Explorer++[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Explorer++.exe
Size

4.1MB
MD5

ff86a1f032443000c38daac61175c4e2
SHA1

d85b55d19958d0e1a4f7c26fb0cdf5d22476ffb0
SHA256

24073b37c1217a9faabc09f8a59c9eedf05872ab1209c9d1300c465a91773313
SHA512

6b448b878a1c8b2e25a44b3ce3304a9999677b2365f213f6cc5e55c1277f6e18a8761dc57f8dab1fbc36a2753dd9840ab7c1b36a7e14cc28d460646eaf2d3faf
SSDEEP

49152:w4ZpqYQjJ9XbIbu0gD6XPUAO8BLuZikxiGa+v64Nab0krJQ52IFsYsPMHalbt8:94P+LumGa+v6UaJJIFst

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Explorer++.exe

Files

Explorer++.exe
.exe windows:6 windows x64 arch:x64

08d2a8b7e77429e26fe2870469b81944

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\projects\explorerplusplus\Explorer++\Explorer++\x64\Release\Explorer++.pdb

Imports

shell32

SHCreateShellItemArrayFromIDLists
SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW
SHCreateItemFromParsingName
SHGetFolderPathW
SHGetPathFromIDListW
ord19
SHBindToParent
ord152
SHGetIDListFromObject
SHBrowseForFolderW
ord4
ord23
SHGetDesktopFolder
ord727
SHGetKnownFolderIDList
SHCreateItemFromIDList
ord25
ord16
ord17
ord18
ord2
SHGetFolderLocation
DragQueryFileW
SHParseDisplayName
SHGetFileInfoW
ord71
SHFreeNameMappings

gdiplus

GdipGetPropertyItem
GdipAlloc
GdipFree
GdipLoadImageFromFile
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipFillRectangleI
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipSetPathGradientCenterPointI
GdipCloneBrush
GdipDeleteBrush
GdipGetImagePixelFormat
GdipGetImageHorizontalResolution
GdipCreateBitmapFromStream
GdipGetImageVerticalResolution
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdipBitmapSetResolution
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetPropertyItemSize
GdipScaleWorldTransform
GdipCreatePathGradientFromPath
GdipAddPathRectangleI
GdipDeletePath
GdipCreatePath
GdipCreateFromHDC
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipDrawImageI

shlwapi

PathRemoveBackslashW
StrCmpW
PathCanonicalizeW
StrRetToBufW
PathIsDirectoryW
PathIsUNCW
PathIsSameRootW
PathStripToRootW
PathRemoveBlanksW
ord219
PathRenameExtensionW
PathCombineW
StrCmpLogicalW
PathFindExtensionW
StrChrW
PathAppendW
PathIsRelativeW
PathIsURLW
SHAutoComplete
PathStripPathW
PathRemoveExtensionW
SHDeleteKeyW
PathIsRootW
StrCmpIW
PathRemoveFileSpecW

mpr

WNetGetUniversalNameW

uxtheme

GetBufferedPaintBits
EndBufferedPaint
SetWindowTheme
BeginBufferedPaint

winmm

PlaySoundW

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW

propsys

VariantCompare

dwmapi

DwmSetIconicLivePreviewBitmap
DwmSetWindowAttribute
DwmSetIconicThumbnail
DwmInvalidateIconicBitmaps

