Procmon64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Procmon64.exe
Size

2.0MB
MD5

223b222ce387a7f446d49a1ee9b572bb
SHA1

8ed888a02861142e5eb576385568c2ba0ddd8589
SHA256

3e15995894f38b2eead95f7ff714585471f34f3af3d8f50a7f83344781502468
SHA512

037b4787af5fb129a3b1e0ac9565e59d5a55ef26ccf93bc9adf685c08422071ee0d0eb4667cd2ce0d725c7dea0209c1d7d48baf58cd18dfb58de35bf7feef1a2
SSDEEP

49152:LNvhM6qHJfTJb5lmzSzko22LGywmtG6tlp0NjCw6IxKX:ElmzSzko2zjCf9

Score

1^/10

Malware Config

Signatures

Files

Procmon64.exe
.exe windows:6 windows x64 arch:x64

bdafb39cfee2e23fe0c8ae87ef4f1ea1

Code Sign

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:09

Not After

14/11/2024, 19:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:fb:8d:ae:04:e3:1f:d8:30:cc:60:24:3e:fc:ca:56:63:00:94:98:9d:c7:00:2f:19:31:fa:56:db:30:2f:3e
Signer

Actual PE Digest

ad:fb:8d:ae:04:e3:1f:d8:30:cc:60:24:3e:fc:ca:56:63:00:94:98:9d:c7:00:2f:19:31:fa:56:db:30:2f:3e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\__w\1\s\exe\x64\Release\Procmon64.pdb

Imports

ws2_32

recv
listen
getsockname
send
socket
connect
WSAGetLastError
ntohs
WSAStartup
htonl
inet_addr
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
closesocket
htons
bind
accept
gethostbyname
WSASetLastError

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_AddMasked
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_GetImageCount
ImageList_DrawIndirect
CreateStatusWindowW
ImageList_SetOverlayImage
InitCommonControlsEx
ImageList_Add
ImageList_Draw
ImageList_GetIcon
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Destroy
ImageList_Create

fltlib

FilterSendMessage
FilterConnectCommunicationPort
FilterGetMessage
FilterReplyMessage

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeSRWLock
GetSystemInfo
VerSetConditionMask
RaiseException
GetCurrentThreadId
VerifyVersionInfoW
GlobalAddAtomW
EnumResourceNamesW
SetCurrentDirectoryW
CreateProcessW
OpenProcess
CompareStringW
GetLocaleInfoW
VirtualQuery
lstrcmpW
lstrcmpiW
MultiByteToWideChar
GetFileSize
SetEndOfFile
SetFilePointer
TryEnterCriticalSection
VirtualAlloc
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FileTimeToLocalFileTime
LocalFileTimeToFileTime
ReadFile
FormatMessageW
FileTimeToSystemTime
SystemTimeToFileTime
GetDateFormatW
GetTimeFormatW
GetNumberFormatW
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSRWLockExclusive
SetEvent
ResetEvent
ReleaseSemaphore
CreateEventW
WaitForMultipleObjects
CreateSemaphoreW
ExitProcess
SetThreadPriority
GetComputerNameA
GetFileAttributesExW
DecodePointer
GetCurrentProcessId
SetProcessShutdownParameters
VirtualFree
GetComputerNameW
SetConsoleCtrlHandler
OpenThread
GetThreadContext
GetSystemDirectoryA
TrySubmitThreadpoolCallback
LoadLibraryA
FindClose
FindFirstFileW
FindNextFileW
GetEnvironmentVariableW
SetEnvironmentVariableW
IsWow64Process
InterlockedPopEntrySList
EncodePointer
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
GetStringTypeW
LCMapStringEx
GetCPInfo
RtlPcToFileHeader
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetConsoleCP
VirtualProtect
ExitThread
FreeLibraryAndExitThread
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetSystemDirectoryW
GetCurrentProcess
SetFileAttributesW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
GetTickCount64
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThread
CreateThread
Sleep
WaitForSingleObject
FreeResource
GlobalMemoryStatusEx
GetFullPathNameW
lstrlenW
MulDiv
LoadLibraryW
FreeLibrary
GetThreadId
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetTempPathW
WriteFile
GetTempFileNameW
DeleteFileW
CreateFileW
GetModuleFileNameW
ReleaseSRWLockShared
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceW
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetFileAttributesW
GlobalLock
GlobalUnlock
GlobalAlloc
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExW
GetVersionExW
SetLastError
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
ReadConsoleW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
WriteConsoleW
InterlockedPushEntrySList
FlushInstructionCache
LoadLibraryExA
HeapCreate
IsValidLocale

