explorer[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

explorer.exe
Size

5.3MB
MD5

e2d1f700066d39814081317462a0fd74
SHA1

12ee7ed3ba979aca336e42a523612e0cdfa3ab3a
SHA256

359179ffb630953ee79523866a0a2246a5612d726c2eace52f7413f15530715e
SHA512

1185c38e6216ef846af8e00bae22964a70a4efa95ffb996d782f5cd6d8ab96c921f320ab2845dac3aecc4ccabdebd660dff84e274364b13e06ce2cfa81715768
SSDEEP

49152:BLYiHv5/ACIycn1Gk51JM0gcHfHPnAdISuXXpKbhSEqteY9+D6eY4KcQo5krTwtl:BE8FFXECK1zakbw8a0shIno

Score

1^/10

Malware Config

Signatures

Files

explorer.exe
.exe windows:10 windows x64 arch:x64

f832a3210ce364d59c55c2105020ae3d

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:78:60:42:68:c7:13:ef:63:6c:4d:e2:b1:56:db:4c:36:00:b3:f2:35:92:4f:d3:48:f9:ab:54:d2:d7:77:92
Signer

Actual PE Digest

51:78:60:42:68:c7:13:ef:63:6c:4d:e2:b1:56:db:4c:36:00:b3:f2:35:92:4f:d3:48:f9:ab:54:d2:d7:77:92

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

explorer.pdb

Imports

msvcp_win

?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
_Cnd_wait
?_Xinvalid_argument@std@@YAXPEBD@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
_Wcscoll
_Wcsxfrm
?id@?$collate@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?width@ios_base@std@@QEBA_JXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?flags@ios_base@std@@QEBAHXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
_Thrd_yield
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?width@ios_base@std@@QEAA_J_J@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Thrd_detach
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
_Cnd_do_broadcast_at_thread_exit
?_Incref@facet@locale@std@@UEAAXXZ
_Mtx_lock
_Mtx_unlock
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_initterm
_set_error_mode
_register_thread_local_exe_atexit_callback

api-ms-win-crt-string-l1-1-0

wcsncmp
wcscspn
memset
strncmp
wcscmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-private-l1-1-0

_o_free
_o_iswspace
_o_lround
_o_lroundf
_o_malloc
_o_memcpy_s
_o_pow
_o_realloc
_o_sqrt
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
_o_wcstoll
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__ltow_s
_o_ceilf
_o_ceil
__C_specific_handler_noexcept
_o__localtime64
_o__wcsnicmp
_o__wcslwr_s
_o__wcsicmp
_o_fmod
_o_exit
_o__itow_s
_o__itoa_s
_o__set_new_mode
_o__set_fmode
_o__set_errno
_o__set_app_type
_o__seh_filter_exe
_o__register_onexit_function
_o__recalloc
_o__purecall
_o_abort
_o__mktime64
_o_floorf
_o_floor
_o__wtoi
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
_o__get_errno
_o__exit
_o__errno
_o__difftime64
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__beginthreadex
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o____lc_codepage_func
wcsrchr
wcsstr
__std_terminate
__CxxFrameHandler4
_CxxThrowException

aepic

PicFreeFileInfo
PicRetrieveFileInfo

twinapi

ord9

api-ms-win-core-job-l2-1-0

OpenJobObjectW
AssignProcessToJobObject
CreateJobObjectW
QueryInformationJobObject
SetInformationJobObject

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-core-url-l1-1-0

PathIsURLW
HashData
UrlUnescapeW

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata
WerUnregisterCustomMetadata

api-ms-win-core-kernel32-private-l1-1-0

CheckElevation
CheckElevationEnabled

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetBoolUSValueW
SHRegGetUSValueW

api-ms-win-core-com-private-l1-1-0

CoRevokeInitializeSpy
CoRegisterInitializeSpy
CoRegisterMessageFilter

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
CreateActCtxW
DeactivateActCtx
ReleaseActCtx

