explorer[.]exe

Resubmissions

23/08/2024, 13:21

240823-ql6evswdng 1

23/08/2024, 13:17

23/08/2024, 13:13

23/08/2024, 13:10

23/08/2024, 13:07

Sharing

Copy URL

Twitter E-mail

General

Target

explorer.exe
Size

5.5MB
MD5

b7579f1938eaa496668c8fe82277419c
SHA1

f2b5e530b453a69cf23f2166e48bcf5749a9429a
SHA256

b945673c4465044470b6a604241df28e4511d2befb5daf8e2bbbe657f750d0fc
SHA512

fd51de1c84e2200c3294783691bbcd13be20ec42961275995630eaf3643a029451fb009a18ef874e591a39634aadb9923b05948b11d1e0c650a9f964f934a841
SSDEEP

49152:mtsjJXZ119EUDGAQCHw5+CXz8qokOIBFurhcptwQn8kXRUTIo5kQD1D/xg1CvaCx:nJ83nAk+tS8D/vg60w8a0cD5r

Score

1^/10

Malware Config

Signatures

Files

explorer.exe
.exe windows:10 windows x64 arch:x64

c74562c2366bab3ddf060be66964c310

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:40:36:58:d5:c8:5e:7a:4c:f1:e2:a4:58:88:a7:ee:06:75:6f:f1:b8:69:96:b6:e2:ad:3e:16:b1:44:f2:63
Signer

Actual PE Digest

82:40:36:58:d5:c8:5e:7a:4c:f1:e2:a4:58:88:a7:ee:06:75:6f:f1:b8:69:96:b6:e2:ad:3e:16:b1:44:f2:63

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

explorer.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Thrd_detach
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Winerror_message@std@@YAKKPEADK@Z
?_Winerror_map@std@@YAHH@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Xbad_alloc@std@@YAXXZ
?tolower@?$ctype@G@std@@QEBAGG@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Wcscoll
_Wcsxfrm
?id@?$collate@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?width@ios_base@std@@QEAA_J_J@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
_Mtx_init_in_situ
_Xtime_get_ticks
_Mtx_destroy_in_situ
_Mtx_unlock
_Mtx_lock
?_Xlength_error@std@@YAXPEBD@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_set_error_mode

api-ms-win-crt-string-l1-1-0

_wcsrev
wcsncpy
wcscspn
strncmp
memset
wcscmp
wcsncmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-private-l1-1-0

_o_iswspace
_o_malloc
_o_memcpy_s
_o_pow
_o_realloc
_o_roundf
_o_sqrt
_o_terminate
_o_toupper
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
_o_wcstoll
__C_specific_handler
__CxxFrameHandler3
_o_iswalnum
_o__set_new_mode
_o__set_fmode
_o__set_errno
_o__set_app_type
_o__seh_filter_exe
_o__register_onexit_function
_o__recalloc
_o_free
_o__purecall
_o__mktime64
_o_floor
memmove
_o_exit
_o_ceil
_o_bsearch
_o__wtoi
_o__wcsnicmp
_o__wcsicmp
_o__localtime64
_o__itow_s
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
_o__get_errno
_o__exit
_o__errno
_o__difftime64
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o____lc_codepage_func
wcsstr
__std_terminate
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

aepic

PicFreeFileInfo
PicRetrieveFileInfo

twinapi

ord9

api-ms-win-core-job-l2-1-0

CreateJobObjectW
QueryInformationJobObject
AssignProcessToJobObject
SetInformationJobObject

