smartscreen.pdb
Static task
static1
1 signatures
General
-
Target
smartscreen.exe
-
Size
2.3MB
-
MD5
3ddf30f0d32bbfd02c42555adb859869
-
SHA1
133fffa00c3714b303b18e638267e1ca94d05c5c
-
SHA256
c610d25c27ef737198727a010ed453161b9625b23a05c3226c59633795f2b409
-
SHA512
29ea339b3ac9bdf3355c418f8b7e765250560695cc70c4bb226574bd90b0a9d5be73e8652187470a5517c8da610473d91380a182e8d981d7fb0458fca6e6af78
-
SSDEEP
49152:jI1YVj023ovsVt68lafA6qQTX6K4108vYpCbT6GeJF4ta/E8r37UnxND:U1sX68wvr37eN
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource smartscreen.exe
Files
-
smartscreen.exe.exe windows:10 windows x64 arch:x64
3198144220bf18551fb10ac902b2bacf
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
api-ms-win-crt-runtime-l1-1-0
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
exit
_crt_atexit
_initterm_e
_cexit
_beginthreadex
_seh_filter_exe
__p___wargv
__p___argc
_set_app_type
abort
_configure_wide_argv
_initialize_wide_environment
terminate
_invalid_parameter_noinfo_noreturn
_get_initial_wide_environment
_errno
_exit
_initterm
_invalid_parameter_noinfo
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsnprintf_s
__stdio_common_vswprintf
fputc
fwrite
fseek
_wfsopen
_set_fmode
__p__commode
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
fgetc
ungetc
fclose
_get_stream_buffer_pointers
fflush
setvbuf
fsetpos
_fseeki64
fgetpos
fread
api-ms-win-crt-string-l1-1-0
towlower
strnlen
wcsnlen
strcpy_s
strcspn
isxdigit
iswspace
_stricmp
iswupper
iswlower
_wcsdup
_wcsicmp
iswascii
tolower
iswxdigit
iswdigit
toupper
wcscmp
isupper
islower
__strncnt
api-ms-win-crt-heap-l1-1-0
calloc
_malloc_base
_callnewh
malloc
realloc
_calloc_base
_free_base
free
_set_new_mode
ntdll
NtQuerySection
RtlGetVersion
NtCreateSection
RtlIpv6AddressToStringExW
RtlIpv4StringToAddressExW
RtlIpv4AddressToStringExW
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlGetDeviceFamilyInfoEnum
RtlFreeHeap
RtlIpv6StringToAddressExW
api-ms-win-core-fibers-l2-1-0
SwitchToFiber
ConvertThreadToFiber
DeleteFiber
ConvertFiberToThread
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleA
FreeLibrary
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
api-ms-win-core-synch-l1-1-0
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LeaveCriticalSection
CreateSemaphoreExW
WaitForSingleObject
WaitForSingleObjectEx
CreateMutexW
ReleaseSRWLockShared
AcquireSRWLockShared
EnterCriticalSection
CreateMutexExW
OpenSemaphoreW
InitializeSRWLock
CreateEventExW
ReleaseMutex
SetEvent
InitializeCriticalSectionAndSpinCount
ResetEvent
DeleteCriticalSection
TryAcquireSRWLockExclusive
ReleaseSemaphore
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
SetLastError
RaiseException
GetLastError
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken
GetProcessId
GetProcessTimes
GetCurrentProcess
GetCurrentThread
GetExitCodeThread
OpenThreadToken
api-ms-win-core-localization-l1-2-0
IdnToAscii
GetThreadPreferredUILanguages
SetThreadPreferredUILanguages
GetSystemPreferredUILanguages
GetUserPreferredUILanguages
LCMapStringEx
FormatMessageW
GetLocaleInfoEx
api-ms-win-core-debug-l1-1-0
DebugBreak
OutputDebugStringW
IsDebuggerPresent
api-ms-win-core-handle-l1-1-0
CloseHandle
DuplicateHandle
api-ms-win-core-fibers-l1-1-0
FlsAlloc
FlsSetValue
FlsFree
FlsGetValue
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister
EventProviderEnabled
api-ms-win-core-winrt-string-l1-1-0
WindowsDuplicateString
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
api-ms-win-core-com-l1-1-0
PropVariantClear
CoCreateInstance
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemAlloc
CoResumeClassObjects
CoRegisterClassObject
CoMarshalInterface
CoDecrementMTAUsage
CoRevokeClassObject
CoWaitForMultipleObjects
CoAddRefServerProcess
CoReleaseServerProcess
CoReleaseMarshalData
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoInitializeSecurity
CoIncrementMTAUsage
CoTaskMemFree
CoImpersonateClient
CoGetCallContext
CoRevertToSelf
CoCreateGuid
api-ms-win-core-synch-l1-2-0
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceExecuteOnce
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
api-ms-win-core-winrt-l1-1-0
RoActivateInstance
RoRegisterActivationFactories
RoRevokeActivationFactories
RoInitialize
RoUninitialize
