InternetExplorer[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

InternetExplorer.zip
Size

1.2MB
MD5

0112c2ae5a5a5085101146401b8490d6
SHA1

1e8a074010c03a7c9400a4e5b0bb5a9f0339227e
SHA256

b26388264d78ab6af6a141fd215c6e6e1b3ff68b9e0621f08a5621e1aff97aa3
SHA512

789b5fa53e0aeb642b9b571c9f7a82c1921e93176bbda254ed69be7bf425b35547a64781db6df13342b532e401ba6b4bd8e38f417aaf0379a03a640f126efa7b
SSDEEP

24576:zcPwtxXGxlGQ7EkkAgYYXGSH5kITcjc9lY/3g0bq:gcxWAkbYr5k1cXmbq

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Internet Explorer/ExtExport.exe
unpack001/Internet Explorer/IEShims.dll
unpack001/Internet Explorer/en-US/hmmapi.dll.mui
unpack001/Internet Explorer/en-US/ieinstal.exe.mui
unpack001/Internet Explorer/en-US/iexplore.exe.mui
unpack001/Internet Explorer/hmmapi.dll
unpack001/Internet Explorer/iediagcmd.exe
unpack001/Internet Explorer/ieinstal.exe
unpack001/Internet Explorer/ielowutil.exe

Files

InternetExplorer.zip
.zip
Internet Explorer/ExtExport.exe
.exe windows:10 windows x64 arch:x64

ceb6ae489e2fbafcbf5dcf1e40c176c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

extexport.pdb

Imports

advapi32

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
RegDeleteValueW
RegOpenKeyExW
RegCloseKey

kernel32

WriteFile
CreateFileW
CloseHandle
lstrcmpW
ExpandEnvironmentStringsW
FreeLibrary
IsDebuggerPresent
DebugBreak
GetProcessHeap
LocalFree
CreateMutexExW
HeapAlloc
OpenSemaphoreW
WaitForSingleObjectEx
GetProcAddress
FormatMessageW
ReleaseMutex
LocalAlloc
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
DecodePointer
GetModuleFileNameW
CreateDirectoryW
MoveFileW
DeleteFileW
TerminateProcess
GetCurrentProcess
GetLastError
LoadLibraryExW
OutputDebugStringW
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter

msvcrt

_vsnwprintf
memset
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
wcsncmp
wcschr
iswalpha
wcspbrk
memcpy_s
_wcsicmp
_itow_s
malloc
_callnewh
free
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler

ole32

CoTaskMemFree
CoTaskMemRealloc
IIDFromString

shlwapi

ord215
StrCmpNIW
PathFindFileNameW
ord158
StrStrIW
StrStrW
PathFileExistsW
StrCmpNW

user32

LoadStringW

shell32

SHGetFolderPathAndSubDirW
SHSetLocalizedName

iertutil

ord672
ord675

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Internet Explorer/IEShims.dll
.dll windows:10 windows x64 arch:x64

ee0ceaa330c81bdeacd78e489962bcf8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ieshims.pdb

Imports

msvcrt

_wcsicmp
wcsncmp
memmove
_CxxThrowException
_vsnwprintf
wcsrchr
fputws
_wfopen
fclose
_stricmp
__C_specific_handler
calloc
_XcptFilter
_amsg_exit
_vscwprintf
wcsstr
_wcslwr
wcspbrk
wcschr
memmove_s
towlower
iswctype
wcsspn
memcpy_s
realloc
free
wcstok_s
iswspace
_wcsnicmp
malloc
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
memset
__CxxFrameHandler4
wcscmp

kernel32

FindFirstFileW
DelayLoadFailureHook
ResolveDelayLoadedAPI
RaiseException
QueryFullProcessImageNameW
GetLogicalDriveStringsW
QueryDosDeviceW
IsWow64Process
AcquireSRWLockShared
ReleaseSRWLockShared
GetTickCount64
OpenProcess
ReleaseMutex
WaitForSingleObject
CreateMutexW
InitializeCriticalSection
InitializeSRWLock
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
OutputDebugStringA
GetModuleHandleA
DeleteCriticalSection
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CopyFileExW
SetFileAttributesW
DeviceIoControl
GetFileInformationByHandle
CreateDirectoryW
GetCurrentThreadId
GetModuleHandleExW
GetModuleFileNameW
SearchPathW
GetFileAttributesW
SetLastError
LocalAlloc
VirtualQuery
GetCurrentDirectoryW
LocalFree
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
GetCurrentProcessId
GetProcessId
GetLastError
TlsSetValue
ExitThread
GetProcessIdOfThread
GetThreadId
HeapAlloc
GetProcessHeap
HeapFree
FormatMessageW
GetSystemDirectoryW
GetWindowsDirectoryW
GetLongPathNameW
GetFullPathNameW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
TlsGetValue
TlsAlloc
OpenEventW
WaitForSingleObjectEx
CloseHandle
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
TerminateProcess
DecodePointer
CreateFileW
GetFileSizeEx
GetModuleHandleW
RaiseFailFastException
VirtualProtect
OutputDebugStringW
TlsFree
lstrcmpiW
FindNextFileW
FindClose
EnterCriticalSection
EncodePointer

api-ms-win-downlevel-shlwapi-l1-1-0

StrCmpICW
StrCmpICA
PathIsUNCW
PathSkipRootW
StrDupW
PathFindFileNameW
StrCmpNCW
StrCmpNIA
StrCmpNICW
PathGetArgsW
StrCmpCW
StrCmpIW

api-ms-win-downlevel-advapi32-l1-1-0

RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegGetValueW

ntdll

RtlNtStatusToDosError
NtQueryObject

iertutil

ord134
ord50
ord791
ord101
ord916
ord793
ord58
ord45
ord137
ord170
ord820

Exports

Exports

AcRedirNotify
AcRedirNotifySetEnabled
AcRedirSetEnabled
IEShims_AdminCheckAndLaunch
IEShims_CreateWindowEx
IEShims_GetOriginatingThreadId
IEShims_InDllMainContext
IEShims_Initialize
IEShims_SetRedirectRegistryForThread
IEShims_Uninitialize

Sections

.text
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mrdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Internet Explorer/SIGNUP/install.ins
Internet Explorer/en-US/hmmapi.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Internet Explorer/en-US/ieinstal.exe.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Internet Explorer/en-US/iexplore.exe.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Internet Explorer/hmmapi.dll
.dll regsvr32 windows:10 windows x64 arch:x64

92778fcf898ae2a7ad2db80bb9e09c45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

hmmapi.pdb

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnprintf
memset

api-ms-win-core-libraryloader-l1-1-0

DisableThreadLibraryCalls
LoadStringA
GetModuleFileNameA

api-ms-win-core-registry-l1-1-0

RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

GetFileTime
GetFileSize
SetFileAttributesA
CreateFileA

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetVersionExA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-localization-l1-2-0

FormatMessageA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

advapi32

RegDeleteKeyA

kernel32

GetShortPathNameA
lstrlenA
lstrcmpA
GetTempPathA
CompareStringA
LocalFree
MoveFileA

shell32

ShellExecuteA

shlwapi

StrChrA
PathRemoveBackslashA
PathIsPrefixA
SHGetValueA

urlmon

CreateUriFromMultiByteString

user32

MessageBoxA

wininet

GetUrlCacheConfigInfoA

Exports

Exports

AddService
BMAPIAddress
BMAPIDetails
BMAPIFindNext
BMAPIGetAddress
BMAPIGetReadMail
BMAPIReadMail
BMAPIResolveName
BMAPISaveMail
BMAPISendMail
DllRegisterServer
DllUnregisterServer
MAPIAddress
MAPIDeleteMail
MAPIDetails
MAPIFindNext
MAPIFreeBuffer
MAPILogoff
MAPILogon
MAPIReadMail
MAPIResolveName
MAPISaveMail
MAPISendDocuments
MAPISendMail
MailToProtocolHandler
OpenInboxHandler
RemoveService

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Internet Explorer/iediagcmd.exe
.exe windows:10 windows x64 arch:x64

8ad7d3f07924e8c2b7127391afd2da11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

IEDiagCmd.pdb

Imports

msvcrt

_vsnwprintf
_callnewh
malloc
?terminate@@YAXXZ
_amsg_exit
_cexit
??3@YAXPEAX@Z
memcpy
memset
_itow
_errno

kernel32

SetLastError
GetModuleHandleA
GetProcAddress
GetVersion
GetLastError
VirtualQuery
TerminateProcess
GetCurrentProcess
Sleep
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
LoadLibraryW
FreeLibrary
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringA
SetUnhandledExceptionFilter
QueryPerformanceCounter

mscoree

CorBindToRuntimeEx
_CorExeMain

ole32

CoCreateInstance

comctl32

ord332
ord334
ord386
ord328

oleacc

ObjectFromLresult

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocStringLen
SysStringLen
SysAllocString

user32

RegisterWindowMessageW
SendMessageTimeoutW

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Internet Explorer/ieinstal.exe
.exe windows:10 windows x64 arch:x64

ef8250ca4d742461186ce30c539557d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ieinstal.pdb