ntdll

NtDeviceIoControlFile
NtQueryWnfStateData
NtSetInformationProcess
NtQueryInformationProcess
RtlCaptureContext
WinSqmAddToStream
NtClose
RtlGetVersion
ZwQuerySystemInformation
ZwQueryValueKey
ZwOpenKey
ZwClose
RtlReAllocateHeap
ZwEnumerateValueKey
ZwCreateFile
NtQueryInformationFile
RtlAppendUnicodeToString
RtlAnsiStringToUnicodeString
RtlImageDirectoryEntryToData
ZwUnmapViewOfSection
RtlNtPathNameToDosPathName
RtlUpcaseUnicodeChar
ZwCreateSection
RtlxAnsiStringToUnicodeSize
ZwQueryInformationProcess
RtlpEnsureBufferSize
RtlGetNativeSystemInformation
RtlVerifyVersionInfo
ZwQueryDirectoryFile
ZwSetInformationProcess
RtlInitUnicodeStringEx
ZwMapViewOfSection
RtlFormatCurrentUserKeyPath
ZwEnumerateKey
RtlInitString
ZwOpenFile
ZwQueryInformationFile
LdrResSearchResource
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlInitUnicodeString
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlFlushHeaps
NtSetSystemInformation
RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlNtStatusToDosError
RtlLookupFunctionEntry
RtlVirtualUnwind
strchr
memmove_s
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
wcschr
RtlAllocateHeap
RtlFreeHeap
RtlCompareUnicodeString
NtOpenProcessToken
NtQueryInformationToken
NtOpenThreadToken
wcsspn
WinSqmIsOptedIn
memcpy
memcmp
memmove
RtlAppendUnicodeStringToString
RtlRunOnceExecuteOnce
RtlCopyUnicodeString
RtlUpcaseUnicodeString
RtlNtStatusToDosErrorNoTeb
NtSetThreadExecutionState
NtPowerInformation
VerSetConditionMask
RtlQueryResourcePolicy
RtlQueryUnbiasedInterruptTime
NtQuerySystemInformation
RtlGetNtSystemRoot
NtOpenFile

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
SizeofResource
FreeLibrary
LockResource
LoadResource
FindResourceExW
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameA
LoadStringW
GetModuleHandleA
FindStringOrdinal
GetModuleFileNameW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSRWLockShared
CreateMutexExW
ReleaseSemaphore
AcquireSRWLockShared
EnterCriticalSection
SleepEx
DeleteCriticalSection
InitializeCriticalSectionEx
OpenMutexW
OpenEventW
WaitForSingleObject
ReleaseMutex
SetEvent
TryEnterCriticalSection
CreateEventW
CreateEventExW
WaitForSingleObjectEx
InitializeSRWLock
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
TryAcquireSRWLockShared
CreateSemaphoreExW
WaitForMultipleObjectsEx
AcquireSRWLockExclusive
CreateMutexW
ResetEvent
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode
GetLastError
SetLastError
RaiseException

api-ms-win-core-file-l1-1-0

GetFileAttributesExW
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetLongPathNameW
DeleteFileW
CompareFileTime
CreateFileW
WriteFile

api-ms-win-eventing-provider-l1-1-0

EventEnabled
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister
EventActivityIdControl
EventWrite

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolWork
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
WaitForThreadpoolIoCallbacks
CloseThreadpoolIo
TrySubmitThreadpoolCallback
CloseThreadpoolWait
SubmitThreadpoolWork
SetThreadpoolTimer
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenProcessToken
GetCurrentProcess
GetCurrentThreadId
SetThreadPriorityBoost
GetCurrentProcessId
ProcessIdToSessionId
QueueUserAPC
TlsSetValue
TlsAlloc
TerminateProcess
GetThreadPriority
TlsGetValue
CreateProcessW
OpenThreadToken
TlsFree
CreateThread
SetPriorityClass
GetExitCodeProcess
SetThreadPriority
GetProcessId
OpenThread
UpdateProcThreadAttribute
ResumeThread
GetPriorityClass
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
SetProcessShutdownParameters
ExitProcess
GetStartupInfoW

api-ms-win-core-localization-l1-2-0

FormatMessageW
FormatMessageA
GetCalendarInfoW
GetThreadUILanguage
GetLocaleInfoEx
GetLocaleInfoW
GetGeoInfoW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

