explorer[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

explorer.exe
Size

3.7MB
MD5

aa0ca518e66f290fe0bac6169473e8a9
SHA1

60e3f357b06af9eb84fb9019bf08fb4dd109d4ec
SHA256

0d7cb0b75cd61cdffe0e53910829ffa5c02c8759ebd27a49e2ef7a907a10e506
SHA512

35acad9da3161873b21f73516f351c8c6f7fd49dd2b8e23105e230d8dab97c15607af7f8ea3725f2c013d11cdb0b95cf26dd556e713adc134ec8354cab494869
SSDEEP

49152:7LSf3pfF98als35V86y45nxm2GwHEbcOeZaauUgrKo/Ww8A7/eFwjDvv:o3pf38LVs45nI2GwHEY1A9jrcw8a0cD

Score

1^/10

Malware Config

Signatures

Files

explorer.exe
.exe windows:10 windows x86 arch:x86

fbebd61ce702929c1f33b522fd572c5d

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:5b:98:96:b5:c6:e8:f5:4f:37:5b:5b:bc:df:15:87:31:9d:b9:b5:2d:2a:f7:d5:0d:1e:b3:5a:ee:10:8d:d0
Signer

Actual PE Digest

43:5b:98:96:b5:c6:e8:f5:4f:37:5b:5b:bc:df:15:87:31:9d:b9:b5:2d:2a:f7:d5:0d:1e:b3:5a:ee:10:8d:d0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

explorer.pdb

Imports

msvcrt

__CxxFrameHandler3
_except_handler4_common
_controlfp
??1type_info@@UAE@XZ
_onexit
strncmp
_CIpow
_wcmdln
_initterm
_ftol2
__p__fmode
_snwprintf_s
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_vsnwprintf_s
__p__commode
_XcptFilter
iswalnum
__dllonexit
__setusermatherr
_ftol2_sse
toupper
malloc
free
realloc
bsearch
wcsncpy_s
wcscspn
ceil
_vscwprintf
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
??0bad_cast@@QAE@ABV0@@Z
_errno
___lc_collate_cp_func
___lc_handle_func
_free_locale
setlocale
__uncaught_exception
__pctype_func
___lc_codepage_func
calloc
memcmp
___mb_cur_max_func
_ismbblead
memset
abort
_get_current_locale
__crtLCMapStringW
__crtCompareStringW
_wcsdup
_unlock
_lock
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
memmove
memcpy
_CxxThrowException
_wcsicmp
_get_errno
_set_errno
wcsncmp
localtime
mktime
_CIsqrt
difftime
time
wcscat_s
wcscpy_s
_set_error_mode
wcsstr
memmove_s
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy_s
_vsnwprintf
?terminate@@YAXXZ
floor

twinapi

ord9

api-ms-win-core-job-l2-1-0

SetInformationJobObject
QueryInformationJobObject
AssignProcessToJobObject
CreateJobObjectW

api-ms-win-core-url-l1-1-0

PathIsURLW
UrlUnescapeW
HashData

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetUSValueW
SHRegGetBoolUSValueW

api-ms-win-core-com-private-l1-1-0

CoRegisterMessageFilter

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
ActivateActCtx
ReleaseActCtx
DeactivateActCtx

ntdll

ZwCreateFile
ZwQueryInformationFile
ZwCreateSection
ZwQueryInformationProcess
ZwSetInformationProcess
RtlInitString
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlIsStateSeparationEnabled
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenFile
RtlNtPathNameToDosPathName
RtlpEnsureBufferSize
ZwQueryDirectoryFile
RtlFreeUnicodeString
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlIsMultiSessionSku
RtlIsMultiUsersInSessionSku
RtlDosPathNameToNtPathName_U_WithStatus
swscanf_s
WinSqmAddToStreamEx
WinSqmIsOptedIn
WinSqmSetDWORD
RtlQueryResourcePolicy
VerSetConditionMask
NtSetThreadExecutionState
RtlNtStatusToDosErrorNoTeb
RtlFormatCurrentUserKeyPath
RtlUpcaseUnicodeString
RtlCopyUnicodeString
RtlRunOnceExecuteOnce
RtlAppendUnicodeStringToString
NtQueryInformationProcess
RtlAppendUnicodeToString
NtSetInformationProcess
RtlAllocateHeap
RtlReAllocateHeap
RtlFreeHeap
ZwClose
ZwOpenKey
ZwQueryValueKey
RtlInitUnicodeString
ZwQuerySystemInformation
RtlGetVersion
wcsspn
wcsrchr
wcstol
_wcsnicmp
NtOpenThreadToken
NtClose
NtQueryInformationToken
NtOpenProcessToken
RtlCompareUnicodeString
wcschr
_itow_s
_wtoi
strchr
RtlNtStatusToDosError
NtQueryWnfStateData
RtlPublishWnfStateData
NtSetSystemInformation
RtlFlushHeaps
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
SizeofResource
LoadStringW
GetModuleHandleA
FindStringOrdinal
FreeLibrary
GetModuleFileNameW
LockResource
GetModuleFileNameA
LoadResource
FindResourceExW
GetProcAddress
LoadLibraryExW
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
WakeAllConditionVariable
SleepConditionVariableSRW
Sleep
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

