| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | shieldfile.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | 05b873d23710afe4f9ef895a2dc8364ed1347930 |
| MD5: | bc44ae10bdc3f7c67a0d4d7c3dbd3e69 |
| First Seen Date: | 2016-11-02 18:05:07.799563 ( ) |
| Number of Clients Seen: | 2 |
| Last Analysis Date: | 2016-11-02 18:05:07.799563 ( ) |
| Human Expert Analysis Date: | 2016-11-03 14:00:08.699796 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| number of sections | 5 |
| compilation time stamp | 0x54504041 [Wed Oct 29 01:17:53 2014 UTC] |
| LegalCopyright | \xa9 Microsoft Corporation. All rights reserved. |
| InternalName | SpeechUXWiz.exe |
| FileVersion | 6.3.9600.17415 (winblue_r4.141028-1500) |
| CompanyName | Microsoft Corporation |
| ProductName | Microsoft\xae Windows\xae Operating System |
| ProductVersion | 6.3.9600.17415 |
| FileDescription | Speech UX Configuration |
| OriginalFilename | SpeechUXWiz.exe |
| Translation | 0x0409 0x04b0 |
| entry point | 0x425740 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 473600 |
| sha256 | 08ec8468483525ebc4898ae477d742a9947dfcb1a1d92c89b79f7d0db2d9ed73 |
| mime type | application/x-dosexec |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x2b540 | 0x2b600 | 6.332133 | - |
| .data | 0x2d000 | 0x1e44 | 0xe00 | 3.386044 | - |
| .idata | 0x2f000 | 0x3dd6 | 0x3e00 | 5.853758 | - |
| .rsrc | 0x33000 | 0x3fdf0 | 0x3fe00 | 7.200771[SUSPICIOUS] | - |
| .reloc | 0x73000 | 0x3444 | 0x3600 | 6.662544 | - |
-
ADVAPI32.dll
- GetTraceLoggerHandle
- GetTraceEnableLevel
- GetTraceEnableFlags
- RegisterTraceGuidsW
- UnregisterTraceGuids
- RegCreateKeyExW
- RegCloseKey
- OpenProcessToken
- GetTokenInformation
- RegOpenKeyExW
- ConvertSidToStringSidW
- RegQueryValueExW
- RegSetValueExW
- RegDeleteValueW
- TraceMessage
- EventRegister
- EventUnregister
- ConvertStringSecurityDescriptorToSecurityDescriptorW
- EventWrite
-
USER32.dll
- GetWindowThreadProcessId
- MsgWaitForMultipleObjectsEx
- PeekMessageW
- TranslateMessage
- DispatchMessageW
- RegisterWindowMessageW
- ChangeWindowMessageFilterEx
- EnumWindows
- IsDialogMessageW
- SendInput
- IsWindowVisible
- SetCursor
- LoadCursorW
- SendMessageW
- GetFocus
- SetFocus
- CharLowerBuffW
- SetTimer
- KillTimer
- SendNotifyMessageW
- GetSystemMetrics
- GetDC
- ReleaseDC
- GetGUIThreadInfo
- GetWindow
- CharUpperW
- UnregisterClassA
- LoadStringW
- GetActiveWindow
- PostMessageW
- FindWindowW
- SystemParametersInfoW
- MessageBeep
- SetForegroundWindow
- GetForegroundWindow
- IsWindow
- GetDesktopWindow
- CharUpperBuffW
-
msvcrt.dll
- floor
- _ftol2_sse
- _ftol2
- _CIlog10
- _wtoi64
- wcsspn
- wcscspn
- memcpy_s
- memmove_s
- _vsnwprintf
- wcschr
- _vscwprintf
- vswprintf_s
- _wcsdup
- _purecall
- tolower
- ??0exception@@QAE@ABQBD@Z
- _ultow_s
- _beginthreadex
- _wcslwr_s
- calloc
- iswspace
- iswdigit
- iswpunct
- wcsrchr
- _wcsicmp
- swscanf_s
- memset
- __CxxFrameHandler3
- _errno
- realloc
- wcspbrk
- iswalpha
- _wcsicoll
- wcsstr
- _except_handler4_common
- _controlfp
- ??1type_info@@UAE@XZ
- _onexit
- __dllonexit
- _unlock
- _lock
- ?terminate@@YAXXZ
- _wcmdln