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
CreatePipe
WriteConsoleW
HeapReAlloc
GetTimeZoneInformation
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
SetEnvironmentVariableW
GetFileType
ExitProcess
CreateProcessW
GetCommandLineW
GetCommandLineA
RtlUnwind
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
DuplicateHandle
SetStdHandle
IsValidLocale
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
HeapSize
GetExitCodeProcess
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
GetModuleHandleW
GetLastError
SetLastError
FreeLibrary
CloseHandle
OutputDebugStringW
GetCurrentThreadId
FormatMessageW
IsDebuggerPresent
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
HeapFree
GetProcessHeap
HeapAlloc
DeactivateActCtx
LoadLibraryW
GetProcAddress
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleFileNameW
GetModuleHandleExW
QueryActCtxW
OutputDebugStringA
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentProcessId
CreateMutexExW
ReleaseMutex
CreateSemaphoreExW
WaitForSingleObjectEx
LeaveCriticalSection
EnterCriticalSection
LocalFree
LocalAlloc
lstrcmpiW
lstrlenW
GetFileAttributesW
CreateMutexW
AttachConsole
FreeConsole
GetStdHandle
GetFileAttributesExW
GetComputerNameW
MultiByteToWideChar
GlobalMemoryStatusEx
CreateThread
GetDiskFreeSpaceExW
GetVolumeInformationW
GetLogicalDriveStringsW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpW
CompareStringW
MulDiv
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeSRWLock
OpenProcess
K32GetModuleFileNameExW
GetUserDefaultUILanguage
FindFirstFileW
FindNextFileW
FindClose
CreateEventA
WideCharToMultiByte
FormatMessageA
GetSystemTimeAsFileTime
SetEvent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetThreadPriority
CreateFileW
GetFileSizeEx
ReadFile
WriteFile
GetLocaleInfoW
SetFileAttributesW
SetFileTime
GetModuleFileNameA
DebugBreak
SetCurrentDirectoryW
GetCurrentDirectoryW
GetDriveTypeW
GetTempPathW
GetTempFileNameW
DeleteFileW
GetLocalTime
GetCurrentProcess
SetUnhandledExceptionFilter
GlobalFree
CompareFileTime
GetCurrentThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SignalObjectAndWait
CreateTimerQueue
GetCurrencyFormatW
FoldStringW
EnumSystemLocalesA
IsDBCSLeadByteEx
IsValidCodePage
GetLocaleInfoA
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleA
GetLogicalProcessorInformation
OpenEventA
ResetEvent
SleepConditionVariableSRW
WakeAllConditionVariable
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetCPInfo
DecodePointer
EncodePointer
GetExitCodeThread
SwitchToThread
Sleep
TryEnterCriticalSection
RaiseException
RtlPcToFileHeader
MoveFileExW
DeviceIoControl
AreFileApisANSI
FindFirstFileExW
CreateDirectoryW
GetStringTypeW
LoadLibraryExA
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
CancelIo
ReadDirectoryChangesW
ExitThread
SleepEx
SetErrorMode
QueueUserAPC
CreateEventW
LockResource
LoadResource
SizeofResource
FindResourceW
GlobalSize
GetDiskFreeSpaceW
FlushFileBuffers
SetFilePointer
SetEndOfFile
SetFilePointerEx
CreateHardLinkW
LocalFileTimeToFileTime
LCMapStringW
GetUserDefaultLangID
GetFileInformationByHandle
GetTimeFormatW
GetDateFormatW

user32

GetUpdateRect
EndMenu
InflateRect
RedrawWindow
DrawIconEx
DialogBoxParamW
CreateDialogParamW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetKeyState
CheckMenuItem
EnableMenuItem
SystemParametersInfoW
OpenClipboard
CloseClipboard
GetClipboardData
SetClipboardData
DrawTextW
IsDialogMessageW
GetMessageW
SetRect
UnregisterDeviceNotification
UpdateWindow
RegisterDeviceNotificationW
SetWindowPlacement
EmptyClipboard
LoadAcceleratorsW
GetSystemMetrics
PrintWindow
IsWindowVisible
IsIconic
UnregisterClassW
RegisterClassExW
ChangeWindowMessageFilter
RegisterWindowMessageW
GetIconInfo
GetWindowPlacement
GetCursorPos
DestroyWindow
ChangeClipboardChain
MoveWindow
PostMessageW
IntersectRect
KillTimer
PostQuitMessage
CreateMenu
MapWindowPoints
GetComboBoxInfo
ReleaseDC
GetDC
GetKeyNameTextW
MapVirtualKeyW
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenu
SetMenu
DeleteMenu
SetTimer
SetClipboardViewer
ReleaseCapture
SetCapture
SetCursor
EndPaint
GetWindowTextW
BeginPaint
DefWindowProcW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExW
RegisterClassW
GetSysColorBrush
LoadCursorW
IsClipboardFormatAvailable
FindWindowExW
WindowFromPoint
GetMessagePos
GetFocus
GetDlgItemInt
SetWindowPos
GetWindowRect
SetDlgItemInt
LoadStringW
SetClassLongPtrW
LoadIconW
ShowWindow
SetForegroundWindow
FindWindowW
FillRect
GetClientRect
InvalidateRect
DestroyMenu
GetMenuBarInfo
CreatePopupMenu
ScreenToClient
IsDlgButtonChecked
GetDlgItemTextW
GetWindowTextLengthW
SetFocus
CheckDlgButton
GetDlgItem
EnableWindow
SetWindowTextW
InsertMenuItemW
MessageBoxW
TrackPopupMenu
ClientToScreen
LoadMenuW
GetSubMenu
RegisterClipboardFormatW
DestroyAcceleratorTable
CreateAcceleratorTableW
CopyAcceleratorTableW
DestroyIcon
EndDialog
GetParent
SetDlgItemTextW
SendDlgItemMessageW
SendMessageW
LoadImageW
GetWindowLongW
PtInRect
CheckMenuRadioItem

