Static task
static1
General
-
Target
winghci.exe
-
Size
255KB
-
MD5
93fd1ffee12bc48648838833f4958ce8
-
SHA1
f8ec6a78dbf3697974bb90bc2cc6e705eaac3b97
-
SHA256
c83f4b311da51e41d28644d0ab28204ce876e4c9e91d436c90220b642b5c88d9
-
SHA512
8933f51f8d013288388dd22b0ffbe5ce4a9e6b56122dd050d9811671c469afd1c66a86e80d32ba663db320e8c5f5f5ed9b9a367b849af13accd7b1396e702ee7
-
SSDEEP
3072:IoQOJuZ06yYz2BgXyGSYz8Z5BIquX7fIjV8r+Vrfr6z:5f6yYz22XfS1INTAV8Oj+
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource winghci.exe
Files
-
winghci.exe.exe windows x86
ff500a60df71041176f7bb7fabe645f9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
comctl32
ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Draw
shlwapi
PathRelativePathToW
kernel32
GlobalLock
InitializeCriticalSection
LeaveCriticalSection
Beep
GlobalUnlock
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
PeekNamedPipe
CreateProcessW
SetHandleInformation
WaitForSingleObject
WriteFile
LoadLibraryW
GetExitCodeProcess
ReadFile
FlushFileBuffers
CreateEventW
WaitForMultipleObjects
CreatePipe
DeleteCriticalSection
CloseHandle
CreateThread
GetLocaleInfoW
HeapSize
LCMapStringA
LoadLibraryA
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
Sleep
SetHandleCount
LocalFree
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LCMapStringW
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
GetProcAddress
GetModuleHandleW
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
InterlockedDecrement
InterlockedIncrement
GetShortPathNameW
SetCurrentDirectoryW
LocalAlloc
GetCurrentDirectoryW
GetLastError
GetModuleFileNameW
lstrlenW
FormatMessageW
GetEnvironmentStringsW
ExitProcess
SetEvent
SignalObjectAndWait
GetFileType
HeapAlloc
HeapFree
user32
TrackPopupMenu
LoadCursorW
GetClientRect
SetFocus
RegisterClassExW
LoadIconW
EnableMenuItem
LoadStringW
DefWindowProcW
TranslateAcceleratorW
GetMessageW
TranslateMessage
LoadAcceleratorsW
DispatchMessageW
CreateWindowExW
CloseClipboard
GetKeyState
IsClipboardFormatAvailable
MessageBeep
GetClipboardData
OpenClipboard
IsIconic
IsZoomed
ShowWindow
MoveWindow
PostQuitMessage
GetWindowRect
GetParent
SetWindowPos
GetMenuItemID
GetSubMenu
ModifyMenuW
GetMenu
GetDlgItemInt
GetDC
SetDlgItemInt
InvalidateRect
GetWindowTextW
ReleaseDC
SendDlgItemMessageW
CheckDlgButton
IsDlgButtonChecked
MessageBoxW
UpdateWindow
EndPaint
DialogBoxParamW
BeginPaint
GetWindowLongW
SetWindowLongW
EndDialog
LoadBitmapW
SetWindowTextW
wsprintfW
GetDlgItem
GetDlgItemTextW
SetDlgItemTextW
SendMessageW
AppendMenuW
CreatePopupMenu
gdi32
SetBkMode
EnumFontFamiliesExW
CreateSolidBrush
DeleteObject
GetObjectW
SetBkColor
comdlg32
ChooseColorW
GetOpenFileNameW
advapi32
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
shell32
DragQueryFileW
DragFinish
CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW
Sections
.text Size: 76KB - Virtual size: 75KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 151KB - Virtual size: 151KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