SafeArrayDestroy
VarUI4FromStr
SysAllocString
SysFreeString
SafeArrayUnaccessData
SafeArrayCreate
VariantInit
VariantClear
SysStringLen
SysAllocStringByteLen
SafeArrayAccessData

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-shcore-sysinfo-l1-1-0

SetCurrentProcessExplicitAppUserModelID
IsOS

api-ms-win-core-com-l1-1-0

StringFromIID
CoCreateGuid
CLSIDFromString
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoFreeUnusedLibraries
CoRegisterClassObject
CoUninitialize
CoInitializeSecurity
CoEnableCallCancellation
CoDisableCallCancellation
CoCancelCall
IIDFromString
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CreateStreamOnHGlobal
StringFromCLSID
CoTaskMemRealloc
CoInitializeEx
CoRevokeClassObject
PropVariantClear
CoGetApartmentType
StringFromGUID2
CoGetCallContext
CoGetObjectContext
CoTaskMemAlloc
CoWaitForMultipleHandles
CoGetMalloc
CoGetStdMarshalEx
CoSetProxyBlanket
CoCreateInstance

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrToIntW
StrChrW
StrCmpNIW
StrCmpW
StrCmpIW
StrChrIW
StrCmpNICW
QISearch
StrCmpICW
StrCmpICA

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegQueryValueExW
RegDeleteKeyExW
RegCloseKey
RegDeleteTreeW
RegSetValueExW
RegOpenCurrentUser
RegCreateKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegEnumKeyExW
RegGetValueW
RegLoadMUIStringW

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_Set
IUnknown_QueryService
IUnknown_SetSite
IUnknown_GetSite

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalFree
LocalAlloc
LocalReAlloc

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemDirectoryW
GetSystemTime
GetTickCount
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetVersionExW
GetLocalTime

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW
GetCurrentDirectoryW
GetEnvironmentVariableW
SetEnvironmentVariableW
SearchPathW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveBlanksW
PathGetArgsW
PathIsFileSpecW
PathFindFileNameW
PathCommonPrefixW
PathFindExtensionW
PathRemoveFileSpecW
PathParseIconLocationW
SHExpandEnvironmentStringsW
PathQuoteSpacesW
PathCombineW
PathGetDriveNumberW
PathFileExistsW

api-ms-win-shcore-registry-l1-1-0

SHSetValueW
SHGetValueW
SHEnumKeyExW
SHDeleteValueW
SHRegGetValueW
SHDeleteKeyW
SHQueryInfoKeyW

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-winrt-string-l1-1-0

WindowsPromoteStringBuffer
WindowsCompareStringOrdinal
WindowsCreateString
WindowsDeleteStringBuffer
WindowsSubstringWithSpecifiedLength
WindowsPreallocateStringBuffer
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference
WindowsDuplicateString

api-ms-win-shcore-thread-l1-1-0

SHCreateThreadRef
SHSetThreadRef
SHGetThreadRef
SHCreateThread
SetProcessReference

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-security-base-l1-1-0

SetKernelObjectSecurity
EqualSid
AllocateAndInitializeSid
FreeSid
CreateWellKnownSid
GetTokenInformation
CopySid
GetSecurityDescriptorDacl
IsValidSid
InitializeAcl
GetAclInformation
GetAce
MakeAbsoluteSD
GetLengthSid
DeleteAce
AddAce
CheckTokenMembership
DuplicateToken

api-ms-win-core-psapi-l1-1-0

K32EnumProcessModules
K32GetModuleFileNameExW
K32GetModuleBaseNameW
QueryFullProcessImageNameW
K32EnumProcesses

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
TraceMessage
GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation
SetThreadDescription

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoActivateInstance
RoInitialize

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchCombine
PathCchAppend
PathAllocCombine
PathCchAddExtension
PathCchSkipRoot

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiW

api-ms-win-core-memory-l1-1-0

VirtualProtect
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
VirtualAlloc
VirtualFree

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
ord244

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-shcore-stream-l1-1-0

SHOpenRegStream2W
SHCreateMemStream
SHCreateStreamOnFileEx
SHCreateStreamOnFileW
IStream_Read
IStream_Write
IStream_Reset

