idk[.]zip | Triage

Resubmissions

05/10/2024, 19:57

241005-ypltma1cml 4

05/10/2024, 19:56

241005-ynr91swbnh 3

Sharing

Copy URL Twitter E-mail

General

Target

idk.zip
Size

950KB
MD5

ab62083e3d14d1f9584dfd3eb80cc510
SHA1

dc56016086ebc0a6dd32ed7ccbacc1de7bd4ef3a
SHA256

8380c978b9c01ccacae18bb0b72e339614d10ce6253dd41f809af751ecdfd3ac
SHA512

0b2a4ea2e9edfb3a502135d10f5e03abb1aac0b6c2bca562e76c79ec0f9a916e1d7542abb943996fb1413e06f71451a447542668e63a33af969a5963bb12d082
SSDEEP

24576:/alG6SyB+4ghJLHu7DGkp+rmz+Geo+fbSGWY6WY274AsEK2IT:/alGP4ghJLO7DGkWmLl+2Gbxi92IT

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ie11/ExtExport.exe
unpack001/ie11/IEShims.dll
unpack001/ie11/en-US/hmmapi.dll.mui
unpack001/ie11/en-US/ieinstal.exe.mui
unpack001/ie11/en-US/iexplore.exe.mui
unpack001/ie11/hmmapi.dll
unpack001/ie11/ieinstal.exe
unpack001/ie11/ielowutil.exe

Files

idk.zip
.zip
ie11/ExtExport.exe
.exe windows:10 windows x86 arch:x86

c566df711bf0b031ecedbbd5673f7e4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

extexport.pdb

Imports

advapi32

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
RegDeleteValueW
RegOpenKeyExW
RegCloseKey

kernel32

WriteFile
CreateFileW
CloseHandle
lstrcmpW
ExpandEnvironmentStringsW
FreeLibrary
IsDebuggerPresent
DebugBreak
GetProcessHeap
LocalFree
CreateMutexExW
HeapAlloc
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetProcAddress
ReleaseMutex
LocalAlloc
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
DecodePointer
GetModuleFileNameW
CreateDirectoryW
MoveFileW
DeleteFileW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetLastError
LoadLibraryExW
FormatMessageW
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount

msvcrt

_vsnwprintf
memset
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
wcsncmp
wcschr
iswalpha
wcspbrk
memcpy_s
_wcsicmp
_itow_s
malloc
_callnewh
free
_XcptFilter
__p__commode
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
__p__fmode
__setusermatherr
_initterm

ole32

CoTaskMemFree
IIDFromString
CoTaskMemRealloc

shlwapi

ord215
StrCmpNIW
PathFindFileNameW
ord158
StrStrIW
StrStrW
PathFileExistsW
StrCmpNW

user32

LoadStringW

shell32

SHGetFolderPathAndSubDirW
SHSetLocalizedName

iertutil

ord672
ord675

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ie11/IEShims.dll
.dll windows:10 windows x86 arch:x86

c1ef8f648c60d79681dabb7185b9aaf5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ieshims.pdb

Imports

msvcrt

wcsrchr
_vscwprintf
_vsnwprintf
_vsnprintf_s
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcmp
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_wcslwr
wcspbrk
wcschr
_wcsicmp
wcsncmp
fputws
_wfopen
fclose
_stricmp
calloc
_XcptFilter
_amsg_exit
wcsstr
memmove_s
towlower
iswctype
wcsspn
memcpy_s
realloc
free
wcstok_s
iswspace
_wcsnicmp
malloc
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_lock
_unlock
__dllonexit
_onexit
_except_handler4_common
memmove
__CxxFrameHandler3
memset