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-core-url-l1-1-0

PathIsURLW
UrlUnescapeW
HashData

api-ms-win-core-kernel32-private-l1-1-0

CheckElevation
CheckElevationEnabled

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetUSValueW
SHRegGetBoolUSValueW

api-ms-win-core-com-private-l1-1-0

CoRegisterMessageFilter

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
ActivateActCtx
ReleaseActCtx
DeactivateActCtx

ntdll

RtlGetVersion
RtlInitString
wcsspn
RtlQueryResourcePolicy
NtOpenThreadToken
ZwQuerySystemInformation
RtlInitUnicodeString
RtlUpcaseUnicodeChar
ZwQueryDirectoryFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
ZwOpenFile
ZwEnumerateKey
RtlInitUnicodeStringEx
RtlFormatCurrentUserKeyPath
ZwCreateFile
ZwQueryInformationFile
ZwCreateSection
ZwQueryInformationProcess
ZwSetInformationProcess
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
NtClose
NtQueryInformationToken
NtOpenProcessToken
RtlCompareUnicodeString
RtlFreeHeap
RtlAllocateHeap
wcschr
RtlGetNativeSystemInformation
wcsrchr
strchr
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlPublishWnfStateData
NtSetSystemInformation
RtlFlushHeaps
NtQueryWnfStateData
ZwQueryValueKey
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlQueryWnfStateData
RtlNtStatusToDosError
RtlCaptureContext
ZwOpenKey
RtlGetDeviceFamilyInfoEnum
NtSetInformationProcess
NtQueryInformationProcess
ZwClose
RtlReAllocateHeap
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlRunOnceExecuteOnce
RtlCopyUnicodeString
RtlUpcaseUnicodeString
RtlIsStateSeparationEnabled
RtlDosPathNameToNtPathName_U_WithStatus
RtlNtStatusToDosErrorNoTeb
RtlFreeUnicodeString
NtSetThreadExecutionState
VerSetConditionMask
WinSqmSetDWORD
WinSqmIsOptedIn
WinSqmAddToStreamEx

api-ms-win-core-libraryloader-l1-2-0

FindStringOrdinal
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
LoadLibraryExW
LoadStringW
LoadResource
FindResourceExW
GetModuleFileNameA
SizeofResource
GetModuleHandleA
GetModuleHandleExW
FreeLibrary
LockResource

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce
Sleep

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
TryAcquireSRWLockExclusive
CreateMutexW
OpenEventW
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
TryEnterCriticalSection
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
CreateEventExW
SetEvent
CreateEventW
SleepEx
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
LeaveCriticalSection
WaitForMultipleObjectsEx
ReleaseSemaphore
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateSemaphoreExW
InitializeCriticalSection
InitializeSRWLock
OpenMutexW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetLastError
SetUnhandledExceptionFilter
SetErrorMode

api-ms-win-core-file-l1-1-0

DeleteFileW
GetFileAttributesExW
GetLongPathNameW
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesW
WriteFile
CompareFileTime
CreateFileW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventEnabled
EventRegister
EventSetInformation
EventWrite
EventActivityIdControl
EventProviderEnabled
EventUnregister

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCloseKey
RegOpenCurrentUser
RegNotifyChangeKeyValue
RegDeleteTreeW
RegEnumValueW
RegDeleteKeyExW
RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegSetKeySecurity
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegGetKeySecurity
RegQueryValueExW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolWaitCallbacks
SubmitThreadpoolWork
CreateThreadpoolWait
SetThreadpoolWait
SetThreadpoolTimer
CreateThreadpoolWork
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait
TrySubmitThreadpoolCallback

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetExitCodeProcess
ExitProcess
SetProcessShutdownParameters
CreateProcessW
ProcessIdToSessionId
QueueUserAPC
OpenProcessToken
GetCurrentThread
OpenThreadToken
TerminateProcess
GetThreadPriority
GetCurrentThreadId
CreateThread
OpenThread
GetCurrentProcessId
ResumeThread
SetPriorityClass
GetPriorityClass
SetThreadPriorityBoost
GetCurrentProcess
SetThreadPriority
GetProcessId

api-ms-win-core-localization-l1-2-0

GetCalendarInfoW
GetThreadUILanguage
GetLocaleInfoEx
GetLocaleInfoW
FormatMessageW
GetUserDefaultLocaleName
GetGeoInfoW
GetUserDefaultLangID