gdi32

SetTextColor
DeleteDC
SetBkMode
GetStockObject
CreateFontW
GetObjectW
CreateFontIndirectW
SelectObject
DeleteObject
GetTextExtentPoint32W
SetBitmapDimensionEx
GetBitmapDimensionEx
CreateCompatibleDC
SetStretchBltMode
SetBrushOrgEx
StretchBlt
BitBlt
TextOutW
CreateSolidBrush
CreateCompatibleBitmap
CreateDIBSection
GetDeviceCaps
GetDIBits

winspool.drv

GetPrinterW
OpenPrinterW
ClosePrinter

advapi32

RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
OpenProcessToken
GetSecurityInfo
LookupAccountSidW
ConvertSidToStringSidW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
CryptAcquireContextW
CryptGenRandom
RegEnumKeyExW

ole32

CoTaskMemFree
CoCreateInstance
CreateStreamOnHGlobal
DoDragDrop
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
CLSIDFromString
PropVariantClear
CoCreateGuid
StringFromGUID2
OleDuplicateData
OleGetClipboard
StgCreateStorageEx
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoTaskMemAlloc
OleUninitialize
OleInitialize
CoInitializeEx
CoUninitialize

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear
SafeArrayGetElement
VariantChangeType
VariantTimeToSystemTime
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound

iphlpapi

GetAdaptersAddresses

userenv

ExpandEnvironmentStringsForUserW

comctl32

ord410
ord412
ImageList_GetIcon
ImageList_ReplaceIcon
ord413

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

comdlg32

GetSaveFileNameW

Exports

Exports

?$TSS0@?1??create@?$StaticObject@UPolymorphicCasters@detail@cereal@@@detail@cereal@@CAAEAUPolymorphicCasters@34@XZ@4HA
??4?$StaticObject@UPolymorphicCasters@detail@cereal@@@detail@cereal@@QEAAAEAV012@AEBV012@@Z
?create@?$StaticObject@UPolymorphicCasters@detail@cereal@@@detail@cereal@@CAAEAUPolymorphicCasters@23@XZ
?getInstance@?$StaticObject@UPolymorphicCasters@detail@cereal@@@detail@cereal@@SAAEAUPolymorphicCasters@23@XZ
?instance@?$StaticObject@UPolymorphicCasters@detail@cereal@@@detail@cereal@@0AEAUPolymorphicCasters@23@EA
?t@?1??create@?$StaticObject@UPolymorphicCasters@detail@cereal@@@detail@cereal@@CAAEAUPolymorphicCasters@34@XZ@4U534@A

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 649KB - Virtual size: 649KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08d2a8b7e77429e26fe2870469b81944

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

gdiplus

shlwapi

mpr

uxtheme

winmm

urlmon

wininet

propsys

dwmapi

kernel32

user32

gdi32

winspool.drv

advapi32

ole32

oleaut32

iphlpapi

userenv

comctl32

version

comdlg32

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 649KB - Virtual size: 649KB

.data Size: 131KB - Virtual size: 178KB

.pdata Size: 127KB - Virtual size: 127KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 358KB - Virtual size: 358KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 649KB - Virtual size: 649KB

.data
Size: 131KB - Virtual size: 178KB

.pdata
Size: 127KB - Virtual size: 127KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 358KB - Virtual size: 358KB

.reloc
Size: 21KB - Virtual size: 20KB