user32

DispatchMessageW
PeekMessageW
GetMessagePos
PostQuitMessage
GetWindowPlacement
SetWindowPlacement
CheckRadioButton
CharLowerW
CreatePopupMenu
RemoveMenu
InsertMenuItemW
SetRectEmpty
ChildWindowFromPoint
SetWindowTextA
EnumChildWindows
UnionRect
DrawFrameControl
IsDialogMessageW
CheckMenuRadioItem
SetRect
WindowFromPoint
ClientToScreen
AdjustWindowRectEx
SetMenuDefaultItem
GetMenuItemInfoW
DeleteMenu
AppendMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
EnableMenuItem
LoadMenuW
TranslateAcceleratorW
LoadAcceleratorsW
ReleaseCapture
SetCapture
GetCapture
SetFocus
GetDlgCtrlID
SetDlgItemInt
CreateDialogParamW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetClassInfoExW
RegisterClassExW
TrackMouseEvent
MonitorFromPoint
MapWindowPoints
GetCursor
GetCursorPos
GetFocus
LoadStringW
LoadIconW
MessageBeep
GetPropW
SetPropW
SetActiveWindow
UnregisterClassW
GetDesktopWindow
DialogBoxParamW
GetWindow
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextW
TranslateMessage
IsWindow
GetWindowRect
SetDlgItemTextW
SetMenuInfo
GetWindowModuleFileNameW
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
DestroyIcon
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassNameW
GetParent
SetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ScreenToClient
GetClientRect
GetWindowTextLengthW
GetWindowTextW
ShowScrollBar
SetScrollPos
RedrawWindow
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetMessageW
DrawEdge
LoadStringA
FlashWindowEx
EqualRect
GetClassLongPtrW
IntersectRect
ScrollWindowEx
ValidateRect
GetUpdateRgn
GetUpdateRect
GetKeyState
CreateIconIndirect
GetDC
UpdateWindow
DrawTextW
GetSystemMetrics
IsWindowEnabled
KillTimer
SetTimer
IsZoomed
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
GetMenuInfo
TrackPopupMenuEx
ModifyMenuW
InsertMenuW
GetMenuStringW
SetMenu
GetMenu
CharNextW
IsMenu
GetWindowThreadProcessId
FindWindowExW
FindWindowW
SetForegroundWindow
IsIconic
WaitForInputIdle
CreateIconFromResourceEx
GetDlgItemInt
DestroyWindow
GetForegroundWindow
IsChild
CreateWindowExW
CallWindowProcW
DefWindowProcW
PostMessageW
GetIconInfo
DrawIconEx
LoadImageW
GetSysColor
SetMenuItemInfoW
DestroyMenu
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
SendMessageW
GetActiveWindow
RegisterWindowMessageW
GetAncestor
GetAsyncKeyState
MessageBoxW

gdi32

CreateBitmapIndirect
GetDIBits
CreateRectRgn
CreateRectRgnIndirect
GetBkMode
RectInRegion
GdiFlush
CreatePatternBrush
ExcludeClipRect
GetPixel
PatBlt
SetPixel
SetBrushOrgEx
RestoreDC
SaveDC
SetROP2
GetTextMetricsW
CreateFontW
GetObjectW
GetBitmapBits
GetBkColor
CreateDIBSection
Polyline
CreateBitmap
SelectClipRgn
GetCurrentObject
TextOutW
MoveToEx
SetTextAlign
SetTextColor
SetBkMode
Rectangle
LineTo
GetTextExtentPoint32W
GetStockObject
CreatePen
CreateFontIndirectW
CreateSolidBrush
SetViewportOrgEx
ExtTextOutW
SetBkColor
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
EndPage
StartPage
EndDoc
StartDocW
Polygon
GetDeviceCaps
SetMapMode

comdlg32

GetSaveFileNameW
ChooseColorW
ChooseFontW
FindTextW
GetOpenFileNameW
PrintDlgW

advapi32

ConvertStringSidToSidW
ConvertSidToStringSidW
RegSetValueW
RegEnumKeyW
LookupAccountSidW
MapGenericMask
GetTokenInformation
GetLengthSid
FreeSid
EqualSid
AllocateAndInitializeSid
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegGetValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

shell32

SHGetSpecialFolderLocation
ExtractIconExW
SHGetPathFromIDListW
CommandLineToArgvW
SHChangeNotify
SHBrowseForFolderW
SHGetMalloc
DragQueryFileW
ShellExecuteExW
SHGetFileInfoW
ShellExecuteW

ole32

OleInitialize
ReleaseStgMedium
CreateBindCtx
CoInitializeEx
RegisterDragDrop
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoSetProxyBlanket
OleUninitialize

oleaut32

SysAllocStringLen
VariantTimeToSystemTime
VarUI4FromStr
SysAllocStringByteLen
VariantChangeType
VariantClear
VariantInit
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SysStringLen
SysFreeString
SysAllocString

shlwapi

SHAutoComplete

uxtheme

IsCompositionActive
IsThemeActive
SetWindowTheme
IsAppThemed

dwmapi

DwmSetWindowAttribute
DwmDefWindowProc

ntdll

RtlGetVersion
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

Sections

.text
Size: 956KB - Virtual size: 956KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 745KB - Virtual size: 744KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bdafb39cfee2e23fe0c8ae87ef4f1ea1

Code Sign

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:afCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

ad:fb:8d:ae:04:e3:1f:d8:30:cc:60:24:3e:fc:ca:56:63:00:94:98:9d:c7:00:2f:19:31:fa:56:db:30:2f:3eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

version

comctl32

fltlib

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

uxtheme

dwmapi

ntdll

Sections

.text Size: 956KB - Virtual size: 956KB

.rdata Size: 306KB - Virtual size: 305KB

.data Size: 30KB - Virtual size: 107KB

.pdata Size: 37KB - Virtual size: 36KB

_RDATA Size: 1024B - Virtual size: 640B

.rsrc Size: 745KB - Virtual size: 744KB

.reloc Size: 6KB - Virtual size: 5KB

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

ad:fb:8d:ae:04:e3:1f:d8:30:cc:60:24:3e:fc:ca:56:63:00:94:98:9d:c7:00:2f:19:31:fa:56:db:30:2f:3e
Signer

.text
Size: 956KB - Virtual size: 956KB

.rdata
Size: 306KB - Virtual size: 305KB

.data
Size: 30KB - Virtual size: 107KB

.pdata
Size: 37KB - Virtual size: 36KB

_RDATA
Size: 1024B - Virtual size: 640B

.rsrc
Size: 745KB - Virtual size: 744KB

.reloc
Size: 6KB - Virtual size: 5KB