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

oleaut32

SafeArrayDestroy
SafeArrayCreate
VariantClear
VarUI4FromStr
VariantInit
SysAllocStringByteLen
SysAllocString
SysFreeString
SafeArrayUnaccessData
SysStringLen
SafeArrayAccessData

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-shcore-sysinfo-l1-1-0

SetCurrentProcessExplicitAppUserModelID
IsOS

api-ms-win-core-com-l1-1-0

PropVariantClear
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
IIDFromString
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoCancelCall
CoDisableCallCancellation
CoEnableCallCancellation
CoGetMalloc
CLSIDFromString
CoSetProxyBlanket
CoTaskMemAlloc
CoUninitialize
CoCreateGuid
CoTaskMemRealloc
StringFromIID
StringFromGUID2
CoRevokeClassObject
CreateStreamOnHGlobal
CoRegisterClassObject
CoGetObjectContext
CoInitializeSecurity
CoGetStdMarshalEx
CoWaitForMultipleHandles
CoGetApartmentType
CoIncrementMTAUsage
CoFreeUnusedLibraries
CoCreateFreeThreadedMarshaler
CoGetCallContext
CoTaskMemFree
CoCreateInstance

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpW
StrStrIW
StrCmpIW
QISearch
StrCmpICA
StrRChrW
StrChrIW
StrCmpNIW
StrCmpNICW
StrCmpICW
StrChrW
StrToIntW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW
CommandLineToArgvW

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_SetSite
IUnknown_GetSite
IUnknown_Set
IUnknown_QueryService

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalFree
LocalAlloc
GlobalFree
LocalReAlloc

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTime
GetLocalTime
GetSystemTimeAsFileTime
GetLogicalProcessorInformation
GetWindowsDirectoryW
GetSystemDirectoryW
GetTickCount
GetTickCount64

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetCommandLineW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathCombineW
PathRemoveFileSpecW
PathParseIconLocationW
PathCommonPrefixW
PathGetDriveNumberW
PathRemoveBlanksW
PathFindExtensionW
PathIsFileSpecW
PathQuoteSpacesW
SHExpandEnvironmentStringsW
PathGetArgsW
PathFileExistsW
PathFindFileNameW

api-ms-win-core-winrt-string-l1-1-0

WindowsPromoteStringBuffer
WindowsDeleteStringBuffer
WindowsSubstringWithSpecifiedLength
WindowsGetStringLen
WindowsCreateString
WindowsDuplicateString
WindowsPreallocateStringBuffer
WindowsCompareStringOrdinal
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize
RoActivateInstance

api-ms-win-shcore-registry-l1-1-0

SHGetValueW
SHQueryInfoKeyW
SHEnumKeyExW
SHSetValueW
SHDeleteKeyW
SHRegGetValueW
SHDeleteValueW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-shcore-thread-l1-1-0

SHCreateThread
SHCreateThreadRef
SHGetThreadRef
SHSetThreadRef
SetProcessReference

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiW

api-ms-win-security-base-l1-1-0

CopySid
GetTokenInformation
GetAclInformation
GetAce
DeleteAce
InitializeAcl
GetLengthSid
IsValidSid
MakeAbsoluteSD
CheckTokenMembership
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
EqualSid
CreateWellKnownSid
FreeSid
SetKernelObjectSecurity
DuplicateToken
AddAce

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceMessage
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-errorhandling-l1-1-1

RemoveVectoredExceptionHandler

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoOriginateError
RoTransformError
RoFailFastWithErrorContext

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchAppend
PathCchCombine
PathCchAddExtension
PathCchRemoveFileSpec

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation
SetThreadDescription

api-ms-win-core-memory-l1-1-0

VirtualProtect
UnmapViewOfFile
CreateFileMappingW
VirtualAlloc
OpenFileMappingW
MapViewOfFile
VirtualFree