Imports

advapi32

RegDeleteValueW
CheckTokenMembership
FreeSid
RegSetValueExW
RegCreateKeyExW
AllocateAndInitializeSid
RegCloseKey
RegQueryValueExW
RegEnumValueW
RegCreateKeyW
RegOpenKeyExW
RegOpenKeyExA
RegSetValueExA
RegDeleteKeyW
RegQueryValueExA
RegCreateKeyA
GetTokenInformation
OpenThreadToken
GetLengthSid
GetKernelObjectSecurity
InitializeSecurityDescriptor
IsValidSid
ConvertStringSidToSidW
CopySid
CreateWellKnownSid
SetEntriesInAclW
EqualSid
GetAce
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegOverridePredefKey
RegOpenCurrentUser
RegGetValueW

kernel32

CloseHandle
CreateThread
SetFileAttributesA
GetProcAddress
DeleteCriticalSection
CreateProcessW
FreeLibrary
lstrcmpiA
lstrcmpiW
LoadLibraryExW
GetModuleFileNameA
FindFirstFileA
SetLastError
GetFullPathNameW
CreateDirectoryExA
GetModuleHandleExW
GetFinalPathNameByHandleW
FindNextFileA
FindClose
LocalAlloc
lstrcmpA
MultiByteToWideChar
FormatMessageW
GetTempPath2A
GetFileAttributesA
CreateFileA
GetCurrentThread
LocalFree
RemoveDirectoryA
CopyFileW
WideCharToMultiByte
DebugBreak
CreateEventW
K32GetModuleBaseNameW
SetEvent
HeapSetInformation
InitializeCriticalSection
HeapFree
SetProcessShutdownParameters
WaitForSingleObject
GetLastError
IsDebuggerPresent
CreateMutexExW
CreateFileW
GetFileAttributesW
DuplicateHandle
OpenProcess
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreExW
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx
DeleteFileA
VirtualQuery
SetThreadContext
FlushInstructionCache
GetThreadContext
ResumeThread
SuspendThread
VirtualAlloc
VirtualFree
VirtualProtect
RaiseException
RaiseFailFastException
GetTickCount
GetSystemTimeAsFileTime
GetExitCodeThread
GetCurrentProcess
EnterCriticalSection
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
DeleteFileW
HeapAlloc
GetProcessHeap
LeaveCriticalSection

user32

PostQuitMessage
CharNextW
LoadStringW

msvcrt

memcpy
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
memset
_wcsnicmp
wcstok_s
_wtoi
iswascii
iscntrl
memcpy_s
iswalpha
wcsncmp
wcschr
_vsnprintf
iswcntrl
wcsrchr
_vsnwprintf
__C_specific_handler
_XcptFilter

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

ole32

CoRegisterClassObject
CoRevokeClassObject
CoInitializeEx
CLSIDFromString
CoInitializeSecurity
StringFromGUID2
CoGetCallContext
CoRevertToSelf
CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoImpersonateClient

oleaut32

SysStringLen
SysFreeString
UnRegisterTypeLibForUser
RegisterTypeLi
UnRegisterTypeLi
RegisterTypeLibForUser
SysAllocString

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

urlmon

CompatFlagsFromClsid
Extract
CoInternetCreateSecurityManager
ord107
CoInternetSetFeatureEnabled
ord519

wintrust

CryptCATAdminAddCatalog
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminAcquireContext

authz

AuthzFreeContext
AuthzInitializeContextFromSid
AuthzFreeResourceManager
AuthzInitializeResourceManager
AuthzAccessCheck

iertutil

ord650
ord658
ord35
ord172
ord34
ord134
ord39
ord57
ord201
ord200

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Internet Explorer/ielowutil.exe
.exe windows:10 windows x64 arch:x64

0be37c11ff99ef666098b6a9d1421cd5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ielowutil.pdb

Imports

kernel32

CreateThread
HeapSetInformation
CreateEventW
GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetCurrentProcess
GetProcessHeap
HeapAlloc
ResetEvent
CloseHandle
GetProcAddress
RaiseException
RaiseFailFastException
MapViewOfFile
GetLastError
IsWow64Process
OpenEventW
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx
TerminateProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
UnmapViewOfFile
WaitForSingleObject
SetLastError
HeapFree
SetEvent
OpenFileMappingW
Sleep

user32

DispatchMessageW
PostQuitMessage
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW

msvcrt

__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_XcptFilter
_fmode
_commode
?terminate@@YAXXZ
_amsg_exit
_wtoi
memset
wcstok_s
_wcmdln
_wcsnicmp
_vsnwprintf