RoGetActivationFactory
api-ms-win-core-winrt-error-l1-1-0
RoOriginateError
GetRestrictedErrorInfo
RoTransformError
RoOriginateErrorW
SetRestrictedErrorInfo
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
GetStringTypeW
CompareStringOrdinal
WideCharToMultiByte
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-2-0
GetSystemTimePreciseAsFileTime
api-ms-win-core-sysinfo-l1-1-0
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetSystemInfo
GetVersionExW
GetTickCount
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
combase
ord69
api-ms-win-crt-locale-l1-1-0
__pctype_func
_configthreadlocale
___lc_locale_name_func
setlocale
_lock_locales
_unlock_locales
___mb_cur_max_func
___lc_codepage_func
localeconv
api-ms-win-crt-convert-l1-1-0
wcstoll
wcstol
_itow_s
wcstoull
_i64toa_s
wcstod
_ui64tow_s
_i64tow_s
_ui64toa_s
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_lock_file
api-ms-win-crt-math-l1-1-0
ceilf
ceil
log2
frexp
api-ms-win-crt-utility-l1-1-0
rand_s
bcrypt
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptFinishHash
BCryptDestroyHash
BCryptGenRandom
BCryptCloseAlgorithmProvider
api-ms-win-core-shlwapi-legacy-l1-1-0
PathFileExistsW
PathFindFileNameW
api-ms-win-core-fibers-l2-1-1
CreateFiberEx
api-ms-win-core-threadpool-l1-2-0
SetThreadpoolTimer
CreateThreadpoolWork
CloseThreadpoolWork
SetThreadpoolThreadMaximum
CreateThreadpool
CloseThreadpool
SubmitThreadpoolWork
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWorkCallbacks
CreateThreadpoolTimer
api-ms-win-core-file-l1-1-0
GetFileAttributesW
FindFirstFileW
DeleteFileW
FindClose
FindNextFileW
SetEndOfFile
SetFilePointerEx
CreateFileW
GetFileSizeEx
GetLongPathNameW
GetFinalPathNameByHandleW
GetDriveTypeW
api-ms-win-core-fibers-l1-1-1
IsThreadAFiber
crypt32
CryptStringToBinaryW
CryptBinaryToStringW
CryptFindOIDInfo
CryptMsgGetParam
CryptProtectData
CryptUnprotectData
CertGetNameStringW
CertGetCertificateContextProperty
CertFreeCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertVerifyCertificateChainPolicy
api-ms-win-core-com-l1-1-1
RoGetAgileReference
api-ms-win-core-processthreads-l1-1-1
GetProcessMitigationPolicy
OpenProcess
api-ms-win-security-base-l1-1-0
ImpersonateLoggedOnUser
GetTokenInformation
GetLengthSid
RevertToSelf
CopySid
api-ms-win-eventing-classicprovider-l1-1-0
TraceMessage
api-ms-win-core-path-l1-1-0
PathCchStripToRoot
PathAllocCombine
PathCchRemoveFileSpec
PathCchFindExtension
PathAllocCanonicalize
PathCchIsRoot
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-core-psapi-l1-1-0
QueryFullProcessImageNameW
ws2_32
htons
ntohs
api-ms-win-core-registry-l1-1-0
RegOpenCurrentUser
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegCloseKey
api-ms-win-core-registry-l1-1-1
RegSetKeyValueW
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-version-l1-1-1
GetFileVersionInfoW
GetFileVersionInfoSizeW
api-ms-win-core-version-l1-1-0
VerQueryValueW
api-ms-win-core-memory-l1-1-0
CreateFileMappingW
UnmapViewOfFile
OpenFileMappingW
MapViewOfFile
api-ms-win-security-lsalookup-l2-1-0
LookupAccountSidW
api-ms-win-security-sddl-l1-1-0
ConvertSidToStringSidW
api-ms-win-core-libraryloader-l1-2-1
FindResourceW
api-ms-win-core-winrt-robuffer-l1-1-0
RoGetBufferMarshaler
api-ms-win-core-featurestaging-l1-1-0
UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage
GetFeatureEnabledState
SubscribeFeatureStateChangeNotification
api-ms-win-shell-shdirectory-l1-1-0
ord290
api-ms-win-shcore-taskpool-l1-1-0
SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask
api-ms-win-rtcore-ntuser-window-l1-1-0
AllowSetForegroundWindow
api-ms-win-shcore-stream-winrt-l1-1-0
CreateStreamOverRandomAccessStream
api-ms-win-core-url-l1-1-0
PathIsURLW
urlmon
CoInternetCreateSecurityManager
api-ms-win-appmodel-runtime-l1-1-0
GetPackagesByPackageFamily
GetPackageFullName
wintrust
WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTGetSignatureInfo
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 245KB - Virtual size: 245KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 778KB - Virtual size: 785KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 51KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 200B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