kernel32

LeaveCriticalSection
DelayLoadFailureHook
ResolveDelayLoadedAPI
RaiseException
QueryFullProcessImageNameW
GetLogicalDriveStringsW
QueryDosDeviceW
IsWow64Process
GetTickCount64
OpenProcess
CreateMutexW
InitializeCriticalSection
InitializeSRWLock
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
OutputDebugStringA
GetModuleHandleA
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CopyFileExW
SetFileAttributesW
DeviceIoControl
GetFileInformationByHandle
CreateDirectoryW
lstrcmpiW
EncodePointer
FindClose
FindNextFileW
FindFirstFileW
TlsFree
VirtualProtect
RaiseFailFastException
GetFileSizeEx
CreateFileW
DecodePointer
GetCurrentThreadId
GetModuleHandleExW
GetModuleFileNameW
SearchPathW
GetFileAttributesW
SetLastError
LocalAlloc
VirtualQuery
GetCurrentDirectoryW
LocalFree
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
GetCurrentProcessId
GetProcessId
GetLastError
TlsSetValue
ExitThread
GetProcessIdOfThread
GetThreadId
HeapAlloc
GetProcessHeap
HeapFree
FormatMessageW
GetSystemDirectoryW
GetWindowsDirectoryW
GetLongPathNameW
GetFullPathNameW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetModuleFileNameA
DebugBreak
GetModuleHandleW
IsDebuggerPresent
OutputDebugStringW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
CloseHandle
ReleaseSemaphore
ReleaseMutex
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
OpenSemaphoreW
CreateThreadpoolTimer
CreateMutexExW
CreateSemaphoreExW
TerminateProcess
LoadLibraryA
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsAlloc
OpenEventW
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList

api-ms-win-downlevel-shlwapi-l1-1-0

StrCmpCW
StrCmpICA
PathGetArgsW
StrCmpICW
PathFindFileNameW
StrCmpIW
StrCmpNICW
StrCmpNIA
PathSkipRootW
StrDupW
PathIsUNCW
StrCmpNCW

api-ms-win-downlevel-advapi32-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegGetValueW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumValueW

ntdll

RtlNtStatusToDosError
NtQueryObject

iertutil

ord45
ord170
ord137
ord58
ord134
ord50
ord791
ord820
ord101
ord916
ord793

Exports

Exports

AcRedirNotify
AcRedirNotifySetEnabled
AcRedirSetEnabled
IEShims_AdminCheckAndLaunch
IEShims_CreateWindowEx
IEShims_GetOriginatingThreadId
IEShims_InDllMainContext
IEShims_Initialize
IEShims_SetRedirectRegistryForThread
IEShims_Uninitialize

Sections

.text
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mrdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ie11/SIGNUP/install.ins
ie11/en-US/hmmapi.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ie11/en-US/ieinstal.exe.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ie11/en-US/iexplore.exe.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ie11/hmmapi.dll
.dll regsvr32 windows:10 windows x86 arch:x86

830127705155748df0c8417ebb0bc879

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

hmmapi.pdb

Imports

msvcrt

_vsnprintf
_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter
memset

api-ms-win-core-libraryloader-l1-1-0

DisableThreadLibraryCalls
LoadStringA
GetModuleFileNameA

api-ms-win-core-registry-l1-1-0

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-file-l1-1-0

SetFileAttributesA
CreateFileA
GetFileSize
GetFileTime

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-localization-l1-2-0

FormatMessageA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

advapi32

RegDeleteKeyA

kernel32

GetShortPathNameA
CompareStringA
lstrlenA
MoveFileA
LocalFree
lstrcmpA
GetTempPathA

shell32

ShellExecuteA

shlwapi

SHGetValueA
PathRemoveBackslashA
PathIsPrefixA
StrChrA

urlmon

CreateUriFromMultiByteString

user32

MessageBoxA

wininet

GetUrlCacheConfigInfoA

Exports

Exports

AddService
BMAPIAddress
BMAPIDetails
BMAPIFindNext
BMAPIGetAddress
BMAPIGetReadMail
BMAPIReadMail
BMAPIResolveName
BMAPISaveMail
BMAPISendMail
DllRegisterServer
DllUnregisterServer
MAPIAddress
MAPIDeleteMail
MAPIDetails
MAPIFindNext
MAPIFreeBuffer
MAPILogoff
MAPILogon
MAPIReadMail
MAPIResolveName
MAPISaveMail
MAPISendDocuments
MAPISendMail
MailToProtocolHandler
OpenInboxHandler
RemoveService

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ie11/ie9props.propdesc
ie11/ieinstal.exe
.exe windows:10 windows x86 arch:x86