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
ChangeTimerQueueTimer

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
GetNativeSystemInfo

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

userenv

DeriveAppContainerSidFromAppContainerName
GetProfileType

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime
GetDynamicTimeZoneInformation
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
CreateIoCompletionPort
DeviceIoControl
CancelIoEx

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
ReadDirectoryChangesW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
RegisterWaitForSingleObject
GetSystemPowerStatus

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
NotifyServiceStatusChangeW

api-ms-win-shcore-registry-l1-1-1

SHRegGetValueFromHKCUHKLM

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-stringansi-l1-1-0

CharNextA

api-ms-win-power-base-l1-1-0

GetPwrCapabilities
CallNtPowerInformation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord509
ord635
ord544
AssocQueryStringW
SHCreateWorkerWindowW
ord197
SHIsChildOrSelf
SHPinDllOfCLSID
ord279
ShellMessageBoxW
ord165
ord292
IUnknown_GetWindow
StrRetToStrW
StrRetToBufW
ord478
ord479
ord481
PathRemoveArgsW

api-ms-win-ntuser-sysparams-l1-1-0

EnumDisplayDevicesW
EnumDisplayMonitors
GetMonitorInfoW
QueryDisplayConfig
SystemParametersInfoW
GetDisplayConfigBufferSizes
GetSystemMetrics

api-ms-win-ntuser-rectangle-l1-1-0

IsRectEmpty
InflateRect
CopyRect
SubtractRect
SetRect
OffsetRect
IntersectRect
EqualRect
PtInRect
SetRectEmpty
UnionRect

api-ms-win-rtcore-ntuser-winevent-l1-1-0

NotifyWinEvent
SetWinEventHook
UnhookWinEvent

api-ms-win-shell-namespace-l1-1-0

ILRemoveLastID
ILClone
SHParseDisplayName
SHBindToFolderIDListParent
ILGetSize
ILCloneFirst
ILCombine
SHCreateItemFromIDList
SHGetNameFromIDList
SHCreateItemFromParsingName
SHGetIDListFromObject
ILFree
ILIsParent
ILFindLastID
SHBindToParent
SHBindToObject
ILIsEqual

dxgi

DXGIDeclareAdapterRemovalSupport

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

GetPointerInfo
GetCurrentInputMessageSource
EnableMouseInPointer
GetPointerType
GetPointerDevices

api-ms-win-storage-exports-internal-l1-1-0

SetThreadFlags
GetThreadFlags
SHGetKnownFolderIDList
SHGetFolderPathEx

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects

api-ms-win-appmodel-runtime-l1-1-0

GetPackagesByPackageFamily
GetPackageFullName

api-ms-win-rtcore-ntuser-wmpointer-l1-1-2

SetWindowFeedbackSetting

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

RegisterClipboardFormatW

api-ms-win-shell-dataobject-l1-1-1

DragQueryFileW

api-ms-win-rtcore-ntuser-private-l1-1-0

GetWindowBand
CreateWindowInBand

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

UnregisterPowerSettingNotification
RegisterPowerSettingNotification

api-ms-win-shell-changenotify-l1-1-1

SHChangeNotification_Unlock
SHChangeNotifyRegister
SHHandleUpdateImage
SHChangeNotification_Lock
SHChangeNotifyRegisterThread
SHChangeNotifyDeregister

propsys

InitVariantFromGUIDAsString
InitVariantFromResource
PSCreateMemoryPropertyStore
PropVariantToBoolean
PSPropertyBag_WriteStr
PropVariantToUInt32
PSPropertyBag_WriteDWORD
PropVariantToStringAlloc
PSGetPropertyFromPropertyStorage

