord292
PathRemoveArgsW
ShellMessageBoxW

api-ms-win-ntuser-sysparams-l1-1-0

EnumDisplayDevicesW
GetSystemMetrics
GetDisplayConfigBufferSizes
QueryDisplayConfig
SystemParametersInfoW
GetMonitorInfoW
EnumDisplayMonitors

api-ms-win-ntuser-rectangle-l1-1-0

SetRect
InflateRect
PtInRect
IsRectEmpty
UnionRect
SubtractRect
OffsetRect
IntersectRect
SetRectEmpty
EqualRect
CopyRect

api-ms-win-rtcore-ntuser-winevent-l1-1-0

NotifyWinEvent
UnhookWinEvent
SetWinEventHook

api-ms-win-shell-namespace-l1-1-0

SHCreateItemFromIDList
ILGetSize
ILCloneFirst
ILCombine
SHBindToObject
SHCreateItemFromParsingName
SHBindToFolderIDListParent
SHBindToParent
SHGetIDListFromObject
ILFindLastID
ILFree
SHParseDisplayName
ILIsParent
ILIsEqual
ILRemoveLastID
ILClone
SHGetNameFromIDList

dxgi

DXGIDeclareAdapterRemovalSupport

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

GetCurrentInputMessageSource
EnableMouseInPointer
GetPointerDevices
GetPointerType
GetPointerInfo

api-ms-win-storage-exports-internal-l1-1-0

GetThreadFlags
SetThreadFlags
SHGetKnownFolderIDList
SHGetFolderPathEx

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects

api-ms-win-appmodel-runtime-l1-1-0

GetPackagesByPackageFamily
GetPackageFullName

api-ms-win-rtcore-ntuser-wmpointer-l1-1-2

SetWindowFeedbackSetting

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

RegisterClipboardFormatW

api-ms-win-shell-dataobject-l1-1-1

DragQueryFileW

api-ms-win-rtcore-ntuser-private-l1-1-0

GetWindowBand
CreateWindowInBand

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

RegisterPowerSettingNotification
UnregisterPowerSettingNotification

api-ms-win-shell-changenotify-l1-1-1

SHChangeNotifyRegisterThread
SHChangeNotifyDeregister
SHHandleUpdateImage
SHChangeNotification_Lock
SHChangeNotifyRegister
SHChangeNotification_Unlock

propsys

PropVariantToBoolean
PSCreateMemoryPropertyStore
PSGetPropertyFromPropertyStorage
PSPropertyBag_WriteStr
InitVariantFromResource
PropVariantToUInt32
InitVariantFromGUIDAsString
PSPropertyBag_WriteDWORD
PropVariantToStringAlloc

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

api-ms-win-shell-dataobject-l1-1-0

SHCreateDataObject

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId
FindPackagesByPackageFamily

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

gdi32

CreateFontIndirectW
SetTextColor
GetClipBox
SelectObject
GetCurrentObject
Rectangle
SetStretchBltMode
ExcludeClipRect
CreateCompatibleDC
SetTextAlign
GetStockObject
StretchBlt
GetDeviceCaps
DeleteDC
CreateRectRgn
SetRectRgn
OffsetRgn
CombineRgn
DeleteObject
GetTextMetricsW
SelectClipRgn
GetObjectW
GetClipRgn
GetOutlineTextMetricsW
GetGlyphOutlineW
CreateRectRgnIndirect
GetTextExtentPoint32W
ExtTextOutW

kernel32

SetProcessDEPPolicy
IsBadWritePtr
GetModuleHandleExA
HeapSize
HeapDestroy
HeapReAlloc

api-ms-win-core-rtlsupport-l1-2-0

RtlCompareMemory

wininet

InternetCrackUrlW

shcore

ord121
ord190
SHUnicodeToAnsi
ord1
ord192
ord183
ord126
ord109
ord174
ord162
ord123
ord191
ord187
ord186
ord141
ord142
ord200
ord184

shell32

ord134
ord743
ord907
ord43
Shell_GetCachedImageIndexW
ord790
ord792
ord727
ord162
SHAppBarMessage
ord894
ord906
ord181
ord22
SHGetLocalizedName
SHGetPropertyStoreForWindow
ord764
ord866
ord723
SHEvaluateSystemCommandTemplate
ord244
ExtractIconExW
ord132
ord137
Shell_NotifyIconW
Shell_NotifyIconGetRect
ord6
SHGetStockIconInfo
DuplicateIcon
ShellExecuteW
ord91
ord254
ord54
SHEnableServiceObject
ord61
ord896
SHAddToRecentDocs
ord60
SHUpdateRecycleBinIcon
ord711
SHFileOperationW
SHGetPathFromIDListW
ord753
ord733
ord67
SHCreateItemInKnownFolder
ord206
ord201
ord188
ord899
ShellExecuteExW
ord245
ord200
ord89
ord190
ord85
ord100
ord850
ord95
ord885
ord680
ord172
ord895

shlwapi

ord164
PathIsDirectoryW
ord413
ord548
ord163
ord467
AssocQueryKeyW
ChrCmpIW
PathIsRelativeW
AssocCreate

uxtheme

GetThemeMetric
GetThemeColor
BufferedPaintSetAlpha
GetWindowTheme
BufferedPaintUnInit
SetWindowTheme
EndBufferedPaint
GetThemePartSize
BufferedPaintInit
CloseThemeData
DrawThemeParentBackground
DrawThemeBackground
ord86
GetThemeFont
DrawThemeTextEx
IsCompositionActive
IsAppThemed
BeginBufferedPaint
IsThemePartDefined
ord138
GetThemeInt
GetThemeBackgroundExtent
GetThemeBool
IsThemeActive
OpenThemeData
OpenThemeDataForDpi
GetBufferedPaintBits
GetThemeMargins
ord126