TryEnterCriticalSection
WaitForSingleObject
ReleaseSRWLockShared
OpenEventW
OpenSemaphoreW
CreateEventW
ReleaseSRWLockExclusive
WaitForMultipleObjectsEx
ResetEvent
SleepEx
OpenMutexW
InitializeCriticalSectionEx
CreateMutexW
InitializeCriticalSection
AcquireSRWLockExclusive
InitializeSRWLock
DeleteCriticalSection
SetEvent
AcquireSRWLockShared
LeaveCriticalSection
CreateMutexExW
WaitForSingleObjectEx
CreateEventExW
ReleaseSemaphore
CreateSemaphoreExW
EnterCriticalSection
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapSetInformation
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode

api-ms-win-core-file-l1-1-0

FindClose
CompareFileTime
GetLongPathNameW
FindNextFileW
GetFileAttributesW
CreateFileW
WriteFile
DeleteFileW
FindFirstFileW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventSetInformation
EventUnregister
EventRegister
EventProviderEnabled
EventEnabled
EventWriteTransfer
EventWrite

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
WaitForThreadpoolWaitCallbacks
CreateThreadpoolTimer
SubmitThreadpoolWork
CloseThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolWait
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetPriorityClass
GetCurrentProcessId
ProcessIdToSessionId
OpenThread
SetPriorityClass
GetThreadPriority
CreateThread
SetProcessShutdownParameters
SetThreadPriorityBoost
QueueUserAPC
ResumeThread
GetProcessId
TerminateProcess
SetThreadPriority
ExitProcess
TerminateThread
GetCurrentProcess
OpenThreadToken
GetCurrentThread
OpenProcessToken
CreateProcessW
GetExitCodeProcess
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-localization-l1-2-0

GetCalendarInfoW
FormatMessageW
GetUserDefaultLangID
GetLocaleInfoW
GetThreadUILanguage
GetLocaleInfoEx

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

SysAllocStringByteLen
VarUI4FromStr
SafeArrayAccessData
SafeArrayCreate
SafeArrayUnaccessData
VariantClear
SafeArrayDestroy
VariantInit
SysAllocString
SysFreeString

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-shcore-sysinfo-l1-1-0

SetCurrentProcessExplicitAppUserModelID
IsOS

api-ms-win-core-com-l1-1-0

CoGetMalloc
CreateStreamOnHGlobal
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoRevokeClassObject
CoGetApartmentType
CoRegisterClassObject
StringFromGUID2
CoWaitForMultipleHandles
StringFromIID
CoGetClassObject
CoCreateGuid
CoGetStdMarshalEx
CoUninitialize
CoInitializeSecurity
CoFreeUnusedLibraries
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoReleaseMarshalData
PropVariantClear
CoTaskMemRealloc
CoTaskMemAlloc
CoGetCallContext
CoTaskMemFree
CoCreateInstance
CLSIDFromString
IIDFromString
CoSetProxyBlanket
CoEnableCallCancellation
CoDisableCallCancellation
CoCancelCall

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrIW
StrChrW
StrCmpNIW
StrCmpW
StrToIntW
StrCmpICA
StrRChrW
StrCmpIW
StrStrIW
StrCmpICW
QISearch
StrCmpNICW

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW
SHStrDupW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyExW
RegCreateKeyExW
RegGetValueW
RegOpenKeyExW
RegEnumValueW
RegDeleteTreeW
RegQueryValueExW
RegEnumKeyExW
RegCloseKey

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_GetSite
IUnknown_QueryService
IUnknown_SetSite
IUnknown_Set

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalFree
LocalReAlloc
LocalAlloc

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount64
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount
GetSystemTime
GetLocalTime

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetCommandLineW
ExpandEnvironmentStringsW
GetCurrentDirectoryW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathGetArgsW
PathQuoteSpacesW
PathGetDriveNumberW
PathParseIconLocationW
PathCommonPrefixW
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
PathIsFileSpecW
PathIsRelativeW
PathFindExtensionW
PathCombineW
SHExpandEnvironmentStringsW
PathRemoveBlanksW

api-ms-win-core-winrt-string-l1-1-0

WindowsSubstringWithSpecifiedLength
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCreateString
WindowsCreateStringReference
WindowsCompareStringOrdinal