4290d072accdc911246ad27fde5bc240

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ieinstal.pdb

Imports

advapi32

RegDeleteValueW
CheckTokenMembership
FreeSid
RegSetValueExW
RegCreateKeyExW
AllocateAndInitializeSid
RegCloseKey
RegQueryValueExW
RegEnumValueW
RegCreateKeyW
RegOpenKeyExW
RegOpenKeyExA
RegSetValueExA
RegDeleteKeyW
RegQueryValueExA
RegCreateKeyA
GetTokenInformation
OpenThreadToken
GetLengthSid
GetKernelObjectSecurity
InitializeSecurityDescriptor
IsValidSid
ConvertStringSidToSidW
CopySid
CreateWellKnownSid
SetEntriesInAclW
EqualSid
GetAce
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegGetValueW
RegOpenCurrentUser
RegOverridePredefKey

kernel32

CloseHandle
CreateThread
SetFileAttributesA
GetProcAddress
DeleteCriticalSection
CreateProcessW
FreeLibrary
lstrcmpiA
lstrcmpiW
LoadLibraryExW
GetModuleFileNameA
FindFirstFileA
SetLastError
GetFullPathNameW
CreateDirectoryExA
GetModuleHandleExW
GetFinalPathNameByHandleW
FindNextFileA
FindClose
LocalAlloc
lstrcmpA
MultiByteToWideChar
FormatMessageW
GetTempPath2A
GetFileAttributesA
CreateFileA
GetCurrentThread
LeaveCriticalSection
RemoveDirectoryA
CopyFileW
WideCharToMultiByte
DebugBreak
CreateEventW
DeleteFileA
SetEvent
HeapSetInformation
SuspendThread
VirtualAlloc
VirtualFree
VirtualProtect
SetProcessDEPPolicy
RaiseException
RaiseFailFastException
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
ResumeThread
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
GetCurrentProcess
EnterCriticalSection
GetModuleHandleW
GetProcessHeap
HeapAlloc
GetThreadContext
FlushInstructionCache
SetThreadContext
VirtualQuery
DeleteFileW
GetExitCodeThread
OpenProcess
DuplicateHandle
GetFileAttributesW
CreateFileW
K32GetModuleBaseNameW
IsDebuggerPresent
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreExW
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
InitializeCriticalSection
GetLastError
WaitForSingleObject
DeactivateActCtx
ActivateActCtx
SetProcessShutdownParameters
HeapFree
LocalFree

user32

CharNextW
LoadStringW
PostQuitMessage

msvcrt

_lock
_except_handler4_common
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
memset
_amsg_exit
__p__commode
_XcptFilter
_wcsnicmp
wcstok_s
_wtoi
iswascii
iscntrl
wcschr
memcpy_s
iswalpha
wcsncmp
_vsnprintf
iswcntrl
wcsrchr
_vsnwprintf
__dllonexit
?terminate@@YAXXZ
_controlfp
_unlock
memcpy
_onexit
__wgetmainargs

ole32

CoRegisterClassObject
CoRevokeClassObject
CoInitialize
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoImpersonateClient
CoRevertToSelf
CoGetCallContext
StringFromGUID2
CoInitializeSecurity
CLSIDFromString
CoInitializeEx

oleaut32

UnRegisterTypeLi
UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegisterTypeLi
SysStringLen
SysAllocString
SysFreeString

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

urlmon

CompatFlagsFromClsid
Extract
CoInternetCreateSecurityManager
ord519
ord107
CoInternetSetFeatureEnabled

wintrust

CryptCATAdminReleaseContext
CryptCATAdminAddCatalog
CryptCATAdminAcquireContext
CryptCATAdminReleaseCatalogContext

authz

AuthzFreeResourceManager
AuthzFreeContext
AuthzInitializeContextFromSid
AuthzInitializeResourceManager
AuthzAccessCheck

iertutil

ord172
ord34
ord134
ord39
ord57
ord201
ord200
ord35
ord650
ord658

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ie11/ielowutil.exe
.exe windows:10 windows x86 arch:x86

b1273c7c9cebbf26f823e0ea4f0e7827

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ielowutil.pdb

Imports

kernel32

CreateThread
HeapSetInformation
CreateEventW
GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetCurrentProcess
GetProcessHeap
HeapAlloc
ResetEvent
CloseHandle
GetProcAddress
RaiseException
RaiseFailFastException
MapViewOfFile
GetLastError
OpenFileMappingW
SetProcessDEPPolicy
IsWow64Process
OpenEventW
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx
TerminateProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
UnmapViewOfFile
WaitForSingleObject
SetLastError
HeapFree
SetEvent

user32

MsgWaitForMultipleObjects
PostQuitMessage
DispatchMessageW
TranslateMessage
PeekMessageW

msvcrt

memset
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_wcsnicmp
wcstok_s
_vsnwprintf
_wtoi

ole32

CLSIDFromString
CoInitializeSecurity
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoCreateInstance
CoInitializeEx

wininet

InternetSetCookieExW
InternetGetCookieExW

iertutil

ord650
ord466

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ie11/iexplore.exe
.exe windows:10 windows x86 arch:x86