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileEx
IStream_Reset
SHOpenRegStream2W
IStream_Read
SHCreateMemStream
IStream_Write
SHCreateStreamOnFileW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
UnregisterWaitEx
ChangeTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-sysinfo-l1-2-0

GetOsSafeBootMode
GetProductInfo

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

userenv

DeriveAppContainerSidFromAppContainerName
GetProfileType

api-ms-win-core-timezone-l1-1-0

GetDynamicTimeZoneInformation
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
GetSystemPowerStatus
GetComputerNameW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW
QueryServiceConfigW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
CreateIoCompletionPort

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

api-ms-win-shcore-registry-l1-1-1

SHRegGetValueFromHKCUHKLM

api-ms-win-shcore-scaling-l1-1-1

ord244
GetDpiForMonitor

iphlpapi

GetNetworkConnectivityHint

api-ms-win-core-toolhelp-l1-1-0

Process32FirstW
Process32NextW
CreateToolhelp32Snapshot

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-stringansi-l1-1-0

CharNextA

api-ms-win-power-base-l1-1-0

CallNtPowerInformation
PowerDeterminePlatformRoleEx
GetPwrCapabilities

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord165
ord292
SHIsChildOrSelf
ord478
ShellMessageBoxW
AssocQueryStringW
ord509
SHCreateWorkerWindowW
ord635
ord479
ord279
PathRemoveArgsW
IUnknown_GetWindow
ord544
SHPinDllOfCLSID
StrRetToStrW
ord481
StrRetToBufW
ord197

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
EnumDisplayMonitors
GetDisplayConfigBufferSizes
QueryDisplayConfig
EnumDisplayDevicesW
SystemParametersInfoW
GetMonitorInfoW

api-ms-win-ntuser-rectangle-l1-1-0

SetRect
InflateRect
IntersectRect
OffsetRect
SetRectEmpty
SubtractRect
CopyRect
PtInRect
EqualRect
IsRectEmpty
UnionRect

api-ms-win-rtcore-ntuser-winevent-l1-1-0

SetWinEventHook
UnhookWinEvent
NotifyWinEvent

api-ms-win-shell-namespace-l1-1-0

ILClone
ILFindLastID
ILCombine
ILFree
SHBindToParent
SHGetIDListFromObject
SHParseDisplayName
ILGetSize
ILIsParent
SHBindToFolderIDListParent
SHGetNameFromIDList
SHCreateItemFromIDList
ILRemoveLastID
SHBindToObject
SHCreateItemFromParsingName
ILCloneFirst
ILIsEqual

dxgi

DXGIDeclareAdapterRemovalSupport

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

GetCurrentInputMessageSource
GetPointerDevices
EnableMouseInPointer
GetPointerType
GetPointerInfo

api-ms-win-storage-exports-internal-l1-1-0

SHGetFolderPathEx
SHGetKnownFolderIDList
GetThreadFlags
SetThreadFlags

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFullName
GetPackagesByPackageFamily

api-ms-win-rtcore-ntuser-wmpointer-l1-1-2

SetWindowFeedbackSetting

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

RegisterClipboardFormatW

api-ms-win-rtcore-ntuser-private-l1-1-0

GetWindowBand
CreateWindowInBand

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

RegisterPowerSettingNotification
UnregisterPowerSettingNotification

propsys

PSCreateMemoryPropertyStore
PropVariantToBoolean
PSGetPropertyFromPropertyStorage
InitVariantFromResource
PSPropertyBag_WriteStr
PropVariantToUInt32
PSPropertyBag_WriteDWORD
PropVariantToStringAlloc
InitVariantFromGUIDAsString

coremessaging

CreateDispatcherQueueController

urlmon

URLOpenBlockingStreamW

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

api-ms-win-shell-dataobject-l1-1-0

SHCreateDataObject

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId
FindPackagesByPackageFamily