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef
SHCreateThreadRef
SHSetThreadRef
SHCreateThread
SetProcessReference

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
CompareStringW
MultiByteToWideChar
GetStringTypeW

api-ms-win-shcore-registry-l1-1-0

SHDeleteValueW
SHDeleteKeyW
SHQueryInfoKeyW
SHSetValueW
SHGetValueW
SHRegGetValueW
SHEnumKeyExW

api-ms-win-security-base-l1-1-0

DuplicateToken
InitializeAcl
CheckTokenMembership
CreateWellKnownSid
GetTokenInformation
DeleteAce
GetLengthSid
GetAce
GetAclInformation
IsValidSid
EqualSid
CopySid
AddAce
MakeAbsoluteSD

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
TraceMessage

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-errorhandling-l1-1-1

RemoveVectoredExceptionHandler

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize
RoActivateInstance

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-path-l1-1-0

PathCchAddExtension
PathCchAppend
PathAllocCombine
PathCchCombine

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc
MapViewOfFile
CreateFileMappingW
VirtualProtect
UnmapViewOfFile

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-shcore-stream-l1-1-0

IStream_Write
SHCreateStreamOnFileW
IStream_Read
SHOpenRegStream2W
IStream_Reset
SHCreateStreamOnFileEx
SHCreateMemStream

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer
ChangeTimerQueueTimer
UnregisterWaitEx

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
GetDynamicTimeZoneInformation

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
GetComputerNameW
GetSystemPowerStatus

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-shcore-registry-l1-1-1

SHRegGetValueFromHKCUHKLM

api-ms-win-shcore-scaling-l1-1-1

ord244
GetDpiForMonitor

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-core-stringansi-l1-1-0

CharNextA

api-ms-win-power-base-l1-1-0

PowerDeterminePlatformRoleEx
CallNtPowerInformation
GetPwrCapabilities

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord509
PathRemoveArgsW
SHPinDllOfCLSID
StrRetToBufW
ord279
StrRetToStrW
IUnknown_GetWindow
ord635
ord544
ord292
ord165
SHCreateWorkerWindowW
ord481
ord479
ord478
SHIsChildOrSelf
ord197
AssocQueryStringW
ShellMessageBoxW

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
EnumDisplayMonitors
SystemParametersInfoW
EnumDisplayDevicesW
GetMonitorInfoW

api-ms-win-ntuser-rectangle-l1-1-0

SubtractRect
OffsetRect
IntersectRect
UnionRect
IsRectEmpty
PtInRect
EqualRect
SetRectEmpty
CopyRect
InflateRect
SetRect

api-ms-win-rtcore-ntuser-winevent-l1-1-0

UnhookWinEvent
SetWinEventHook
NotifyWinEvent

api-ms-win-shell-namespace-l1-1-0

ILFindLastID
SHBindToObject
ILClone
SHCreateItemFromIDList
SHParseDisplayName
SHBindToParent
ILFree
SHBindToFolderIDListParent
SHGetIDListFromObject
ILCombine
ILCloneFirst
ILGetSize
ILRemoveLastID
ILIsEqual
SHGetNameFromIDList
ILIsParent
SHCreateItemFromParsingName

dxgi

DXGIDeclareAdapterRemovalSupport

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

GetPointerType
GetPointerInfo
EnableMouseInPointer
GetPointerDevices
GetCurrentInputMessageSource

api-ms-win-storage-exports-internal-l1-1-0

GetThreadFlags
SHGetKnownFolderIDList
SHGetFolderPathEx
SetThreadFlags

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects

api-ms-win-rtcore-ntuser-wmpointer-l1-1-2

SetWindowFeedbackSetting

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

RegisterClipboardFormatW

api-ms-win-rtcore-ntuser-private-l1-1-0

GetWindowBand
CreateWindowInBand

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

UnregisterPowerSettingNotification
RegisterPowerSettingNotification

propsys

InitVariantFromGUIDAsString
InitVariantFromResource
PSPropertyBag_WriteStr
PSCreateMemoryPropertyStore
PropVariantToUInt32
PSPropertyBag_WriteDWORD
PropVariantToStringAlloc

