smartscreen[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

smartscreen.exe
Size

624KB
MD5

3fb0dad547560d85a42e32a2a4556106
SHA1

b03f0957e1071228156a2fe120dc3efde41219eb
SHA256

8d72dc897d1127e9cad4f0c8c817213c3909607776851022fef061cddbd8e59d
SHA512

c318cd08f6dcd3f42fd2e79062305097fb9355c1b554f2b285d5397dd09aede0cf59690559c2a200e2b621a4d1d3031e1104cd27754926e8e075ce99d199f2d2
SSDEEP

12288:z1OPNnKQ8BspsT4TNGlUfxYsFub0022qhjUi+K:MPF8BQsT4TIl6xzFumPhgi+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
smartscreen.exe

Files

smartscreen.exe
.exe windows:10 windows x64 arch:x64

7cdc8023c00d4717d8ca40319ece4551

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

smartscreen.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initialize_wide_environment
_set_app_type
_errno
_get_initial_wide_environment
_initterm
_initterm_e
exit
_exit
__p___argc
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_invalid_parameter_noinfo
_initialize_onexit_table
_register_onexit_function
_crt_atexit
abort
_configure_wide_argv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
__stdio_common_vswprintf
__stdio_common_vsscanf
__stdio_common_vsprintf
_set_fmode
__stdio_common_vsprintf_s
__p__commode

api-ms-win-crt-string-l1-1-0

wcsnlen
__strncnt
islower
towlower
strncmp
isspace
tolower
_wcsdup
isupper
strcpy_s
strcspn
_wcsicmp

ntdll

RtlUnwindEx
RtlLookupFunctionEntry
RtlFreeHeap
NtCreateSection
RtlPcToFileHeader
NtQuerySection
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW

combase

ord69

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameW
FreeLibrary
GetModuleHandleExW
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleExA

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
WaitForSingleObjectEx
SetEvent
CreateMutexExW
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
InitializeSRWLock
AcquireSRWLockExclusive
OpenSemaphoreW
CreateEventExW
AcquireSRWLockShared
WaitForSingleObject
InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseMutex
ReleaseSRWLockExclusive
CreateSemaphoreExW
TryAcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetProcessTimes
GetProcessId
OpenThreadToken
GetCurrentThread
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx
LCMapStringEx
GetCPInfo
GetThreadPreferredUILanguages

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsDuplicateString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolWork
CloseThreadpoolTimer
SubmitThreadpoolWork
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
RecordFeatureUsage
GetFeatureEnabledState
UnsubscribeFeatureStateChangeNotification

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
GetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW
SetRestrictedErrorInfo

api-ms-win-core-com-l1-1-0

CoMarshalInterface
CoTaskMemAlloc
CoResumeClassObjects
CoRegisterClassObject
CreateStreamOnHGlobal
CoCreateInstance
CoReleaseMarshalData
CoGetCallContext
CoGetObjectContext
CoCreateFreeThreadedMarshaler
CoDecrementMTAUsage
CoRevokeClassObject
CoImpersonateClient
CoGetInterfaceAndReleaseStream
CoTaskMemFree
CoAddRefServerProcess
CoReleaseServerProcess
CoWaitForMultipleHandles
CoInitializeSecurity
CoIncrementMTAUsage
CoRevertToSelf

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
InitOnceComplete
WakeConditionVariable
InitOnceExecuteOnce
InitializeConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoGetActivationFactory
RoRegisterActivationFactories
RoInitialize
RoUninitialize

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsAlloc
FlsGetValue
FlsSetValue

smartscreen

UriReputationFactory
GetEnforcementPolicy
SetEnforcementLevel
GetEnforcementLevel
RegisterEventLogger
FreeExperience
ResetLogger
SetAppReputationEnforcementLevel
GetAppControlEnforcementLevel
SetAppControlEnforcementLevel
CheckReputation
CheckFileReputation
ClearCache
GetAppReputationEnforcementLevel
ReportLaunch
CheckAppxPackageReputation
EventLogger

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_configthreadlocale
setlocale
localeconv
___lc_codepage_func
__pctype_func
___mb_cur_max_func
_lock_locales
___lc_locale_name_func
___lc_collate_cp_func

