SearchProtocolHost[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SearchProtocolHost.exe
Size

290KB
MD5

3a9f2f6e92e26ac705aaf96860162060
SHA1

f793976da304b79c292c3f3b459842f8395e68ae
SHA256

74b86b4b950284945df7802faf5356e8d3147a760fab96b108681512d0fbd305
SHA512

3b48afe2ad1c2c2f1261f5f85af93174f2a8fa10de04ce2fe3b7cb8bca49d83151effa177830eda98746690da340d562c9ee8782db3eaae13098b8f2306f9fd8
SSDEEP

6144:J02dLck+SXSQaTtFaqU3k1/u1RRrkR10efUKZ8:q2dLr+eSQaTfbU3cMRRQztfb8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SearchProtocolHost.exe

Files

SearchProtocolHost.exe
.exe windows:10 windows x86 arch:x86

0d54f4e9925b2d7c00a1abd0e1b770c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

SearchProtocolHost.pdb

Imports

msvcrt

realloc
?terminate@@YAXXZ
_lock
_errno
exit
__dllonexit
__wgetmainargs
_amsg_exit
__p__commode
_onexit
??1type_info@@UAE@XZ
_controlfp
_XcptFilter
_except_handler4_common
_exit
memset
wcsncpy_s
malloc
_cexit
wcsncmp
_set_error_mode
_wcsnicmp
free
_itow
iswspace
_wtol
_itow_s
strerror
memmove
_vsnprintf
fprintf
strncmp
bsearch
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
?what@exception@@UBEPBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
__p__fmode
__setusermatherr
_initterm
_vsnwprintf
__iob_func
wcschr
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
__set_app_type
??1exception@@UAE@XZ
_purecall
_wtoi
_wcsicmp
memcpy_s
_unlock
memcmp

tquery

ciNewNoThrow
ciDelete
ciNew

api-ms-win-security-base-l1-2-0

AddAce
MakeSelfRelativeSD
SetSecurityDescriptorGroup
GetTokenInformation
InitializeSecurityDescriptor
IsValidSid
ImpersonateLoggedOnUser
InitializeAcl
CreateWellKnownSid
AddAccessAllowedAce
GetAce
RevertToSelf
GetAclInformation
GetLengthSid
CopySid
MakeAbsoluteSD
EqualPrefixSid
SetSecurityDescriptorSacl
InitializeSid
DeleteAce
GetSidLengthRequired
GetSidSubAuthority
AdjustTokenPrivileges
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
GetSecurityDescriptorLength

oleaut32

VarUI4FromStr
GetErrorInfo
CreateErrorInfo
SysFreeString
SysStringLen
SetErrorInfo

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
LoadResource
FindResourceExW
GetModuleHandleExW
SizeofResource
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
LoadStringW
FreeLibrary

api-ms-win-core-windowserrorreporting-l1-1-0

WerSetFlags

api-ms-win-security-lsalookup-l2-1-1

LookupAccountSidW
LookupPrivilegeValueW
LookupAccountNameW

api-ms-win-core-synch-l1-2-0

ReleaseSemaphore
CreateEventW
Sleep
CreateWaitableTimerExW
SetEvent
ReleaseMutex
CreateMutexExW
OpenEventW
InitOnceBeginInitialize
OpenSemaphoreW
ResetEvent
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
InitOnceComplete
LeaveCriticalSection
CreateSemaphoreExW
EnterCriticalSection
WaitForSingleObjectEx
SetWaitableTimerEx

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar

api-ms-win-core-com-l1-1-1

CoUninitialize
CoDisconnectObject
CoCreateInstance
CoInitializeEx
CreateStreamOnHGlobal
CoUnmarshalInterface
PropVariantClear
CoInitializeSecurity
CoTaskMemRealloc
CLSIDFromProgID
CoTaskMemFree
CoTaskMemAlloc
PropVariantCopy

api-ms-win-core-localization-l1-2-1

ResolveLocaleName
GetLocaleInfoW
IsValidCodePage
LocaleNameToLCID
LCMapStringW
GetSystemDefaultLCID
FormatMessageW

api-ms-win-core-heap-l1-2-0

HeapFree
HeapSetInformation
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetUnhandledExceptionFilter
SetErrorMode
SetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-handle-l1-1-0

CloseHandle
GetHandleInformation
DuplicateHandle

api-ms-win-core-processthreads-l1-1-2

GetCurrentThread
CreateThread
GetProcessTimes
GetCurrentProcessId
OpenProcessToken
GetThreadTimes
GetCurrentThreadId
GetCurrentProcess
SetPriorityClass
OpenThreadToken
TerminateProcess

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegQueryValueExW
RegEnumValueW
RegDeleteKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegQueryInfoKeyW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventWrite
EventUnregister
EventSetInformation

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-memory-l1-1-2

OpenFileMappingW
CreateFileMappingW
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile

api-ms-win-core-debug-l1-1-1

OutputDebugStringW
OutputDebugStringA

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryA
LoadLibraryW

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree
GlobalAlloc

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetLocalTime
GetVersionExA
GetVersionExW
GetTickCount

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW
SearchPathW

api-ms-win-core-localization-obsolete-l1-3-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-file-l1-2-1

LockFile
ReadFile
SetFilePointer
SetEndOfFile
CreateFileW
DeleteFileW
UnlockFile
GetFileSize
GetFileTime
FlushFileBuffers
DeleteFileA
WriteFile
CreateFileA

api-ms-win-core-kernel32-legacy-l1-1-1

CopyFileA

api-ms-win-shcore-registry-l1-1-1

SHRegGetValueW

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-1

GetTimeFormatW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

shcore

ord107

windows.storage

ILFree
SHCreateItemFromIDList
SHParseDisplayName

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d54f4e9925b2d7c00a1abd0e1b770c4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

tquery

api-ms-win-security-base-l1-2-0

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-windowserrorreporting-l1-1-0

api-ms-win-security-lsalookup-l2-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-localization-l1-2-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-debug-l1-1-1

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-heap-l2-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-localization-obsolete-l1-3-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-shcore-registry-l1-1-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-apiquery-l1-1-0

shcore

windows.storage

api-ms-win-core-delayload-l1-1-1

Sections

.text Size: 183KB - Virtual size: 182KB

.data Size: 1KB - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 76B

.rsrc Size: 84KB - Virtual size: 84KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 183KB - Virtual size: 182KB

.data
Size: 1KB - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 76B

.rsrc
Size: 84KB - Virtual size: 84KB

.reloc
Size: 11KB - Virtual size: 11KB