739bfbdc12ce8c778629672a4c525464

Code Sign

33:00:00:05:56:c9:20:2b:1f:74:32:5d:2d:00:00:00:00:05:56
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:81:15:81:f3:56:03:c7:22:e9:07:8b:f0:4a:8f:e4:6f:14:0f:36:d6:57:31:82:0a:33:30:dd:ee:e0:6d:1c
Signer

Actual PE Digest

5b:81:15:81:f3:56:03:c7:22:e9:07:8b:f0:4a:8f:e4:6f:14:0f:36:d6:57:31:82:0a:33:30:dd:ee:e0:6d:1c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

iexplore.pdb

Imports

user32

GetWindowThreadProcessId
AllowSetForegroundWindow
FindWindowExW
SendMessageTimeoutW
IsWindowVisible
SetUserObjectInformationW
WaitForInputIdle
IsWindowEnabled

msvcrt

_vsnwprintf
iswspace
?terminate@@YAXXZ
_onexit
__dllonexit
memset
_unlock
_lock
_except_handler4_common
_wcmdln
wcsncmp
free
malloc
_callnewh
_XcptFilter
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
iswalpha
wcspbrk
wcschr
__p__fmode
__setusermatherr
_controlfp
memcpy_s
_initterm

kernel32

LocalFree
CreateMutexExW
GetProcAddress
GetProcessHeap
CreateProcessW
GetModuleHandleW
DebugBreak
SetDllDirectoryW
DelayLoadFailureHook
DeleteCriticalSection
SetProcessDEPPolicy
ExpandEnvironmentStringsW
IsWow64Process
ResolveDelayLoadedAPI
GetCurrentProcessId
GetTickCount
HeapAlloc
HeapSetInformation
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
GetCommandLineW
GetCurrentProcess
ReleaseSemaphore
GetModuleHandleExW
TerminateProcess
InitializeCriticalSection
SetErrorMode
WaitForSingleObject
LocalAlloc
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
GetNativeSystemInfo
IsDebuggerPresent

api-ms-win-downlevel-advapi32-l1-1-0

EventWriteTransfer
EventRegister
RegGetValueW
EventUnregister
EventWriteEx

advapi32

EventSetInformation

iertutil

ord791
ord797
ord798
ord701
ord796
ord650
ord597
ord398
ord793
ord594

api-ms-win-downlevel-shlwapi-l1-1-0

StrStrIW

api-ms-win-downlevel-ole32-l1-1-0

CoCreateGuid

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 757KB - Virtual size: 757KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

c566df711bf0b031ecedbbd5673f7e4f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ole32

shlwapi

user32

shell32

iertutil

Sections

.text Size: 38KB - Virtual size: 37KB

.data Size: 512B - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

c1ef8f648c60d79681dabb7185b9aaf5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

api-ms-win-downlevel-shlwapi-l1-1-0

api-ms-win-downlevel-advapi32-l1-1-0

ntdll

iertutil

Exports

Exports

Sections

.text Size: 293KB - Virtual size: 293KB

.data Size: 512B - Virtual size: 4KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 188B

.mrdata Size: 19KB - Virtual size: 18KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 27KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 224B

.rsrc Size: 1KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 224B

.rsrc Size: 1KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 224B

.rsrc Size: 4KB - Virtual size: 8KB

830127705155748df0c8417ebb0bc879

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

.text
Size: 38KB - Virtual size: 37KB

.data
Size: 512B - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 293KB - Virtual size: 293KB

.data
Size: 512B - Virtual size: 4KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 188B

.mrdata
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 27KB

.rdata
Size: 512B - Virtual size: 224B

.rsrc
Size: 1KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 224B

.rsrc
Size: 1KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 224B

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 960B

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 31KB - Virtual size: 31KB

.reloc
Size: 1024B - Virtual size: 736B

.text
Size: 57KB - Virtual size: 56KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 203KB - Virtual size: 203KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 203KB - Virtual size: 203KB

.reloc
Size: 1024B - Virtual size: 672B

33:00:00:05:56:c9:20:2b:1f:74:32:5d:2d:00:00:00:00:05:56
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate