HwidSpoofer[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

HwidSpoofer.exe
Size

2.7MB
MD5

f05c1daa3ca451bc9f877564f8dc7978
SHA1

a4c95ce224d55b748dd82f3306105c483e9f434d
SHA256

ed7574324163913f93a136514e548e60956a7e51d997c8d2b734af126ebb140d
SHA512

93ad056eb8e0eb5bfa4ea384b247478530ef362b3c244a98db94f0d59be9f6ec0fec1b36504aa9a91914f431ae0a82ff703284673d1f27414941a7151fdb61ea
SSDEEP

49152:Tlx2S8Smqi8Ot/2mN5klTambFTSgjv3ubNeJouN/82r70:xx5lO8AETambFTFDzP8P

Score

1^/10

Malware Config

Signatures

Files

HwidSpoofer.exe
.exe windows x86

e14e2d3bcfae0db1014db6a560a2c8a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
RtlCaptureContext
NtCancelIoFileEx

kernel32

CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
GetTempPathW
CreateFileW
SetFilePointerEx
GetFileInformationByHandleEx
GetFullPathNameW
FindNextFileW
CreateDirectoryW
FindFirstFileW
FindClose
LoadLibraryA
WaitForSingleObjectEx
WriteConsoleW
GetFileInformationByHandle
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ExitProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentDirectoryW
CopyFileExW
SleepConditionVariableSRW
SetHandleInformation
WakeConditionVariable
PostQueuedCompletionStatus
CreateThread
AcquireSRWLockShared
WaitForSingleObject
GetConsoleMode
GetStdHandle
FlushFileBuffers
GetTickCount
MapViewOfFile
FormatMessageA
GetSystemTime
WideCharToMultiByte
FreeLibrary
GetCurrentProcessId
GetFileSize
LockFileEx
TlsFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
InitOnceComplete
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
TryAcquireSRWLockExclusive
GetFinalPathNameByHandleW
SetLastError
UnhandledExceptionFilter
SwitchToThread
GetProcessHeap
HeapAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
InitOnceBeginInitialize
GetCurrentThread
GetProcAddress
LocalFree
GetTimeZoneInformation
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
WakeAllConditionVariable
HeapReAlloc
GetSystemInfo
GetLastError
GetModuleHandleA
AcquireSRWLockExclusive
CloseHandle
HeapFree
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
CreateFileMappingW

crypt32

CertOpenStore
CertCloseStore
CertDuplicateCertificateContext
CryptUnprotectData
CertDuplicateStore
CertFreeCertificateContext
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateCertificateChain
CertAddCertificateContextToStore
CertEnumCertificatesInStore

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

ws2_32

ioctlsocket
connect
getsockopt
WSASend
bind
setsockopt
getaddrinfo
freeaddrinfo
closesocket
WSAStartup
WSAIoctl
getsockname
WSAGetLastError
getpeername
WSACleanup
recv
send
shutdown
WSASocketW

secur32

FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
EncryptMessage
QueryContextAttributesW
AcquireCredentialsHandleA
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
ApplyControlToken

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

vcruntime140

memcmp
memcpy
memset
memmove
__CxxFrameHandler3
strrchr
__current_exception
__current_exception_context
_except_handler4_common

api-ms-win-crt-string-l1-1-0

strncmp
strcmp
strlen
strcspn

api-ms-win-crt-utility-l1-1-0

qsort
_rotl64

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
_msize
realloc

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-math-l1-1-0

_dclass
log
__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_cexit
_beginthreadex
_initialize_onexit_table
_set_app_type
__p___argv
_configure_narrow_argv
_initialize_narrow_environment
_c_exit
_register_onexit_function
_get_initial_narrow_environment
_initterm
_initterm_e
_seh_filter_exe
__p___argc
_crt_atexit
terminate
_endthreadex
exit
_exit
_controlfp_s
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e14e2d3bcfae0db1014db6a560a2c8a5

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

crypt32

bcrypt

ws2_32

secur32

advapi32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 619KB - Virtual size: 619KB

.data Size: 19KB - Virtual size: 20KB

.reloc Size: 51KB - Virtual size: 51KB

.rsrc Size: 153KB - Virtual size: 153KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 619KB - Virtual size: 619KB

.data
Size: 19KB - Virtual size: 20KB

.reloc
Size: 51KB - Virtual size: 51KB

.rsrc
Size: 153KB - Virtual size: 153KB