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

ole32

CoUninitialize
CoCreateInstance
CLSIDFromString
CoInitializeSecurity
CoRegisterClassObject
CoRevokeClassObject
CoInitializeEx

wininet

InternetSetCookieExW
InternetGetCookieExW

iertutil

ord466

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Internet Explorer/iexplore.exe
.exe windows:10 windows x64 arch:x64

02738e38346837af1fb5d756fd4fa9ba

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:de:d4:23:96:85:8a:87:c3:8f:5f:09:30:88:b8:cd:ef:7a:5c:ee:4d:4f:47:c3:e6:3e:cb:f5:a5:2f:2e:ef
Signer

Actual PE Digest

c8:de:d4:23:96:85:8a:87:c3:8f:5f:09:30:88:b8:cd:ef:7a:5c:ee:4d:4f:47:c3:e6:3e:cb:f5:a5:2f:2e:ef

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

iexplore.pdb

Imports

user32

GetWindowThreadProcessId
AllowSetForegroundWindow
FindWindowExW
SendMessageTimeoutW
IsWindowVisible
SetUserObjectInformationW
IsWindowEnabled

msvcrt

memcpy_s
iswspace
_vsnwprintf
__C_specific_handler
wcsncmp
free
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
_wcmdln
_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
memset

kernel32

HeapSetInformation
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
HeapAlloc
GetLastError
DelayLoadFailureHook
ResolveDelayLoadedAPI
CreateMutexExW
GetProcAddress
OutputDebugStringW
UnhandledExceptionFilter
FormatMessageW
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
ReleaseMutex
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
Sleep
IsDebuggerPresent
SetDllDirectoryW
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
GetCommandLineW
GetCurrentProcess
ReleaseSemaphore
GetModuleHandleExW
TerminateProcess
InitializeCriticalSection
SetErrorMode
WaitForSingleObject
LocalAlloc
GetCurrentThreadId
LocalFree

api-ms-win-downlevel-advapi32-l1-1-0

EventWriteTransfer
EventWriteEx
RegGetValueW
EventUnregister
EventRegister

api-ms-win-downlevel-shell32-l1-1-0

SetCurrentProcessExplicitAppUserModelID

advapi32

EventSetInformation

iertutil

ord650
ord791
ord797
ord798
ord701
ord796
ord793
ord594
ord398
ord597

api-ms-win-downlevel-shlwapi-l1-1-0

StrStrIW

api-ms-win-downlevel-ole32-l1-1-0

CoCreateGuid

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 760KB - Virtual size: 757KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Internet Explorer/images/bing.ico

Sharing

General

Malware Config

Signatures

Files

ceb6ae489e2fbafcbf5dcf1e40c176c8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ole32

shlwapi

user32

shell32

iertutil

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 4KB

.pdata Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 88B

ee0ceaa330c81bdeacd78e489962bcf8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

api-ms-win-downlevel-shlwapi-l1-1-0

api-ms-win-downlevel-advapi32-l1-1-0

ntdll

iertutil

Exports

Exports

Sections

.text Size: 252KB - Virtual size: 251KB

.rdata Size: 84KB - Virtual size: 80KB

.data Size: 4KB - Virtual size: 6KB

.pdata Size: 12KB - Virtual size: 11KB

.didat Size: 4KB - Virtual size: 376B

.mrdata Size: 36KB - Virtual size: 34KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 224B

.rsrc Size: 1KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 224B

.rsrc Size: 1KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 224B

.rsrc Size: 4KB - Virtual size: 8KB

92778fcf898ae2a7ad2db80bb9e09c45

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 88B

.text
Size: 252KB - Virtual size: 251KB

.rdata
Size: 84KB - Virtual size: 80KB

.data
Size: 4KB - Virtual size: 6KB

.pdata
Size: 12KB - Virtual size: 11KB

.didat
Size: 4KB - Virtual size: 376B

.mrdata
Size: 36KB - Virtual size: 34KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 224B

.rsrc
Size: 1KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 224B

.rsrc
Size: 1KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 224B

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 1KB

.pdata
Size: 4KB - Virtual size: 504B

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 4KB - Virtual size: 44B

.text
Size: 88KB - Virtual size: 84KB

.nep
Size: 4KB - Virtual size: 96B

.rdata
Size: 336KB - Virtual size: 334KB

.data
Size: 4KB - Virtual size: 1KB

.pdata
Size: 4KB - Virtual size: 456B

.rsrc
Size: 84KB - Virtual size: 80KB

.reloc
Size: 4KB - Virtual size: 68B

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 2KB