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

gdi32

StretchBlt
ExcludeClipRect
SetStretchBltMode
Rectangle
SelectClipRgn
GetClipRgn
GetOutlineTextMetricsW
GetCurrentObject
GetGlyphOutlineW
CreateRectRgnIndirect
GetTextExtentPoint32W
GetDeviceCaps
CreateRectRgn
SetRectRgn
OffsetRgn
CombineRgn
GetStockObject
DeleteObject
ExtTextOutW
GetObjectW
DeleteDC
CreateCompatibleDC
SelectObject
GetClipBox
CreateFontIndirectW
SetTextColor
SetTextAlign
GetTextMetricsW

kernel32

IsBadWritePtr

rpcrt4

RpcBindingFree
NdrClientCall3
RpcStringFreeW
RpcBindingSetAuthInfoExW
I_RpcExceptionFilter
RpcBindingFromStringBindingW
UuidFromStringW
RpcStringBindingComposeW

wininet

InternetCrackUrlW

shcore

ord192
ord1
ord210
ord174
ord109
ord121
ord123
ord190
ord187
ord162
ord183
ord213
ord126
SHUnicodeToAnsi
ord142
ord186
ord200
ord184

shell32

ord172
ord680
ord723
ord885
ord95
ord743
ord907
ord43
ord790
ord792
ord727
ord162
SHAppBarMessage
ord894
ord193
ord906
ord895
SHGetLocalizedName
SHGetPropertyStoreForWindow
ord764
ord866
SHEvaluateSystemCommandTemplate
ord181
ord244
ExtractIconExW
ShellExecuteW
ord132
ord137
Shell_NotifyIconW
Shell_NotifyIconGetRect
ord6
SHGetStockIconInfo
DuplicateIcon
ord91
ord254
ord54
SHEnableServiceObject
ord61
ord896
SHAddToRecentDocs
ord60
SHUpdateRecycleBinIcon
ord2
ord711
SHFileOperationW
ord4
SHGetPathFromIDListW
ord644
ord753
ord733
SHChangeNotifyRegisterThread
DragQueryFileW
ord67
SHCreateItemInKnownFolder
ord206
ord201
ord188
ord899
ShellExecuteExW
ord245
ord200
ord89
ord190
ord85
ord100
ord645
ord850
ord22
ord134
Shell_GetCachedImageIndexW

shlwapi

PathIsRelativeW
ord164
PathIsDirectoryW
ord413
ord548
ord163
ord467
AssocQueryKeyW
ChrCmpIW
AssocCreate

uxtheme

GetWindowTheme
IsAppThemed
IsCompositionActive
DrawThemeTextEx
GetThemeFont
ord86
DrawThemeBackground
DrawThemeParentBackground
GetThemeBackgroundExtent
GetThemeBool
OpenThemeData
OpenThemeDataForDpi
GetThemeMargins
ord138
CloseThemeData
BufferedPaintSetAlpha
ord126
GetThemePartSize
IsThemeActive
GetBufferedPaintBits
GetThemeInt
GetThemeColor
GetThemeMetric
SetWindowTheme
BufferedPaintInit
BufferedPaintUnInit
EndBufferedPaint
BeginBufferedPaint

dwmapi

ord141
ord139
DwmSetWindowAttribute
ord114
ord138
DwmRegisterThumbnail
ord140
DwmGetWindowAttribute
ord159
DwmQueryThumbnailSourceSize
ord113
DwmEnableBlurBehindWindow
ord124
DwmUpdateThumbnailProperties
DwmUnregisterThumbnail
DwmIsCompositionEnabled