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFullName
GetPackagesByPackageFamily

api-ms-win-mm-playsound-l1-1-0

PlaySoundW

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

api-ms-win-shell-dataobject-l1-1-0

SHCreateDataObject

api-ms-win-appmodel-runtime-l1-1-1

GetStagedPackagePathByFullName
ParseApplicationUserModelId
FindPackagesByPackageFamily

api-ms-onecoreuap-settingsync-status-l1-1-0

IsSettingSyncEnabled
IsRoamingEnabled

gdi32

SetTextAlign
SetTextColor
CreateFontIndirectW
PatBlt
CreateBitmap
SetBkMode
BitBlt
OffsetWindowOrgEx
GetDeviceCaps
CreateRectRgn
SetRectRgn
OffsetRgn
CreateCompatibleBitmap
GetClipBox
Rectangle
SetStretchBltMode
ExcludeClipRect
ExtTextOutW
StretchDIBits
GdiAlphaBlend
SelectObject
GdiFlush
Polyline
CreatePen
GetCurrentObject
SelectClipRgn
SetViewportOrgEx
GetViewportOrgEx
CreateCompatibleDC
GetClipRgn
StretchBlt
GetBkColor
CreateSolidBrush
GetOutlineTextMetricsW
GetGlyphOutlineW
CreateRectRgnIndirect
GetTextExtentPoint32W
SetBkColor
GetDIBits
GetStockObject
DeleteDC
CreateDIBSection
GetObjectW
DeleteObject
CombineRgn
GetTextMetricsW

kernel32

RegisterApplicationRestart
SetProcessDEPPolicy
IsBadWritePtr

wininet

InternetCrackUrlW

shcore

ord1
ord142
ord200
ord184
ord186
ord187
ord123
ord162
ord190
ord121
ord174
ord109
ord126
ord183
SHUnicodeToAnsi
ord192

shell32

ord100
ord85
ord190
ShellExecuteW
ord89
ord200
ord245
ShellExecuteExW
ord899
ord188
ord201
ord206
SHCreateItemInKnownFolder
DragQueryFileW
SHChangeNotifyRegisterThread
ord733
ord67
ord753
ord644
ord645
SHGetPathFromIDListW
ord4
SHFileOperationW
ord711
ord2
SHUpdateRecycleBinIcon
ord60
SHAddToRecentDocs
ord896
SHEnableServiceObject
ord54
ord254
ord91
DuplicateIcon
SHGetStockIconInfo
ord6
Shell_NotifyIconGetRect
Shell_NotifyIconW
ord137
ord132
ExtractIconExW
ord244
ord181
ord866
ord764
SHEvaluateSystemCommandTemplate
SHGetLocalizedName
ord895
ord906
ord193
SHGetPropertyStoreForWindow
ord894
SHAppBarMessage
ord162
ord727
ord792
ord790
Shell_GetCachedImageIndexW
ord743
ord907
ord134
ord22
ord850
ord95
ord885
ord723
ord680
ord172
ord61

shlwapi

ord548
ord413
PathIsDirectoryW
ord164
ord163
ord467
AssocQueryKeyW
ChrCmpIW
AssocCreate

uxtheme

GetThemeColor
SetWindowTheme
GetWindowTheme
BufferedPaintUnInit
EndBufferedPaint
BeginBufferedPaint
BufferedPaintInit
CloseThemeData
DrawThemeParentBackground
DrawThemeBackground
ord106
ord104
ord121
ord120
ord86
ord118
ord98
GetThemeFont
DrawThemeTextEx
IsAppThemed
GetThemeInt
GetBufferedPaintBits
IsThemeActive
ord126
BufferedPaintSetAlpha
GetThemeMargins
GetThemeMetric
GetThemePartSize
OpenThemeDataForDpi
OpenThemeData
GetThemeBool
GetThemeBackgroundExtent
ord122
IsCompositionActive

dwmapi

ord114
DwmUnregisterThumbnail
DwmUpdateThumbnailProperties
ord124
DwmQueryThumbnailSourceSize
ord159
DwmGetWindowAttribute
ord140
ord141
ord138
ord139
DwmSetWindowAttribute
DwmIsCompositionEnabled
DwmRegisterThumbnail
DwmEnableBlurBehindWindow
ord113

