WD80PPCPACKAide316g[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

WD80PPCPACKAide316g.exe
Size

17.0MB
MD5

346d64826c069abd6b0eaa51a719c9f9
SHA1

c100e8cc953b10c3094a93952aab2b490b5e96ee
SHA256

28f71ef47688c783dd800dfc27a7b237cb49daff9a7c98de1f937699770dc209
SHA512

d317ea40fc9d406344bb1a537cfe947a32ea30d684663e3bb1b0205a75fb5b9c6bae03845514489e7a960e049b1f40627e6488d3172524d14ba456d14d91c36b
SSDEEP

393216:xiGZ2YdWO3q0O910m9oWewMSmrW4+8L8JaFLchA2hGuIQL7ORwlkX326:Dxxaf104oaP34TL8JYLSAqGuIFRRn9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WD80PPCPACKAide316g.exe

Files

WD80PPCPACKAide316g.exe
.exe windows x86

a9a847ebd7ad053d4675a749432f448f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockFile
UnlockFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
ReadFile
SetFileTime
DeleteFileA
CreateDirectoryA
RemoveDirectoryA
FindClose
GetFileTime
FindFirstFileA
SetFileAttributesA
FindNextFileA
GetVersionExA
GetTempPathA
GetCurrentDirectoryA
GetTempFileNameA
GetProcAddress
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
WriteFile
CloseHandle
GetLastError
OpenProcess
GetModuleFileNameA
CompareStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
CreateProcessA
LockResource
LoadResource
FindResourceA
Sleep
GetExitCodeProcess
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetErrorMode
CreateFileA
SetLastError
GetModuleHandleA
GetStartupInfoA
InitializeCriticalSection
FormatMessageA
LocalFree
GetFullPathNameA

user32

SendDlgItemMessageA
LoadStringA
LoadIconA
GetSystemMetrics
DefWindowProcA
RegisterClassA
GetSysColor
GetClientRect
UpdateWindow
ShowWindow
CreateWindowExA
DestroyWindow
SendMessageA
CharToOemBuffA
OemToCharBuffA
IsDlgButtonChecked
GetDlgItemTextA
GetParent
SetWindowPos
SetDlgItemTextA
CheckDlgButton
DialogBoxParamA
EndDialog
GetDC
FillRect
DrawTextA
ReleaseDC
SetWindowTextA
GetDlgItem
IsWindow

gdi32

SetTextColor
SetBkMode
SetROP2
GetStockObject
SelectObject
CreateSolidBrush
DeleteObject

comctl32

ord17

shell32

ShellExecuteA
SHGetPathFromIDListA
SHBrowseForFolderA

ole32

OleInitialize

advapi32

RegOpenKeyExA
RegQueryValueExA

msvcrt

_controlfp
memchr
_vsnprintf
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
memmove
strcat
_mbsnbcat
_snprintf
strncmp
calloc
_mbsstr
_mbclen
_mbschr
wcslen
vsprintf
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
memset
strcpy
malloc
strlen
free
_ismbcalnum
_makepath
_stati64
_purecall
_exit
_mbsinc
atoi
_mbscmp
_mbsicmp
_mbsnbcpy
_mbsrchr
_mbspbrk
realloc
abs

Exports

Exports

CommandeComposante

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9a847ebd7ad053d4675a749432f448f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

shell32

ole32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 9KB - Virtual size: 8KB