wd230Session[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

wd230Session.exe
Size

714KB
MD5

a65a9dc3b094542f24447d0488e0204a
SHA1

daaf7e7e677c309d378d899581b7543b9fb073fd
SHA256

a9b55aac967c10b9b343135ac22985aac577002d93aa83d8a917b9f465792d2a
SHA512

755c264b04c1d1a034041d58460838104ba2b26406523ed3bb12223376dc750936e563db222e2d51c7be7317d9357152f56f11b32e8e820e66cb21264f08592b
SSDEEP

12288:BvlpjpdoUp4vFXMEsElRqfDJVZfVhnT3sahdO2wf0RMbj4kVVT01DYtw8M6XJ10M:tTj75+GEsElR2DfFyWuj4EVTS8M6XJ1r

Score

1^/10

Malware Config

Signatures

Files

wd230Session.exe
.exe windows x86

470b3f7dc629497753c084c1543deef5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/10/2017, 00:00

Not After

04/12/2019, 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

56:af:d0:5c:75:6b:6f:db:d9:23:13:c0:fb:5b:a7:37:3b:03:49:38
Signer

Actual PE Digest

56:af:d0:5c:75:6b:6f:db:d9:23:13:c0:fb:5b:a7:37:3b:03:49:38

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedExchangeAdd
GetEnvironmentVariableW
InterlockedIncrement
SetEvent
GetCurrentProcessId
WideCharToMultiByte
GetLastError
SetEnvironmentVariableW
HeapCompact
GetProcessHeap
GetCurrentProcess
Sleep
LoadLibraryW
VirtualQuery
GetProcAddress
GetCurrentThreadId
GetTickCount
MultiByteToWideChar
HeapFree
HeapAlloc
HeapReAlloc
InterlockedExchange
DeleteCriticalSection
ProcessIdToSessionId
GetEnvironmentVariableA
CloseHandle
OpenProcess
CreateProcessW
SetLastError
GetModuleHandleW
LoadLibraryExA
LoadLibraryExW
SetCurrentDirectoryW
WaitForSingleObject
GetProcessId
GetCommandLineW
SetEnvironmentVariableA
VirtualProtect
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
IsDebuggerPresent
CreateEventW
OpenEventW
ReleaseMutex
GetComputerNameExW
GetPrivateProfileStringW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetSystemTime
InterlockedCompareExchange
InterlockedCompareExchange64
TerminateProcess
LCMapStringW
GetExitCodeProcess
DebugActiveProcess
FreeLibrary
SetThreadPriority
GetCurrentThread
FormatMessageW
LocalFree
HeapCreate
HeapDestroy
FindResourceW
LoadResource
LockResource
GetLocalTime
GetFileInformationByHandle
GetLogicalDriveStringsW
GetVolumeInformationW
WriteFile
ReadFile
SetFilePointer
LockFile
LockFileEx
UnlockFile
UnlockFileEx
FlushFileBuffers
SetEndOfFile
SetFileValidData
SetErrorMode
SystemTimeToFileTime
FileTimeToSystemTime
CreateFileW
DeleteFileW
GetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
FindFirstFileW
FindClose
SetFileAttributesW
FindFirstFileExW
FindNextFileW
GetTempPathW
GetCurrentDirectoryW
GetTempFileNameW
GetFullPathNameW
GetDriveTypeW
FileTimeToLocalFileTime
IsBadReadPtr
GetModuleFileNameW
GetModuleFileNameA
GetVersionExW
GetSystemInfo
GetOverlappedResult
DisconnectNamedPipe
PeekNamedPipe
ConnectNamedPipe
CreateNamedPipeW
CompareStringW
GetTimeZoneInformation
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
OpenMutexW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetFileType
SystemTimeToTzSpecificLocalTime
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
GetStringTypeW
GetDateFormatW
GetTimeFormatW
GetConsoleCP
GetConsoleMode
SetStdHandle
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
WriteConsoleW
HeapSize
DecodePointer
ReadConsoleW

Exports

Exports

CommandeComposante
Execution
_PCS001
bInitWLConvFromVM

Sections

.text
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

470b3f7dc629497753c084c1543deef5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9bCertificate

Extended Key Usages

Key Usages

56:af:d0:5c:75:6b:6f:db:d9:23:13:c0:fb:5b:a7:37:3b:03:49:38Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 502KB - Virtual size: 501KB

.rdata Size: 145KB - Virtual size: 144KB

.data Size: 5KB - Virtual size: 8KB

.gfids Size: 512B - Virtual size: 248B

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 29KB - Virtual size: 29KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

56:af:d0:5c:75:6b:6f:db:d9:23:13:c0:fb:5b:a7:37:3b:03:49:38
Signer

.text
Size: 502KB - Virtual size: 501KB

.rdata
Size: 145KB - Virtual size: 144KB

.data
Size: 5KB - Virtual size: 8KB

.gfids
Size: 512B - Virtual size: 248B

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 29KB - Virtual size: 29KB