5ca30caded82178eb25be7fa9394d112cfcac383fd0f34acee168f63a0e6c208

Sharing

Copy URL Twitter E-mail

General

Target

5ca30caded82178eb25be7fa9394d112cfcac383fd0f34acee168f63a0e6c208
Size

238KB
MD5

873d3bcf1916564f63345b56dbb9bc42
SHA1

4b6277e83c50d2478ec9987e85100e458e8bcf00
SHA256

5ca30caded82178eb25be7fa9394d112cfcac383fd0f34acee168f63a0e6c208
SHA512

7352eb1539269ff1a8dad851688d81d6065213901350a51e9f646010257eacca21dbe4ea20798f9dae4474aee7e101d41eb56e1e0d4dd5848fa678cfc54c3f17
SSDEEP

3072:1qcMoojSlXgFekCJIwy/y0pb6kMNa4zj7Y99ox3+C+TS9eEXB9aesBlknjkoUp1:1ZojSlXcXCC360tTMgS+qGlkn4oy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ca30caded82178eb25be7fa9394d112cfcac383fd0f34acee168f63a0e6c208

Files

5ca30caded82178eb25be7fa9394d112cfcac383fd0f34acee168f63a0e6c208
.dll regsvr32 windows:6 windows x64 arch:x64

9edb1f24b2cab24678beec845119ee20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\ExplorerPatcher\ExplorerPatcher\build\Release\ep_weather_host.pdb

Imports

webview2loader

CreateCoreWebView2EnvironmentWithOptions

kernel32

LocalAlloc
OpenEventW
ReleaseMutex
FreeResource
CreateEventW
Sleep
SetEvent
LockResource
CloseHandle
LoadLibraryW
CreateThread
LoadResource
FindResourceW
GetLocalTime
GetProcAddress
LocalFree
GetModuleHandleW
FreeLibrary
AllocConsole
MulDiv
GetStringTypeW
SetFilePointerEx
GetFileSizeEx
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
WaitForSingleObject
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
HeapFree
HeapAlloc
CreateMutexW
CompareStringOrdinal
GetCurrentProcess
TerminateProcess
SetLastError
SizeofResource
CreateDirectoryW
DisableThreadLibraryCalls
GetLastError
GetModuleFileNameW
WriteConsoleW
WideCharToMultiByte
GetModuleHandleExW
SetStdHandle
SetEndOfFile
ReadConsoleW
ReadFile
HeapReAlloc
HeapSize
ExitProcess
CreateFileW
RtlPcToFileHeader
RaiseException
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
EncodePointer
LoadLibraryExW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

user32

EndPaint
BeginPaint
GetWindowLongW
DefWindowProcW
PostMessageW
SetProcessDpiAwarenessContext
DestroyWindow
IsWindowVisible
SetWindowPos
MessageBoxW
GetDpiForWindow
AdjustWindowRectExForDpi
SetWindowLongPtrW
CreateWindowExW
SendMessageW
MsgWaitForMultipleObjects
GetWindowLongPtrW
ShowWindow
DispatchMessageW
SetTimer
PeekMessageW
RegisterClassW
GetForegroundWindow
SetPropW
TranslateMessage
FindWindowW
LoadCursorW
SetWindowLongW
GetClientRect
SetRect
KillTimer
PostQuitMessage
SystemParametersInfoW
InvalidateRect
GetAncestor

gdi32

SetBkColor
ExtTextOutW
GetStockObject

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegDeleteTreeW
RegSetValueExW
RegOpenKeyW
RegNotifyChangeKeyValue

shell32

SHGetFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoInitializeEx
CoTaskMemFree

version

VerQueryValueW

shlwapi

ord16

dwmapi

DwmSetWindowAttribute
DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea

uxtheme

IsThemeActive

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9edb1f24b2cab24678beec845119ee20

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

webview2loader

kernel32

user32

gdi32

advapi32

shell32

ole32

version

shlwapi

dwmapi

uxtheme

Exports

Exports

Sections

.text Size: 123KB - Virtual size: 122KB

.rdata Size: 100KB - Virtual size: 100KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 7KB - Virtual size: 6KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 123KB - Virtual size: 122KB

.rdata
Size: 100KB - Virtual size: 100KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 7KB - Virtual size: 6KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB