XWCWheJ[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XWCWheJ.exe
Size

6.9MB
MD5

c2e0cde7eebc536238de272803bee604
SHA1

4d08382465925437e2836164d471d1164247e800
SHA256

01ae71169019a9d0e1e40ebd24488f3e10bd74ccfa13a0c7dd2178450d8ab663
SHA512

ce828baafc72da036af813cb19323aba9d6300f9b1aa9964dec2495ad24232d7bce1828d0c56061b939426456651ae6a99c143e83ca20d2e9670dcc92c15bd0f
SSDEEP

196608:1SHhBV1T21rxzZQs8uIKrKCVlAe7YyrSlXboY:MBFMrJZQs8u5tye7Y9XboY

Score

N/A

Malware Config

Signatures

Files

XWCWheJ.exe
.exe windows x86

a1780ccc00e2502d418a134b5923887e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDebuggerPresent
GetCurrentThreadId
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
TlsGetValue
TlsAlloc
TerminateProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
GetProcessHeap
IsProcessorFeaturePresent
HeapAlloc
GetCPInfo
RtlUnwind
RaiseException
AreFileApisANSI
GetProcAddress
GetModuleHandleExW
ExitProcess
GetStringTypeW
MultiByteToWideChar
DeleteCriticalSection
DecodePointer
EncodePointer
GetStdHandle
ReadFile
SetFilePointerEx
FlushFileBuffers
WriteFile
GetModuleFileNameW
LoadLibraryExW
QueryPerformanceCounter
GetSystemTimeAsFileTime
OutputDebugStringW
LCMapStringW
GetOverlappedResult
GetConsoleCP
GetProcessTimes
HeapFree
GetThreadTimes
GetModuleHandleA
GetOEMCP
GetFileType
EnterCriticalSection
SetStdHandle
GetLastError
SetCurrentDirectoryA
GetEnvironmentVariableA
GetTimeZoneInformation
WriteConsoleW
GetTimeFormatW
LeaveCriticalSection
GetConsoleMode
TlsSetValue
SetCommState
ReadConsoleW
SetEndOfFile
GetCurrentThread
GetModuleHandleW
WaitForSingleObject
GlobalLock
SetHandleInformation
GetCurrentProcess
GetCommState
GetDateFormatW
CreateThread
DeleteFileA
SetLastError
CreateFileW
WideCharToMultiByte
GetTickCount
TlsFree
GetCurrentProcessId
CloseHandle
FindNextFileA
LocalAlloc
GetLocalTime
FindClose
HeapSize
IsDBCSLeadByteEx
GetStartupInfoW
GetSystemDirectoryA
WaitNamedPipeA
GetLocaleInfoA
GlobalMemoryStatus
CreateFileA
GetModuleFileNameA
GetCommandLineA
GetSystemTime
LocalFree
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateFileMappingA
GetACP
MulDiv
Beep
SetCommBreak
GetEnvironmentStringsW
MapViewOfFile
HeapReAlloc
UnhandledExceptionFilter
GetCommandLineW

user32

LoadIconA
GetCapture
DrawFocusRect
CreatePopupMenu
ClientToScreen
DestroyWindow
DestroyAcceleratorTable
SetWindowRgn
SetTimer
GetWindowRect
PostQuitMessage
SendDlgItemMessageA
IsZoomed
DeleteMenu
CreateDialogIndirectParamA
GetWindowTextA
UnionRect
CreateWindowExA
SetScrollPos
SetClassLongA
DrawStateW
DestroyCaret
ShowWindow
SystemParametersInfoA
ScrollWindowEx
DrawTextW
UpdateWindow
EnableWindow
GetDlgItemTextA
DialogBoxParamA
GetMessageTime
SetCursor
MsgWaitForMultipleObjects
SendMessageA
ShowCaret
GetDC
InflateRect
SetRect
EnableScrollBar
AppendMenuA
RemoveMenu
RegisterClassW
SetWindowTextA
GetCaretBlinkTime
EndPaint
ScreenToClient
TrackPopupMenu
CreateMenu
GetWindowTextLengthA
SetScrollRange
LoadAcceleratorsW
ShowCursor
BeginDeferWindowPos
GetKeyboardState
OffsetRect
SetPropA
GetKeyboardLayout
CheckMenuRadioItem
GetScrollInfo
GetWindowLongA
EndDialog
RedrawWindow
DestroyCursor
CheckDlgButton
PostMessageA
UnhookWindowsHookEx
GetSystemMetrics
AdjustWindowRect
ToUnicode
SetScrollInfo
CopyRect
IsRectEmpty
GetDoubleClickTime
DispatchMessageA
ShowOwnedPopups
GetSystemMenu
IsIconic
RemovePropA
SetFocus
WaitMessage
WinHelpA
GetQueueStatus
BringWindowToTop
EnableMenuItem
GetDlgItem
ScrollWindow
IsDlgButtonChecked
DrawMenuBar
CreateCaret
CheckRadioButton
DeferWindowPos
SetCaretPos
InsertMenuA
LoadCursorA
DestroyIcon
SetDlgItemTextA
TranslateMDISysAccel
MoveWindow
UnregisterClassA

gdi32

CreateFontIndirectA
CreatePalette
CreateBitmap
DeleteObject
CombineRgn
RectInRegion
GetCharWidthA
SetPolyFillMode
GetCurrentPositionEx
GetTextExtentExPointA
GetCharWidth32A
SetROP2
RoundRect
SetTextAlign
EqualRgn
RealizePalette
SaveDC
OffsetRgn
Rectangle
PtInRegion
SetPixel
StretchBlt
CreateFontA
ExtFloodFill
Pie
PatBlt
TranslateCharsetInfo
GetBitmapBits
GetBrushOrgEx
GetCharWidthW
Polyline
GetCharABCWidthsW
GetDIBColorTable
GetBkColor
StretchDIBits
CreateHalftonePalette
Polygon
GetBkMode
CreateHatchBrush
GetTextExtentPoint32A
SetWinMetaFileBits
GetStockObject
EndDoc
SetStretchBltMode
ExtCreateRegion
CreateCompatibleBitmap
CreateCompatibleDC
SelectClipRgn
CreateDCA
GetDeviceCaps
CreatePolygonRgn
GetPixel
GetTextExtentPointW
GetCharWidth32W
UnrealizeObject
GetWinMetaFileBits
SetDIBColorTable
MoveToEx
SetWindowExtEx
PolyPolygon
GetSystemPaletteEntries
TextOutA
ExtTextOutA
GetTextMetricsA
CreatePatternBrush
GetTextExtentPointA
CreateDIBitmap
CreateBitmapIndirect
GetNearestPaletteIndex

advapi32

RegSetValueExA
GetUserNameA
AllocateAndInitializeSid
RegDeleteValueA
RegQueryValueExA
GetLengthSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyA

shell32

CommandLineToArgvW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5.8MB - Virtual size: 55.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1780ccc00e2502d418a134b5923887e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 5.8MB - Virtual size: 55.1MB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 5.8MB - Virtual size: 55.1MB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 21KB - Virtual size: 21KB