CHXSmartScreen[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CHXSmartScreen.exe
Size

340KB
MD5

175b561ab02bec7bff22cf1f3f23a49e
SHA1

fc3b50b0e1b37cd835c21ffa54d7654cc0a18e01
SHA256

1b201e1feb7a3960476b2b729af19cb1ae018f2421cdc81aa32d8f41a6da1f35
SHA512

7aceec0560236b5643f6b2ab20a34790b1c8fef18576371e37b3fce28feafbb2c79bfc8c93c5d64f5145d18228073c1976f3a1038e709881124e0c4bf0436b71
SSDEEP

6144:Vx+kGlHVVzJLrejrQOHuNpXDbATf/parWarpcScl77:Vx+kGlHVVz5cJ88TfBarrNcZ

Score

1^/10

Malware Config

Signatures

Files

CHXSmartScreen.exe
.exe windows:10 windows x64 arch:x64

abe0efb92844b957d9564237d66f9ff0

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:a7:4b:77:99:9e:c2:d4:d5:01:8e:56:f4:4d:52:35:c0:78:34:d3:b2:2c:f0:50:bb:5f:8e:f2:b7:09:b5:cc
Signer

Actual PE Digest

a1:a7:4b:77:99:9e:c2:d4:d5:01:8e:56:f4:4d:52:35:c0:78:34:d3:b2:2c:f0:50:bb:5f:8e:f2:b7:09:b5:cc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CHXSmartScreen.pdb

Imports

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ResetEvent
DeleteCriticalSection
ReleaseSRWLockShared
WaitForSingleObjectEx
SetEvent
AcquireSRWLockShared
CreateEventExA
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection

api-ms-win-core-com-l1-1-0

CoGetApartmentType
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemFree
CoGetObjectContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-handle-l1-1-0

CloseHandle

wincorlib

?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?__abi_FailFast@@YAXXZ
?UninitializeData@Details@Platform@@YAXH@Z
?InitializeData@Details@Platform@@YAJH@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
??0ChangedStateException@Platform@@QE$AAA@XZ
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
??0OutOfBoundsException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@XZ
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
??0NotImplementedException@Platform@@QE$AAA@XZ
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
?ToString@Enum@Platform@@QE$AAAPE$AAVString@2@XZ
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
??0Delegate@Platform@@QE$AAA@XZ
??0DisconnectedException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@PE$AAVString@1@@Z
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@PE$AAV01@@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
??0Object@Platform@@QE$AAA@XZ
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?GetCmdArguments@Details@Platform@@YAPEAPEA_WPEAH@Z
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z

msvcrt

_commode
_fmode
_acmdln
__setusermatherr
__CxxFrameHandler4
_purecall
??3@YAXPEAX@Z
??0exception@@QEAA@AEBV0@@Z
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
sprintf_s
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
free
??_V@YAXPEAX@Z
localeconv
strcspn
??0exception@@QEAA@XZ
__ExceptionPtrDestroy
__ExceptionPtrCopy
__ExceptionPtrRethrow
__ExceptionPtrCurrentException
__ExceptionPtrCreate
?terminate@@YAXXZ
wcsrchr
_errno
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
??0exception@@QEAA@AEBQEBDH@Z
malloc
_callnewh
__uncaught_exception
setlocale
_lock
_unlock
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
_ismbblead
__pctype_func
calloc
abort
memset
_wcsdup
__crtLCMapStringW
_wsetlocale
wcslen
??1type_info@@UEAA@XZ
__dllonexit
__C_specific_handler
_onexit
_XcptFilter
_amsg_exit
_initterm
__getmainargs
__set_app_type
exit
_exit
_cexit
pow

api-ms-win-core-winrt-error-l1-1-0

RoFailFastWithErrorContext
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoReportUnhandledError

api-ms-win-core-winrt-string-l1-1-0

WindowsConcatString
WindowsCompareStringOrdinal
WindowsIsStringEmpty
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
VSDesignerDllMain

Sections

.text
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abe0efb92844b957d9564237d66f9ff0

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

a1:a7:4b:77:99:9e:c2:d4:d5:01:8e:56:f4:4d:52:35:c0:78:34:d3:b2:2c:f0:50:bb:5f:8e:f2:b7:09:b5:ccSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-handle-l1-1-0

wincorlib

msvcrt

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

Exports

Exports

Sections

.text Size: 223KB - Virtual size: 223KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 18KB - Virtual size: 20KB

.pdata Size: 13KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

a1:a7:4b:77:99:9e:c2:d4:d5:01:8e:56:f4:4d:52:35:c0:78:34:d3:b2:2c:f0:50:bb:5f:8e:f2:b7:09:b5:cc
Signer

.text
Size: 223KB - Virtual size: 223KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 18KB - Virtual size: 20KB

.pdata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB