f0d8fa3db3127abcded89abbf13f8d3c0071169618a0340570aa9b389034f176

Sharing

Copy URL

Twitter E-mail

General

Target

f0d8fa3db3127abcded89abbf13f8d3c0071169618a0340570aa9b389034f176
Size

700KB
MD5

a3f150cec06c4434460ef680417af1ac
SHA1

a32958417d97509be368cc48bab8d9a1c8a9050d
SHA256

f0d8fa3db3127abcded89abbf13f8d3c0071169618a0340570aa9b389034f176
SHA512

b7354b772dbc6c137d35aca2e9094e013d05a624a1a71f4b169edfb07e4212369ef9fd78f23d996ec2c2b3a1e4a4fd158b5e60e347a9ccba35e07cba97e64c80
SSDEEP

12288:PpatAdcuir6DuAstdFwBgHaaRRZbv4XqTC6Ri3JRFrt6rd6F1tuuuuuuYGpK7bA+:Bat2cuir6K7tdFJlbv2qTD0bFrBFbuuD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0d8fa3db3127abcded89abbf13f8d3c0071169618a0340570aa9b389034f176

Files

f0d8fa3db3127abcded89abbf13f8d3c0071169618a0340570aa9b389034f176
.dll regsvr32 windows:6 windows x64 arch:x64

cde58fce40f87c23200e157b080e8947

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\ExplorerPatcher\ExplorerPatcher\build\Release\x64\ExplorerPatcher.amd64.pdb

Imports

kernel32

OpenMutexW
AllocConsole
lstrcmpW
VirtualQuery
LoadLibraryExW
HeapFree
FormatMessageW
OutputDebugStringW
HeapAlloc
GetProcessHeap
DebugBreak
IsDebuggerPresent
GetLocaleInfoW
GetUserPreferredUILanguages
SetThreadPreferredUILanguages
DuplicateHandle
QueueUserAPC
WaitForMultipleObjects
CreateSemaphoreExW
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
RaiseException
CreateMutexExW
ReadFile
LocalAlloc
CreateFileW
GetFileSize
GetSystemDirectoryA
GetWindowsDirectoryA
CreateDirectoryA
GetThreadUILanguage
FreeResource
MultiByteToWideChar
DeleteFileW
SwitchToThread
GetExitCodeProcess
GetFileSizeEx
K32GetProcessImageFileNameW
K32EnumProcesses
GetProcessTimes
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TrySubmitThreadpoolCallback
RtlUnwind
WriteConsoleW
MapViewOfFile
GetStringTypeW
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
SetEndOfFile
SetStdHandle
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
SetFilePointerEx
HeapReAlloc
GetStdHandle
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
RtlPcToFileHeader
GetModuleHandleExA
FlushInstructionCache
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateFileMappingW
QueryFullProcessImageNameW
lstrcpyW
GetThreadId
GetWindowsDirectoryW
GetCurrentDirectoryW
FindResourceW
LoadResource
K32GetModuleInformation
GetSystemInfo
FreeConsole
Process32FirstW
DeleteFileA
LockResource
DisableThreadLibraryCalls
CreateFileA
Process32NextW
GetTickCount64
CreateToolhelp32Snapshot
GetModuleHandleA
UnmapViewOfFile
IsBadCodePtr
FreeLibraryAndExitThread
FindClose
CreateMutexW
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
TerminateProcess
VirtualAlloc
GetModuleHandleExW
GetCurrentProcess
VirtualFree
EnterCriticalSection
SetLastError
VirtualProtect
FindFirstFileA
FindFirstFileW
TryEnterCriticalSection
SizeofResource
CreateDirectoryW
CreateProcessW
MulDiv
GetTickCount
QueryPerformanceCounter
ResetEvent
CreateThread
QueryPerformanceFrequency
SetEvent
Sleep
GetCurrentThreadId
WaitForSingleObject
CompareStringOrdinal
CreateWaitableTimerW
SetWaitableTimer
lstrcmpiW
GetSystemTimeAsFileTime
CompareFileTime
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleFileNameA
GetLastError
CreateEventW
GetModuleHandleW
GetSystemDirectoryW
K32GetModuleFileNameExW
FormatMessageA
GetCurrentProcessId
LocalFree
CloseHandle
GetCurrentThread
OpenProcess
RtlCaptureContext
HeapSize

user32

CreatePopupMenu
TrackPopupMenu
RegisterClassW
DestroyMenu
InsertMenuW
wsprintfW
MonitorFromWindow
GetMonitorInfoW
DefWindowProcW
GetMessageW
SetCursorPos
GetAncestor
GetDpiForSystem
PtInRect
CascadeWindows
GetParent
SystemParametersInfoForDpi
PostThreadMessageW
TrackPopupMenuEx
GetSystemMetricsForDpi
SetWindowLongW
SetWindowsHookExW
EnumThreadWindows
SetPropW
SendNotifyMessageW
UnhookWindowsHookEx
GetSysColor
GetDoubleClickTime
GetMenuItemInfoW
SendMessageCallbackW
KillTimer
DrawIconEx
IsHungAppWindow
DestroyIcon
SetTimer
DrawIcon
GetWindowLongPtrW
GetDpiForWindow
MoveWindow
SendMessageW
RemoveMenu
CopyIcon
GetPropW
CharLowerW
GetWindowThreadProcessId
GetMenuItemCount
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
GetWindowTextW
RegisterWindowMessageW
SystemParametersInfoW
GetDesktopWindow
DrawTextW
FindWindowW
IsRectEmpty
EnumWindows
IsWindow
LoadStringW
GetShellWindow
IsWindowVisible
SendMessageTimeoutW
GetWindowRect
FindWindowExW
GetWindow
GetClassWord
GetLastActivePopup
GetWindowLongW
EndPaint
BeginPaint
MapWindowPoints
WindowFromDC
EnumPropsA
SetMenuItemInfoW
ClientToScreen
InSendMessage
GetSubMenu
TileWindows
WindowFromPoint
GetSystemMetrics
RemovePropW
CallNextHookEx
DeleteMenu
ModifyMenuW
GetCursorPos
ReleaseDC
InvalidateRect
SetForegroundWindow
UnhookWinEvent
SetWinEventHook
PostQuitMessage
SetRect
UpdateLayeredWindow
GetClientRect
GetClassNameW
LoadCursorW
GetForegroundWindow
RegisterHotKey
LoadKeyboardLayoutW
SwitchToThisWindow
MapVirtualKeyExW
RedrawWindow
GetAsyncKeyState
ShowWindow
GetThreadDesktop
SetThreadDesktop
UnregisterHotKey
GetKeyState
RegisterShellHookWindow
EndTask
PostMessageW
MapVirtualKeyW
MonitorFromPoint
DestroyWindow
GetDC
SetWindowPos
SetWindowLongPtrW
EnumDisplayMonitors
CreateWindowExW
UnregisterClassW
SetWindowTextW
NotifyWinEvent
RegisterClassExW
SetWindowRgn
MonitorFromRect
MessageBoxW
InsertMenuItemW
SetProcessDpiAwarenessContext
GetMessagePos
TranslateMessage
LoadMenuW
GetIconInfo

gdi32

GetBkColor
GetTextColor
GetStockObject
CreateFontIndirectW
GdiAlphaBlend
CreateSolidBrush
CreateDIBSection
SetTextColor
SetBkMode
SetBkColor
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
StretchDIBits
GetDIBits
DeleteDC
GetObjectW
DeleteObject

advapi32

RegDeleteValueW
CryptAcquireContextW
SetEntriesInAclW
RegQueryValueW
CopySid
CryptCreateHash
CryptHashData
CryptDestroyHash
InitializeSecurityDescriptor
GetLengthSid
CryptGetHashParam
CryptReleaseContext
OpenProcessToken
ConvertSidToStringSidW
GetTokenInformation
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegGetValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyW
CheckTokenMembership
RegCopyTreeW
FreeSid
RegSetValueExW
RegDeleteTreeW
RegCreateKeyExW
RegDeleteKeyValueW
AllocateAndInitializeSid
RegDeleteKeyExW
RegSetKeyValueW
RegSetValueExA
SetSecurityDescriptorDacl

shell32

SHGetFileInfoW
ExtractIconW
SHGetPropertyStoreForWindow
SHCreateItemFromParsingName
ord85
SHChangeNotify
ShellExecuteW
ord526
SHAppBarMessage
SHGetFolderPathW
SHBindToObject
ShellExecuteExW
SHGetFolderPathA
ord680
SHBindToParent
SHParseDisplayName
SHCreateItemInKnownFolder

ole32

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize

oleaut32

GetErrorInfo
VariantClear
SysStringLen
SetErrorInfo
SysFreeString
SysAllocString
VariantInit

dbghelp

ImageDirectoryEntryToDataEx
SymGetOptions
SymLoadModuleEx
SymGetSymFromAddr64
SymGetModuleInfo64
SymGetLineFromAddr64
SymUnloadModule64
SymInitialize
SymCleanup
SymEnumSymbols
SymGetModuleBase64
SymFunctionTableAccess64
SymInitializeW
SymGetLineFromAddrW64
StackWalk64
SymSetOptions

uxtheme

DrawThemeTextEx
BufferedPaintInit
OpenThemeData
BufferedPaintUnInit
DrawThemeBackground
BeginBufferedPaint
SetWindowThemeAttribute
GetThemeMetric
OpenThemeDataForDpi
IsThemeActive
EndBufferedPaint
CloseThemeData
GetThemeMargins

shlwapi

ord16
PathRemoveExtensionW
PathUnquoteSpacesW
PathStripPathW
ord487
StrFormatByteSizeW
PathFileExistsW
ord219
ord437
PathRemoveFileSpecA
ord176
SHGetValueW

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateString
WindowsDuplicateString
WindowsCompareStringOrdinal
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

dwmapi

DwmUpdateThumbnailProperties
DwmIsCompositionEnabled
DwmGetWindowAttribute
DwmExtendFrameIntoClientArea
DwmRegisterThumbnail
DwmQueryThumbnailSourceSize
DwmUnregisterThumbnail
DwmSetWindowAttribute

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy
ImageList_GetIcon
ord334
ord339
ord336
ord335
ord338
ord329
ord386
ord328
ord413
ord410
ord412

gdiplus

GdipBitmapLockBits
GdipCreateFromHDC
GdipDeleteGraphics
GdiplusShutdown
GdipGetImageHeight
GdipBitmapUnlockBits
GdipDrawImageRectI
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipCreateBitmapFromHICON
GdiplusStartup

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

psapi

GetMappedFileNameA

propsys

VariantToBuffer

wininet

HttpOpenRequestA
InternetOpenA
InternetOpenUrlA
InternetOpenUrlW
HttpQueryInfoA
InternetReadFile
InternetConnectA
HttpSendRequestA
InternetCloseHandle

version

VerQueryValueW

userenv

DeriveAppContainerSidFromAppContainerName

rstrtmgr

RmRegisterResources
RmGetList
RmStartSession
RmShutdown
RmEndSession
RmRestart

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind

oleacc

AccessibleObjectFromWindow
AccessibleChildren

Exports

Exports

ApplyCompatResolutionQuirking
CompatString
CompatValue
CreateDXGIFactory
CreateDXGIFactory1
CreateDXGIFactory2
DXGID3D10CreateDevice
DXGID3D10CreateLayeredDevice
DXGID3D10GetLayeredDeviceSize
DXGID3D10RegisterLayers
DXGIDeclareAdapterRemovalSupport
DXGIDumpJournal
DXGIGetDebugInterface1
DXGIReportAdapterConfiguration
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FindTaskbarLayoutTokenByHMONITOR
PIXBeginCapture
PIXEndCapture
PIXGetCaptureState
SetAppCompatStringPointer
UpdateHMDEmulationStatus
ZZGUI
ZZLaunchExplorer
ZZLaunchExplorerDelayed
ZZRestartExplorer
explorer_CoCreateInstanceHook
sws_WindowSwitcher_Clear
sws_WindowSwitcher_Initialize
sws_WindowSwitcher_RunMessageQueue

Sections

.text
Size: 431KB - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cde58fce40f87c23200e157b080e8947

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dbghelp

uxtheme

shlwapi

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

dwmapi

comctl32

gdiplus

api-ms-win-shcore-scaling-l1-1-1

psapi

propsys

wininet

version

userenv

rstrtmgr

ntdll

oleacc

Exports

Exports

Sections

.text Size: 431KB - Virtual size: 431KB

.rdata Size: 176KB - Virtual size: 176KB

.data Size: 56KB - Virtual size: 64KB

.pdata Size: 18KB - Virtual size: 18KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 431KB - Virtual size: 431KB

.rdata
Size: 176KB - Virtual size: 176KB

.data
Size: 56KB - Virtual size: 64KB

.pdata
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 3KB - Virtual size: 3KB