dwmapi

ord113
DwmIsCompositionEnabled
ord141
ord139
DwmSetWindowAttribute
ord140
DwmEnableBlurBehindWindow
DwmRegisterThumbnail
DwmGetWindowAttribute
ord159
DwmQueryThumbnailSourceSize
ord124
DwmUpdateThumbnailProperties
DwmUnregisterThumbnail
ord114
ord138

user32

SetCapture
GetCapture
ReleaseCapture
GetDoubleClickTime
CalculatePopupWindowPosition
CopyIcon
GetLastInputInfo
GetCursorFrameInfo
AdjustWindowRect
GetDpiForWindow
SetWindowCompositionAttribute
SetGestureConfig
LoadImageW
CheckMenuItem
EnableMenuItem
RemoveMenu
SetMenuDefaultItem
TrackPopupMenuEx
CopyImage
GetSysColor
GetCaretBlinkTime
InjectKeyboardInput
MapVirtualKeyExW
InjectMouseInput
LockWorkStation
TileWindows
CascadeWindows
HungWindowFromGhostWindow
LoadIconW
IsIconic
GetKeyState
ord2005
EndDialog
AdjustWindowRectEx
GetDC
ReleaseDC
CreatePopupMenu
GetMenuDefaultItem
DestroyMenu
LoadCursorW
SetCursor
SetMenuItemInfoW
MonitorFromWindow
DefWindowProcA
IsWindowUnicode
LoadAcceleratorsW
ChangeWindowMessageFilterEx
TranslateAcceleratorW
ord2611
DrawIconEx
SendInput
SetDesktopColorTransform
UnregisterClassA
MonitorFromRect
GetGuiResources
IsHungAppWindow
TrackMouseEvent
DeleteMenu
FillRect
DestroyIcon
LoadMenuW
ExitWindowsEx
GetSubMenu
CreateIconIndirect
GetMenuItemCount
GetMenuItemInfoW
MonitorFromPoint
ReplyMessage
ord2574
GetAsyncKeyState
ModifyMenuW
GetSystemMenu
GetSysColorBrush
SetLayeredWindowAttributes
GetIconInfoExW
GetIconInfo
GetClassWord
GetClassLongW
SendDlgItemMessageW
SwitchToThisWindow
GetPhysicalCursorPos
GetCursorInfo
ShowWindowAsync
InsertMenuW
BringWindowToTop
ord2573
GhostWindowFromHungWindow
EndTask
IsTopLevelWindow
GetMenuState
SetScrollInfo
GetScrollInfo
SetScrollPos
GetMenuStringW
InternalGetWindowText
GetLayeredWindowAttributes
GetLastActivePopup
DrawTextExW
IsProcessDPIAware
SetThreadDpiAwarenessContext
GetWindowCompositionAttribute
GetWindowProcessHandle
UpdateLayeredWindow
ord2521
UnregisterHotKey
RegisterHotKey
UnregisterClassW
ord2522
WindowFromDC
GetMenuInfo
SetMenuInfo
GetDpiForSystem
GetWindowDpiAwarenessContext
AreDpiAwarenessContextsEqual
CharLowerW
IsCharAlphaNumericW
GetSystemMetricsForDpi
DrawTextW

sspicli

GetUserNameExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-kernel32-legacy-l1-1-1

PowerSetRequest
VerifyVersionInfoW
PowerCreateRequest

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-2

SetTermsrvAppInstallMode

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StartTraceW
StopTraceW

api-ms-win-core-job-l1-1-0

IsProcessInJob

rpcrt4

RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
NdrClientCall2

api-ms-win-appmodel-runtime-l1-1-3

GetStagedPackagePathByFullName2

api-ms-win-core-biptcltapi-l1-1-7

BiPtQueryWorkItem
BiPtFreeMemory
BiPtAssociateApplicationEntryPoint
BiPtEnumerateWorkItemsForPackageName

api-ms-win-appmodel-unlock-l1-1-0

IsDeveloperModeEnabled

api-ms-win-rtcore-ntuser-shell-l1-1-0

GetShellWindow

api-ms-win-ro-typeresolution-l1-1-1

RoCreatePropertySetSerializer

combase

SetErrorInfo
GetErrorInfo

Exports

Exports

g_trayTriageBlock

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f48d47e6ff7a0ff6d9fd349fcfe3333

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

55:b0:01:be:a6:3b:f6:4e:aa:a2:60:4a:c7:3e:d8:f5:1b:c5:5e:0e:29:c0:e1:fb:bd:da:db:40:1c:cc:fb:1aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-private-l1-1-0

aepic

twinapi

api-ms-win-core-job-l2-1-0

api-ms-win-core-windowserrorreporting-l1-1-3

api-ms-win-core-url-l1-1-0

api-ms-win-core-windowserrorreporting-l1-1-1

api-ms-win-core-kernel32-private-l1-1-0

api-ms-win-core-registryuserspecific-l1-1-0

api-ms-win-core-com-private-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-shcore-sysinfo-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-string-l2-1-1

api-ms-win-core-processthreads-l1-1-3

api-ms-win-core-registry-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-shcore-unicodeansi-l1-1-0

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

55:b0:01:be:a6:3b:f6:4e:aa:a2:60:4a:c7:3e:d8:f5:1b:c5:5e:0e:29:c0:e1:fb:bd:da:db:40:1c:cc:fb:1a
Signer