win32u

NtDCompositionGetFrameStatistics

user32

IsCharAlphaNumericW
CharLowerW
AreDpiAwarenessContextsEqual
GetWindowDpiAwarenessContext
GetDpiForSystem
SetMenuInfo
GetMenuInfo
ord2522
UnregisterClassW
UpdateLayeredWindow
GetWindowProcessHandle
GetWindowCompositionAttribute
SetThreadDpiAwarenessContext
IsProcessDPIAware
SetLayeredWindowAttributes
GetLayeredWindowAttributes
InternalGetWindowText
GetMenuStringW
SetScrollPos
GetScrollInfo
SetScrollInfo
IsZoomed
GetMenuState
IsTopLevelWindow
ord2573
BringWindowToTop
InsertMenuW
ShowWindowAsync
GetCursorInfo
DrawTextExW
GetPhysicalCursorPos
GetClassLongW
GetClassWord
GetIconInfo
GetIconInfoExW
GhostWindowFromHungWindow
GetSysColorBrush
GetSystemMenu
ModifyMenuW
GetAsyncKeyState
ReplyMessage
MonitorFromPoint
GetMenuItemInfoW
GetMenuItemCount
CreateIconIndirect
LoadMenuW
DrawTextW
DeleteMenu
TrackPopupMenuEx
SetMenuDefaultItem
RemoveMenu
EnableMenuItem
CheckMenuItem
LoadImageW
SetGestureConfig
SetWindowCompositionAttribute
GetDpiForWindow
AdjustWindowRect
GetLastInputInfo
CopyIcon
CalculatePopupWindowPosition
GetDoubleClickTime
ReleaseCapture
EndTask
SetCapture
TrackMouseEvent
ord2005
GetSystemMetricsForDpi
DrawIconEx
DestroyIcon
CopyImage
GetSysColor
GetCaretBlinkTime
InjectKeyboardInput
MapVirtualKeyExW
InjectMouseInput
LockWorkStation
TileWindows
CascadeWindows
SetWindowPlacement
HungWindowFromGhostWindow
LoadIconW
IsIconic
GetKeyState
ExitWindowsEx
EndDialog
SendDlgItemMessageW
MonitorFromWindow
RegisterHotKey
UnregisterHotKey
GetLastActivePopup
SwitchToThisWindow
ord2574
IsHungAppWindow
GetGuiResources
GetWindowPlacement
MonitorFromRect
ord2611
TranslateAcceleratorW
ChangeWindowMessageFilterEx
LoadAcceleratorsW
IsWindowUnicode
DefWindowProcA
SetMenuItemInfoW
SetCursor
LoadCursorW
DestroyMenu
GetMenuDefaultItem
CreatePopupMenu
ReleaseDC
GetDC
AdjustWindowRectEx
FillRect
UnregisterClassA
PostThreadMessageW
GetSubMenu
GetCapture

sspicli

GetUserNameExW

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-kernel32-legacy-l1-1-1

PowerSetRequest
PowerCreateRequest
VerifyVersionInfoW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

userenv

DeriveAppContainerSidFromAppContainerName
GetProfileType

api-ms-win-security-isolatedcontainer-l1-1-0

IsProcessInIsolatedContainer

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
NotifyServiceStatusChangeW

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

api-ms-win-core-kernel32-legacy-l1-1-2

SetTermsrvAppInstallMode

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StartTraceW
StopTraceW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

rpcrt4

NdrClientCall2
RpcBindingFree
RpcBindingSetAuthInfoExW
I_RpcExceptionFilter
UuidFromStringW
RpcStringFreeW
RpcStringBindingComposeW
RpcBindingFromStringBindingW

api-ms-win-core-biptcltapi-l1-1-7

BiPtQueryWorkItem
BiPtFreeMemory
BiPtAssociateApplicationEntryPoint
BiPtEnumerateWorkItemsForPackageName

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

api-ms-win-security-lsalookup-l1-1-1

GetIdentityProviderInfoByGUID
ReleaseIdentityProviderEnumContext
GetDefaultIdentityProvider
EnumerateIdentityProviders

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbebd61ce702929c1f33b522fd572c5d

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

43:5b:98:96:b5:c6:e8:f5:4f:37:5b:5b:bc:df:15:87:31:9d:b9:b5:2d:2a:f7:d5:0d:1e:b3:5a:ee:10:8d:d0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

twinapi

api-ms-win-core-job-l2-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-core-kernel32-private-l1-1-0

api-ms-win-core-registryuserspecific-l1-1-0

api-ms-win-core-com-private-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-shcore-sysinfo-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-l2-1-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-shcore-unicodeansi-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-processthreads-l1-1-3

api-ms-win-core-memory-l1-1-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-shcore-path-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

43:5b:98:96:b5:c6:e8:f5:4f:37:5b:5b:bc:df:15:87:31:9d:b9:b5:2d:2a:f7:d5:0d:1e:b3:5a:ee:10:8d:d0
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 5KB - Virtual size: 17KB

.idata
Size: 32KB - Virtual size: 31KB

.didat
Size: 1024B - Virtual size: 904B

.rsrc
Size: 1.2MB - Virtual size: 1.2MB