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

api-ms-win-shell-dataobject-l1-1-0

SHCreateDataObject

api-ms-win-appmodel-runtime-l1-1-1

FindPackagesByPackageFamily
ParseApplicationUserModelId

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

gdi32

StretchBlt
ExcludeClipRect
SetStretchBltMode
Rectangle
GetCurrentObject
GetDeviceCaps
GetStockObject
SetRectRgn
OffsetRgn
CombineRgn
SelectClipRgn
DeleteObject
GetObjectW
DeleteDC
CreateCompatibleDC
SelectObject
GetClipBox
CreateFontIndirectW
CreateRectRgn
GetClipRgn
SetTextColor
SetTextAlign
GetTextMetricsW
ExtTextOutW
GetTextExtentPoint32W
CreateRectRgnIndirect
GetGlyphOutlineW
GetOutlineTextMetricsW

kernel32

GetModuleHandleExA
IsBadWritePtr
RtlCompareMemory
HeapDestroy
HeapReAlloc
HeapSize

wininet

InternetCrackUrlW

shcore

ord121
ord174
ord109
ord191
ord126
ord213
ord183
ord210
ord141
ord192
ord1
SHUnicodeToAnsi
ord187
ord123
ord190
ord162
ord142
ord200
ord184
ord186

shell32

ord172
ord743
ord907
ord43
ord680
Shell_GetCachedImageIndexW
ord790
ord792
ord727
ord162
SHAppBarMessage
ord894
ord906
ord181
ord895
SHGetLocalizedName
SHGetPropertyStoreForWindow
ord764
ord866
SHEvaluateSystemCommandTemplate
ord244
ExtractIconExW
ord132
ord137
Shell_NotifyIconW
Shell_NotifyIconGetRect
ord6
SHGetStockIconInfo
DuplicateIcon
ShellExecuteW
ord91
ord254
ord54
SHEnableServiceObject
ord61
ord896
SHAddToRecentDocs
ord60
SHUpdateRecycleBinIcon
ord711
SHFileOperationW
SHGetPathFromIDListW
ord753
ord885
ord67
SHCreateItemInKnownFolder
ord206
ord201
ord188
ord899
ShellExecuteExW
ord245
ord200
ord89
ord190
ord85
ord100
ord733
ord95
ord850
ord22
ord134
ord723

shlwapi

ord467
ord164
PathIsDirectoryW
ord413
ord548
ord163
AssocQueryKeyW
ChrCmpIW
PathIsRelativeW
AssocCreate

uxtheme

OpenThemeData
GetThemeBool
GetThemeBackgroundExtent
IsThemePartDefined
GetThemeMargins
ord138
BufferedPaintSetAlpha
ord126
GetThemePartSize
OpenThemeDataForDpi
IsThemeActive
GetBufferedPaintBits
GetThemeInt
GetThemeColor
GetThemeMetric
SetWindowTheme
GetWindowTheme
BufferedPaintUnInit
EndBufferedPaint
BeginBufferedPaint
BufferedPaintInit
CloseThemeData
DrawThemeParentBackground
DrawThemeBackground
ord86
GetThemeFont
DrawThemeTextEx
IsCompositionActive
IsAppThemed

dwmapi

ord113
DwmEnableBlurBehindWindow
DwmGetWindowAttribute
ord141
ord159
ord138
DwmRegisterThumbnail
ord139
DwmQueryThumbnailSourceSize
ord124
DwmUpdateThumbnailProperties
DwmIsCompositionEnabled
DwmUnregisterThumbnail
ord140
ord114
DwmSetWindowAttribute

