webst[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

webst.exe
Size

80KB
MD5

8b79632f552424d5939b402b0388c5a2
SHA1

166cc320cf59cc4101d24d11126375276e98d7a5
SHA256

ddfeeb69d9230eb26a56d67b86e98f1ce3a2934a384e1fb33c1a340d5420466b
SHA512

f7062e8bf52125b78eeb734664e2700b5660ce25c3b2781e8e1d3022945333652e68fac26814c8dbdddae43b1238c87d06b5a03cd9aab4035138774ef173cafe
SSDEEP

768:kFPsPYek7GTIv3L03MC1yMghgGm/XPRp7wSNbGTZSponkiB9gGbq0DB+2g6St/zK:kyTInlg9/X5p7wSNbcMpkbn1hSt/u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
webst.exe

Files

webst.exe
.exe windows x86

025c2297a1390d72d9a5595665027b94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetLastError
CopyFileA
WaitForSingleObject
GetModuleHandleA
CompareStringW
CompareStringA
GetSystemInfo
GetSystemDefaultUILanguage
GetModuleFileNameA
GetTempPathA
MoveFileA
MoveFileExA
CloseHandle
CreateThread
GetCurrentProcessId
lstrcpyA
GetCurrentProcess
ExitThread
Sleep
GetTickCount
LoadLibraryA
GetProcAddress
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetFilePointer
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
SetEnvironmentVariableA
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
TerminateProcess
HeapReAlloc
HeapSize

user32

wsprintfA

advapi32

CreateServiceA
LockServiceDatabase
ChangeServiceConfig2A
UnlockServiceDatabase
OpenServiceA
StartServiceA
RegSetValueExA
CloseServiceHandle
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenSCManagerA

ws2_32

select
__WSAFDIsSet
recv
WSAIoctl
WSAStartup
WSASocketA
send
setsockopt
htonl
sendto
WSACleanup
inet_addr
gethostbyname
socket
htons
connect
closesocket
WSAGetLastError

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

iphlpapi

GetIfTable

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

025c2297a1390d72d9a5595665027b94

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

wininet

iphlpapi

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 4KB