WMIPICMP[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

WMIPICMP.dll
Size

86KB
MD5

96f5664d91354834f444d33d9f6faa29
SHA1

5ab5e18d321504e792dcf5e91e8d77692e6293d7
SHA256

c5c1464fb80f2394b6652c22ec12d78f74bb851fd923055a15c432f8785871f2
SHA512

349dde4ec5dc6399e31f7211b9223f57d6460ff503f78eb56d922600d8c82262ca340efea8bb0a2f290da048e76de6134bd2e8f03ddad17fdae7caa911146017
SSDEEP

1536:LFd8wSkP4CQjU8MEGRa/FG8SJonFZpJFuCGcN816gX5XA:RdtP4CQ6NIgponXpJkON66gXxA

Score

N/A

Malware Config

Signatures

Files

WMIPICMP.dll
.dll regsvr32 windows x64

f4b5a7c32e87beeaa4d07fcdefe4378b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_lock
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
memcpy
_unlock
wcschr
__dllonexit
iswspace
_vsnprintf
atol
sscanf_s
?terminate@@YAXXZ
malloc
free
swprintf_s
towupper
__RTtypeid
??8type_info@@QEBAHAEBV0@@Z
towlower
memmove
_onexit
_purecall
mbstowcs
_wcsicmp
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
__CxxFrameHandler3
memset

ntdll

RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-synch-l1-2-0

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
Sleep
DeleteCriticalSection

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW
LoadStringW

api-ms-win-core-com-l1-1-1

CoRevertToSelf
StringFromGUID2
CoGetCallContext

ws2_32

FreeAddrInfoW
WSAIoctl
closesocket
WSAStartup
WSACleanup
WSAGetLastError
socket
GetAddrInfoW

oleaut32

SysFreeString
VariantCopy
VariantChangeType
SafeArrayDestroy
VariantInit
SysAllocString
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayAccessData
VariantClear

api-ms-win-core-processthreads-l1-1-2

GetCurrentThread
GetCurrentProcess
TerminateProcess
OpenThreadToken
SetThreadToken
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-handle-l1-1-0

CloseHandle

iphlpapi

Icmp6CreateFile
Icmp6ParseReplies
IcmpCloseHandle
IcmpCreateFile
Icmp6SendEcho2
IcmpParseReplies
IcmpSendEcho2

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-2-0

HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcessHeap
HeapCreate

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-localization-l1-2-1

LCMapStringW

api-ms-win-downlevel-kernel32-l2-1-0

lstrlenA
lstrlenW

provthrd

??0WmiUnsignedIntegerRangeNode@@QEAA@PEAGKHHHHKKPEAVWmiTreeNode@@1@Z
??1WmiUnsignedIntegerRangeNode@@UEAA@XZ
??0WmiSignedIntegerRangeNode@@QEAA@PEAGKHHHHJJPEAVWmiTreeNode@@1@Z
??1WmiSignedIntegerRangeNode@@UEAA@XZ
??0WmiStringRangeNode@@QEAA@PEAGKHHHH00PEAVWmiTreeNode@@1@Z
??1WmiStringRangeNode@@UEAA@XZ
?Print@WmiUnsignedIntegerRangeNode@@UEAAXXZ
?Copy@WmiUnsignedIntegerRangeNode@@UEAAPEAVWmiTreeNode@@XZ
?Print@WmiSignedIntegerNode@@UEAAXXZ
?Copy@WmiSignedIntegerNode@@UEAAPEAVWmiTreeNode@@XZ
??1WmiNullNode@@UEAA@XZ
??0WmiNullNode@@QEAA@PEAGKPEAVWmiTreeNode@@@Z
??1WmiUnsignedIntegerNode@@UEAA@XZ
?Copy@WmiUnsignedIntegerNode@@UEAAPEAVWmiTreeNode@@XZ
??0WmiUnsignedIntegerNode@@QEAA@PEAGKKPEAVWmiTreeNode@@@Z
??1WmiSignedIntegerNode@@UEAA@XZ
??0WmiSignedIntegerNode@@QEAA@PEAGJKPEAVWmiTreeNode@@@Z
?Print@WmiUnsignedIntegerNode@@UEAAXXZ
?Copy@WmiSignedIntegerRangeNode@@UEAAPEAVWmiTreeNode@@XZ
?Print@WmiSignedIntegerRangeNode@@UEAAXXZ
?Print@WmiStringRangeNode@@UEAAXXZ
?Copy@WmiStringRangeNode@@UEAAPEAVWmiTreeNode@@XZ
?Print@WmiStringNode@@UEAAXXZ
?Copy@WmiStringNode@@UEAAPEAVWmiTreeNode@@XZ
?CopyNode@WmiTreeNode@@UEAAPEAV1@XZ
??1WmiStringNode@@UEAA@XZ
??0WmiStringNode@@QEAA@PEAG0W4WmiValueFunction@WmiValueNode@@1KPEAVWmiTreeNode@@@Z
?Print@WmiNullNode@@UEAAXXZ
?Copy@WmiNullNode@@UEAAPEAVWmiTreeNode@@XZ
?Query@QueryPreprocessor@@QEAA?AW4QuadState@1@PEAGAEAPEAUSQL_LEVEL_1_RPN_EXPRESSION@@@Z
??0QueryPreprocessor@@QEAA@XZ
??1QueryPreprocessor@@UEAA@XZ
?PreProcess@QueryPreprocessor@@QEAA?AW4QuadState@1@PEAXPEAUSQL_LEVEL_1_RPN_EXPRESSION@@AEAPEAVWmiTreeNode@@@Z
?PreProcess@QueryPreprocessor@@QEAA?AW4QuadState@1@PEAXPEAUSQL_LEVEL_1_RPN_EXPRESSION@@PEAVWmiTreeNode@@KPEAPEAGAEAPEAVPartitionSet@@@Z

wbemcomn

GetQFDN_Ipv6
GetFQDN_Ipv4

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4b5a7c32e87beeaa4d07fcdefe4378b

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-com-l1-1-1

ws2_32

oleaut32

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-handle-l1-1-0

iphlpapi

api-ms-win-core-registry-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-downlevel-kernel32-l2-1-0

provthrd

wbemcomn

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 336B

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 336B