- _initterm
- __setusermatherr
- __p__fmode
- _cexit
- _exit
- exit
- __set_app_type
- __wgetmainargs
- _amsg_exit
- __p__commode
- _XcptFilter
- _CxxThrowException
- _callnewh
- ?what@exception@@UBEPBDXZ
- ??1exception@@UAE@XZ
- ??0exception@@QAE@ABV0@@Z
- ??0exception@@QAE@XZ
- malloc
- free
- iswlower
- iswupper
- memmove
- memcpy
-
GDI32.dll
- GetDeviceCaps
-
SHELL32.dll
- SHGetFolderPathW
- ShellExecuteW
- ShellExecuteExW
-
ole32.dll
- CoCreateInstance
- StringFromCLSID
- PropVariantClear
- CLSIDFromString
- CreateStreamOnHGlobal
- CoTaskMemFree
- CoUninitialize
- CoInitializeEx
- CoTaskMemAlloc
-
OLEAUT32.dll
- SysStringByteLen
- SysAllocStringLen
- SysAllocString
- SysAllocStringByteLen
- VarBstrCmp
- VariantInit
- SysStringLen
- SysFreeString
- VariantClear
-
ntdll.dll
- WinSqmAddToStream
- ShipAssert
- VerSetConditionMask
- WinSqmIsOptedIn
- WinSqmSetDWORD
- WinSqmIncrementDWORD
- ShipAssertMsgW
-
gdiplus.dll
- GdipGetImageWidth
- GdipGetImageHeight
- GdipCloneImage
- GdipCreateBitmapFromStream
- GdipCreateBitmapFromScan0
- GdipAlloc
- GdipDisposeImage
- GdipDrawImageRectI
- GdipDeleteGraphics
- GdipGetImageGraphicsContext
- GdipCreateHBITMAPFromBitmap
- GdiplusShutdown
- GdipGetImagePixelFormat
- GdiplusStartup
- GdipFree
-
COMCTL32.dll
- None
- None
- None
- PropertySheetW
-
KERNEL32.dll
- Sleep
- GetStartupInfoW
- SetUnhandledExceptionFilter
- GetModuleHandleA
- QueryPerformanceCounter
- GetCurrentProcessId
- GetCurrentThreadId
- GetSystemTimeAsFileTime
- GetTickCount
- UnhandledExceptionFilter
- GetCurrentProcess
- TerminateProcess
- SizeofResource
- LockResource
- LoadResource
- FindResourceExW
- GetLastError
- CreateMutexW
- SetLastError
- OpenMutexW
- LocalFree
- CloseHandle
- GetModuleFileNameW
- CreateActCtxW
- ActivateActCtx
- DeactivateActCtx
- ReleaseActCtx
- ReleaseMutex
- GetLocaleInfoW
- WaitForSingleObject
- CreateFileW
- ReadFile
- VerifyVersionInfoW
- GetSystemDirectoryW
- LoadLibraryW
- GetProcAddress
- FreeLibrary
- CreateEventW
- GetExitCodeThread
- SetEvent
- GetSystemTime
- SystemTimeToFileTime
- GetProcessHeap
- HeapFree
- HeapAlloc
- RaiseException
- CompareStringW
- DeleteCriticalSection
- EnterCriticalSection
- LeaveCriticalSection
- GetVersionExW
- GetNativeSystemInfo
- CompareFileTime
- DeleteFileW
- WriteFile
- FlushFileBuffers
- SetFileAttributesW
- RemoveDirectoryW
- CopyFileW
- GetTempPathW
- GetTempFileNameW
- CreateDirectoryW
- OutputDebugStringA
- LCIDToLocaleName
- GetUserDefaultUILanguage
- GetUserDefaultLangID
- K32GetProcessMemoryInfo
- GetLocalTime
- FileTimeToSystemTime
- LocalAlloc
- FormatMessageW
- LoadLibraryExW
- OpenProcess
- SetThreadExecutionState
- QueryFullProcessImageNameW
- ExpandEnvironmentStringsW
- GlobalUnlock
- GlobalFree
- FindResourceW
- GlobalAlloc
- GlobalLock
- FreeResource
- HeapSize
- HeapReAlloc
- HeapDestroy
- GetThreadLocale
- InitializeCriticalSection
- ResetEvent
- SetWaitableTimer
- CreateWaitableTimerW
-
wer.dll
- WerReportAddFile
- WerReportSetParameter
- WerReportSubmit
- WerReportCreate
-
SHLWAPI.dll
- PathRemoveFileSpecW
- PathAppendW
RT_ICON
RT_GROUP_ICON
RT_VERSION
RT_MANIFEST