user32

SetScrollInfo
GetScrollInfo
SetScrollPos
GetMenuStringW
InternalGetWindowText
GetLayeredWindowAttributes
SetLayeredWindowAttributes
DrawTextExW
IsProcessDPIAware
SetThreadDpiAwarenessContext
GetWindowCompositionAttribute
GetWindowProcessHandle
GetClassLongPtrW
UpdateLayeredWindow
LoadAcceleratorsW
MonitorFromRect
GetGuiResources
IsHungAppWindow
ord2574
IsWindowUnicode
SwitchToThisWindow
GetLastActivePopup
UnregisterHotKey
RegisterHotKey
SendDlgItemMessageW
EndDialog
ExitWindowsEx
GetKeyState
LoadIconW
HungWindowFromGhostWindow
CascadeWindows
TileWindows
LockWorkStation
InjectMouseInput
MapVirtualKeyExW
InjectKeyboardInput
GetCaretBlinkTime
GetSysColor
CopyImage
DestroyIcon
DrawIconEx
GetSystemMetricsForDpi
ord2005
IsTopLevelWindow
SetCapture
GetCapture
ReleaseCapture
GetDoubleClickTime
CalculatePopupWindowPosition
CopyIcon
GetMenuState
DefWindowProcA
EndTask
PostThreadMessageW
UnregisterClassA
ord2521
GetLastInputInfo
UnregisterClassW
ord2522
GetMenuInfo
SetMenuInfo
GetDpiForSystem
GetWindowDpiAwarenessContext
AreDpiAwarenessContextsEqual
CharLowerW
IsCharAlphaNumericW
AdjustWindowRect
GetCursorInfo
GetDpiForWindow
GetPhysicalCursorPos
GetClassLongW
GetClassWord
ord2573
GetIconInfo
GetIconInfoExW
GhostWindowFromHungWindow
GetSysColorBrush
GetSystemMenu
BringWindowToTop
InsertMenuW
ShowWindowAsync
ord2611
TranslateAcceleratorW
TrackMouseEvent
ModifyMenuW
GetAsyncKeyState
ReplyMessage
ChangeWindowMessageFilterEx
MonitorFromPoint
GetMenuItemInfoW
SetWindowCompositionAttribute
SetGestureConfig
GetMenuItemCount
LoadImageW
CreateIconIndirect
SetMenuItemInfoW
SetCursor
LoadCursorW
DestroyMenu
GetMenuDefaultItem
CreatePopupMenu
IsIconic
MonitorFromWindow
CheckMenuItem
EnableMenuItem
RemoveMenu
SetMenuDefaultItem
TrackPopupMenuEx
ReleaseDC
DeleteMenu
FillRect
DrawTextW
AdjustWindowRectEx
LoadMenuW
GetDC
GetSubMenu

sspicli

GetUserNameExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-1

PowerCreateRequest
VerifyVersionInfoW
PowerSetRequest

api-ms-win-security-isolatedcontainer-l1-1-1

IsProcessInWDAGContainer

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-kernel32-legacy-l1-1-2

SetTermsrvAppInstallMode

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StartTraceW
StopTraceW

api-ms-win-appmodel-runtime-l1-1-3

GetStagedPackagePathByFullName2

api-ms-win-core-biptcltapi-l1-1-7

BiPtEnumerateWorkItemsForPackageName
BiPtFreeMemory
BiPtAssociateApplicationEntryPoint
BiPtQueryWorkItem

api-ms-win-crt-math-l1-1-0

ceilf
floorf

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 766KB - Virtual size: 765KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

c74562c2366bab3ddf060be66964c310

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

82:40:36:58:d5:c8:5e:7a:4c:f1:e2:a4:58:88:a7:ee:06:75:6f:f1:b8:69:96:b6:e2:ad:3e:16:b1:44:f2:63Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-private-l1-1-0

aepic

twinapi

api-ms-win-core-job-l2-1-0

api-ms-win-core-windowserrorreporting-l1-1-3

api-ms-win-core-url-l1-1-0

api-ms-win-core-kernel32-private-l1-1-0

api-ms-win-core-registryuserspecific-l1-1-0

api-ms-win-core-com-private-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-shcore-sysinfo-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-l2-1-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-registry-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-shcore-unicodeansi-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

82:40:36:58:d5:c8:5e:7a:4c:f1:e2:a4:58:88:a7:ee:06:75:6f:f1:b8:69:96:b6:e2:ad:3e:16:b1:44:f2:63
Signer