HelpPane[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

HelpPane.exe
Size

1.0MB
MD5

4a9573a9d2a84c6efaf72c2a5d1c8c62
SHA1

610ea7d1dd25b47827d8207f66edc1f3c1a7563c
SHA256

6cc65ef8efd9b6fdea33278c9380b8cac2ec84d4291cc2de8fcebb5af0fda31f
SHA512

f59e127dd389970f2d4b39c92e11ccbb4628b9c854aa93dd4e8ced6820e87ac91d7ade07d3a2d1ea3cb01af98c75dcd97aead6ff66c5eb3b09dcc326f648a59f
SSDEEP

24576:4cwT4hChro4yaheh72Ht0RP8PsscUnLY:nwT4hChro6ehWeRuuOLY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HelpPane.exe

Files

HelpPane.exe
.exe windows:10 windows x64 arch:x64

25bd8cfe71808f06ece80231211e68cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

helppane.pdb

Imports

advapi32

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
UnregisterTraceGuids
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegGetValueW
EqualSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
GetSidLengthRequired
InitializeSid
IsValidSid
GetSidSubAuthority
GetLengthSid
CopySid
SetEntriesInAclW

kernel32

LocalFree
CloseHandle
GetLastError
WaitForSingleObject
SetEvent
GetQueuedCompletionStatus
ResetEvent
PostQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
CreateEventW
ProcessIdToSessionId
GetCurrentProcessId
GetExitCodeThread
TerminateThread
LoadLibraryExW
lstrcmpiW
CreateMutexW
GetSystemDirectoryW
SetCurrentDirectoryW
HeapSetInformation
ReleaseMutex
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
IsDebuggerPresent
FormatMessageW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
LockResource
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
InitializeCriticalSectionEx
OpenSemaphoreW
CreateThreadpoolTimer
GetFileAttributesW
InitOnceComplete
InitOnceBeginInitialize
GetPackagesByPackageFamily
GetCurrentThread
CompareStringW
CreateMutexExW
CreateSemaphoreExW
CreateThread
ResumeThread
MulDiv
WaitForMultipleObjects
GetCurrentProcess
LocalAlloc
GlobalFree
GlobalAlloc
GetVersionExW
MultiByteToWideChar
LoadLibraryW
FreeLibrary
RaiseException
GetCurrentThreadId
SetLastError
GetModuleFileNameW
InitializeCriticalSection
ExpandEnvironmentStringsW
FindResourceExW
OutputDebugStringW
GetProcAddress
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LoadResource
DelayLoadFailureHook
ResolveDelayLoadedAPI
SizeofResource
ReleaseSemaphore

gdi32

GetTextExtentPoint32W
SelectObject
GetDeviceCaps
GetStockObject
CreateFontIndirectW
GetObjectW
SetTextColor
SetBkMode
DeleteObject

user32

IsIconic
GetWindowPlacement
MonitorFromRect
GetMonitorInfoW
GetWindowRect
MonitorFromPoint
GetProcessDefaultLayout
GetDC
ReleaseDC
ShowWindow
GetDlgItem
CheckDlgButton
IsDlgButtonChecked
EnableWindow
EndDialog
BringWindowToTop
SetDlgItemTextW
GetDlgItemTextW
UnregisterClassA
SetCursor
LockWindowUpdate
PostQuitMessage
LoadCursorW
SystemParametersInfoW
DestroyIcon
GetSystemMetrics
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
CharNextW
PostMessageW
KillTimer
SetTimer
MessageBoxW
SetActiveWindow
GetKeyState
SetWindowTextW
DestroyMenu
DialogBoxParamW
TrackPopupMenuEx
ClientToScreen
EnableMenuItem
CheckMenuRadioItem
InvalidateRect
GetParent
LoadMenuW
GetSubMenu
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
RegisterClassExW
GetClassInfoExW
DefWindowProcW
CreateWindowExW
SetFocus
IsWindowVisible
IsWindowEnabled
MoveWindow
AdjustWindowRectEx
GetMenu
GetWindowLongW
SetWindowPos
GetSysColorBrush
GetSysColor
IsZoomed
GetClientRect
SendMessageW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

wcscmp
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__cexit
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o__wtoi
_o_abort
_o_calloc
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wmemcpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
wcschr
wcsstr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memcmp
memcpy
memmove

comctl32

ord344
ord380
ImageList_LoadImageW
InitCommonControlsEx
ord345
ImageList_Destroy

ole32

CoUninitialize
CoTaskMemAlloc
CoGetMalloc
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
OleInitialize
CoInitializeSecurity
PropVariantClear
CoResumeClassObjects
CoRevokeClassObject
OleUninitialize
CoImpersonateClient
CoCreateInstance
CoRevertToSelf
CoRegisterClassObject

oleaut32

DispCallFunc
LoadTypeLi
LoadRegTypeLi
SysAllocStringLen
VariantInit
VariantClear
SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
LoadTypeLibEx
VarBstrCat
SetErrorInfo
GetErrorInfo
VariantCopy

shell32

ShellExecuteW
SHGetPropertyStoreForWindow

shlwapi

ord2
SHStrDupW
SHRegGetValueW
ord176
SHGetValueW
UrlUnescapeW
UrlEscapeW

ntdll

NtQueryInformationToken
NtOpenProcessToken
NtOpenThreadToken
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtClose

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapDestroy
HeapSize

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
FlushInstructionCache
GetProcessMitigationPolicy

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
OpenEventW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-security-base-l1-1-0

FreeSid
SetSecurityDescriptorDacl
AllocateAndInitializeSid
InitializeSecurityDescriptor

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-localization-l1-2-0

GetUserPreferredUILanguages

Sections

.text
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 524KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25bd8cfe71808f06ece80231211e68cb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

comctl32

ole32

oleaut32

shell32

shlwapi

ntdll

api-ms-win-core-path-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-localization-l1-2-0

Sections

.text Size: 376KB - Virtual size: 375KB

.rdata Size: 120KB - Virtual size: 118KB

.data Size: 16KB - Virtual size: 19KB

.pdata Size: 16KB - Virtual size: 15KB

.didat Size: 4KB - Virtual size: 112B

.rsrc Size: 524KB - Virtual size: 523KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 376KB - Virtual size: 375KB

.rdata
Size: 120KB - Virtual size: 118KB

.data
Size: 16KB - Virtual size: 19KB

.pdata
Size: 16KB - Virtual size: 15KB

.didat
Size: 4KB - Virtual size: 112B

.rsrc
Size: 524KB - Virtual size: 523KB

.reloc
Size: 4KB - Virtual size: 2KB