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
malloc
free
_realloc_base
_free_base
_malloc_base
_calloc_base
realloc
calloc

api-ms-win-crt-convert-l1-1-0

strtod
strtof

api-ms-win-crt-math-l1-1-0

ldexp
pow
powf
frexp
_dclass
ceilf

api-ms-win-crt-time-l1-1-0

_Strftime
_Wcsftime
_Getdays
_Getmonths
_W_Getdays
_Gettnames
_W_Gettnames
_W_Getmonths

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-file-l1-1-0

GetDriveTypeW
CreateFileW
GetLongPathNameW

api-ms-win-core-path-l1-1-0

PathAllocCanonicalize
PathAllocCombine
PathCchStripToRoot
PathCchIsRoot

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-rtcore-ntuser-window-l1-1-0

AllowSetForegroundWindow

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf
GetTokenInformation

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeW
CompareStringEx
MultiByteToWideChar

crypt32

CryptProtectData
CryptUnprotectData
CryptBinaryToStringW
CryptStringToBinaryW

oleaut32

SysFreeString

ws2_32

ntohs
htons

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

cJSON_AddArrayToObject
cJSON_AddBoolToObject
cJSON_AddFalseToObject
cJSON_AddItemReferenceToArray
cJSON_AddItemReferenceToObject
cJSON_AddItemToArray
cJSON_AddItemToObject
cJSON_AddItemToObjectCS
cJSON_AddNullToObject
cJSON_AddNumberToObject
cJSON_AddObjectToObject
cJSON_AddRawToObject
cJSON_AddStringToObject
cJSON_AddTrueToObject
cJSON_Compare
cJSON_CreateArray
cJSON_CreateArrayReference
cJSON_CreateBool
cJSON_CreateDoubleArray
cJSON_CreateFalse
cJSON_CreateFloatArray
cJSON_CreateIntArray
cJSON_CreateNull
cJSON_CreateNumber
cJSON_CreateObject
cJSON_CreateObjectReference
cJSON_CreateRaw
cJSON_CreateString
cJSON_CreateStringArray
cJSON_CreateStringReference
cJSON_CreateTrue
cJSON_Delete
cJSON_DeleteItemFromArray
cJSON_DeleteItemFromObject
cJSON_DeleteItemFromObjectCaseSensitive
cJSON_DetachItemFromArray
cJSON_DetachItemFromObject
cJSON_DetachItemFromObjectCaseSensitive
cJSON_DetachItemViaPointer
cJSON_Duplicate
cJSON_GetArrayItem
cJSON_GetArraySize
cJSON_GetErrorPtr
cJSON_GetNumberValue
cJSON_GetObjectItem
cJSON_GetObjectItemCaseSensitive
cJSON_GetStringValue
cJSON_HasObjectItem
cJSON_InitHooks
cJSON_InsertItemInArray
cJSON_IsArray
cJSON_IsBool
cJSON_IsFalse
cJSON_IsInvalid
cJSON_IsNull
cJSON_IsNumber
cJSON_IsObject
cJSON_IsRaw
cJSON_IsString
cJSON_IsTrue
cJSON_Minify
cJSON_Parse
cJSON_ParseWithLength
cJSON_ParseWithLengthOpts
cJSON_ParseWithOpts
cJSON_Print
cJSON_PrintBuffered
cJSON_PrintPreallocated
cJSON_PrintUnformatted
cJSON_ReplaceItemInArray
cJSON_ReplaceItemInObject
cJSON_ReplaceItemInObjectCaseSensitive
cJSON_ReplaceItemViaPointer
cJSON_SetNumberHelper
cJSON_SetValuestring
cJSON_Version
cJSON_free
cJSON_malloc

Sections

.text
Size: 452KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cdc8023c00d4717d8ca40319ece4551

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

ntdll

combase

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-featurestaging-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-fibers-l1-1-0

smartscreen

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-l1-1-0

crypt32

oleaut32

ws2_32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 452KB - Virtual size: 448KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 8KB - Virtual size: 12KB

.pdata Size: 28KB - Virtual size: 27KB

.didat Size: 4KB - Virtual size: 128B

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 452KB - Virtual size: 448KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 8KB - Virtual size: 12KB

.pdata
Size: 28KB - Virtual size: 27KB

.didat
Size: 4KB - Virtual size: 128B

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 5KB