user32

CalculatePopupWindowPosition
CopyIcon
GetLastInputInfo
GetCursorFrameInfo
AdjustWindowRect
GetDpiForWindow
SetWindowCompositionAttribute
SetGestureConfig
LoadImageW
CheckMenuItem
EnableMenuItem
GetDoubleClickTime
SetMenuDefaultItem
TrackPopupMenuEx
DeleteMenu
FillRect
DrawTextW
IsWindowUnicode
LoadAcceleratorsW
ChangeWindowMessageFilterEx
TranslateAcceleratorW
MonitorFromWindow
SetMenuItemInfoW
SetCursor
RemoveMenu
ReleaseCapture
LoadCursorW
ord2005
GetSystemMetricsForDpi
DrawIconEx
DestroyIcon
CopyImage
GetSysColor
GetCaretBlinkTime
InjectKeyboardInput
MapVirtualKeyExW
InjectMouseInput
LockWorkStation
TileWindows
GetCapture
SendInput
SetDesktopColorTransform
UnregisterClassA
ord2611
MonitorFromRect
GetGuiResources
IsHungAppWindow
ord2574
CascadeWindows
HungWindowFromGhostWindow
LoadIconW
IsIconic
DestroyMenu
LoadMenuW
GetSubMenu
CreateIconIndirect
SetCapture
GetMenuDefaultItem
CreatePopupMenu
GetMenuItemInfoW
MonitorFromPoint
ReplyMessage
GetAsyncKeyState
ModifyMenuW
GetSystemMenu
GetSysColorBrush
SetLayeredWindowAttributes
GetIconInfoExW
GetIconInfo
GetClassWord
GetClassLongW
GetPhysicalCursorPos
GetCursorInfo
ShowWindowAsync
SwitchToThisWindow
ReleaseDC
InsertMenuW
BringWindowToTop
ord2573
GhostWindowFromHungWindow
EndTask
IsTopLevelWindow
GetMenuState
SetScrollInfo
GetScrollInfo
SetScrollPos
GetMenuStringW
InternalGetWindowText
GetLayeredWindowAttributes
DrawTextExW
IsProcessDPIAware
SetThreadDpiAwarenessContext
GetLastActivePopup
GetWindowCompositionAttribute
GetWindowProcessHandle
GetClassLongPtrW
UpdateLayeredWindow
ord2521
UnregisterHotKey
GetDC
UnregisterClassW
ord2522
WindowFromDC
GetMenuInfo
SetMenuInfo
GetDpiForSystem
GetWindowDpiAwarenessContext
AreDpiAwarenessContextsEqual
CharLowerW
IsCharAlphaNumericW
RegisterHotKey
GetMenuItemCount
DefWindowProcA
SendDlgItemMessageW
EndDialog
ExitWindowsEx
TrackMouseEvent
AdjustWindowRectEx
GetKeyState

sspicli

GetUserNameExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-kernel32-legacy-l1-1-1

PowerSetRequest
PowerCreateRequest
VerifyVersionInfoW

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-2

SetTermsrvAppInstallMode

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-eventing-controller-l1-1-0

StopTraceW
StartTraceW
EnableTraceEx2

api-ms-win-core-job-l1-1-0

IsProcessInJob

rpcrt4

RpcStringBindingComposeW
RpcBindingFromStringBindingW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
NdrClientCall3

api-ms-win-appmodel-runtime-l1-1-3

GetStagedPackagePathByFullName2

api-ms-win-core-biptcltapi-l1-1-7

BiPtQueryWorkItem
BiPtFreeMemory
BiPtAssociateApplicationEntryPoint
BiPtEnumerateWorkItemsForPackageName

api-ms-win-appmodel-unlock-l1-1-0

IsDeveloperModeEnabled

api-ms-win-rtcore-ntuser-shell-l1-1-0

GetShellWindow

api-ms-win-ro-typeresolution-l1-1-1

RoCreatePropertySetSerializer

combase

GetErrorInfo
SetErrorInfo

Exports

Exports

g_trayTriageBlock

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 696KB - Virtual size: 693KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f832a3210ce364d59c55c2105020ae3d

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

51:78:60:42:68:c7:13:ef:63:6c:4d:e2:b1:56:db:4c:36:00:b3:f2:35:92:4f:d3:48:f9:ab:54:d2:d7:77:92Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-private-l1-1-0

aepic

twinapi

api-ms-win-core-job-l2-1-0

api-ms-win-core-windowserrorreporting-l1-1-3

api-ms-win-core-url-l1-1-0

api-ms-win-core-windowserrorreporting-l1-1-1

api-ms-win-core-kernel32-private-l1-1-0

api-ms-win-core-registryuserspecific-l1-1-0

api-ms-win-core-com-private-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-shcore-sysinfo-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-string-l2-1-1

api-ms-win-core-processthreads-l1-1-3

api-ms-win-core-registry-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-shcore-unicodeansi-l1-1-0

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

51:78:60:42:68:c7:13:ef:63:6c:4d:e2:b1:56:db:4c:36:00:b3:f2:35:92:4f:d3:48:f9:ab:54:d2:d7:77:92
Signer