xwizard[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

xwizard.exe
Size

54KB
MD5

8581f29c5f84b72c053dbcc5372c5db6
SHA1

64f9d0c258b0fd6ca49edb722ef4270815dfb8e9
SHA256

03b63fd1ab52129733f576554de9540d3f5e224405837a3d1adf5c0a68b1d21b
SHA512

774b6bd85e12aa3369a6830d806359d9ce8e9e1ac990144c57d1a9c6ef9d67b8a9640831a44185cfaf6915e82faa29f1ed70354657c592c4234b86aca58417f1
SSDEEP

1536:B//0VR2zUoK4VD2WTVcURDoq4OZZZLlCIib4:R/0VR2fVD2GV9RD68wb

Score

N/A

Malware Config

Signatures

Files

xwizard.exe
.exe windows x86

878b18532266618387dc445e265148dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_cexit
_wcmdln
_exit
exit
__set_app_type
_except_handler4_common
__p__fmode
_errno
realloc
?terminate@@YAXXZ
__wgetmainargs
_lock
_initterm
_unlock
__dllonexit
_amsg_exit
__p__commode
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
wcsncpy_s
malloc
free
memcpy_s
_onexit
??1type_info@@UAE@XZ
_controlfp
__CxxFrameHandler3
__setusermatherr
memset

oleaut32

VarUI4FromStr

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LoadResource
SizeofResource
GetProcAddress
GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetModuleFileNameW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableFlags
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
TraceMessage

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

user32

CreateWindowExW
DefWindowProcW
DestroyWindow
MessageBoxW
RegisterClassW
LoadIconW
LoadCursorW

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
CreateActCtxW
ActivateActCtx
ReleaseActCtx

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

878b18532266618387dc445e265148dd

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

user32

api-ms-win-core-sidebyside-l1-1-0

Sections

.text Size: 19KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 1KB - Virtual size: 1KB