WmiPrvSE[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

WmiPrvSE.exe
Size

408KB
MD5

64aca4f48771a5ba50cd50f2410632ad
SHA1

f43bb99194f75a0fc535700d688e45750c4ff14d
SHA256

960056479dc34a7de757813e9eb6ecc72c58ee5d5ba36151baa86201bae82f9f
SHA512

2997f2b640816ead0441b7c9b27b7cccfb329d3647daf6a77e34881f6fe6babea97a701aeaea5fba252c1ecfeb76011a96a1a1dc07e969c2b3d1619ffa83596e
SSDEEP

12288:vJT6x/4ScXEnFvznaqwIJyBdqa2gzhlE88IoJw:Ex2GFvTaqwIJyBdqaDzhlOI

Score

1^/10

Malware Config

Signatures

Files

WmiPrvSE.exe
.exe windows x86

0ca53e98401212233f08b3c410dcda01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_acmdln
_initterm
??1type_info@@UAE@XZ
_ismbblead
__p__fmode
_lock
_cexit
_exit
_unlock
exit
__dllonexit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
??8type_info@@QBEHABV0@@Z
_onexit
_except_handler4_common
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_controlfp
memcmp
?terminate@@YAXXZ
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
memmove
__CxxFrameHandler3
memcpy
_CxxThrowException
_purecall
_itow
wcstok
_vsnwprintf
__setusermatherr
memset

ntdll

RtlNtStatusToDosError
RtlAddAccessAllowedAce
NtQuerySystemInformation
RtlCreateAcl
RtlLengthSid
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwTraceMessage

api-ms-win-core-synch-l1-1-0

CreateEventW
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjectsEx
DeleteCriticalSection
SetEvent
InitializeCriticalSectionAndSpinCount

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

GetLengthSid
GetAclInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
CopySid
InitializeAcl
GetTokenInformation
MapGenericMask
AccessCheck
MakeAbsoluteSD
AddAce
GetSecurityDescriptorLength
MakeSelfRelativeSD
RevertToSelf
SetSecurityDescriptorDacl

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
GetStartupInfoW
OpenThreadToken
SwitchToThread
TlsFree
GetCurrentProcess
GetCurrentThreadId
OpenProcessToken
CreateThread
TlsAlloc
GetCurrentThread
TerminateProcess
GetCurrentProcessId

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-string-l1-1-0

CompareStringW
GetStringTypeExW

api-ms-win-core-heap-l1-1-0

HeapCreate
HeapDestroy
HeapFree
GetProcessHeap
HeapAlloc
HeapSetInformation

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyExW
RegCreateKeyExW
RegSetValueExW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWrite

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-localization-l1-2-0

LCMapStringW

api-ms-win-core-threadpool-legacy-l1-1-0

ChangeTimerQueueTimer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

fastprox

?Release@CWbemCallSecurity@@UAGKXZ
?QueryInterface@CWbemCallSecurity@@UAGJABU_GUID@@PAPAX@Z
?GetThreadSecurity@CWbemCallSecurity@@UAGJW4tag_WMI_THREAD_SECURITY_ORIGIN@@PAPAU_IWmiThreadSecHandle@@@Z
?AddRef@CWbemCallSecurity@@UAGKXZ
?New@CWbemCallSecurity@@SGPAV1@XZ
?SetThreadSecurity@CWbemCallSecurity@@UAGJPAU_IWmiThreadSecHandle@@@Z

ncobjapi

WmiEventSourceDisconnect
WmiDestroyObject
WmiSetAndCommitObject
WmiEventSourceConnect
WmiCreateObjectWithFormat

wbemcomn

BreakOnDbgAndRenterLoop
GetMemLogObject
?Write@CMemoryLog@@QAEXJ@Z
_ThrowMemoryException_
?Init@CPublishWMIOperationEvent@@SGJXZ
?PublishProviderStarted@CPublishWMIOperationEvent@@SGJPAGJ0K0@Z
?GetPreferredLanguages@CMUILocale@@SGJKPAPAGPAK@Z
?_Free@CMUILocale@@SGHPAX@Z
?SetPreferredLanguages@CMUILocale@@SGJKPBGPAK@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ca53e98401212233f08b3c410dcda01

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-apiquery-l1-1-0

fastprox

ncobjapi

wbemcomn

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 310KB - Virtual size: 310KB

.data Size: 5KB - Virtual size: 6KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 232B

.rsrc Size: 63KB - Virtual size: 62KB

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 310KB - Virtual size: 310KB

.data
Size: 5KB - Virtual size: 6KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 232B

.rsrc
Size: 63KB - Virtual size: 62KB

.reloc
Size: 22KB - Virtual size: 21KB