Werner[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Werner.exe
Size

654KB
MD5

ace6843868a0bb86e5c9ac0bcd8f4a41
SHA1

c7dd4b0fc5405964fa95f2dd775162b294f54bdc
SHA256

90213592d6d156eb852e31e9a70312d075c2f06ffff19326ee031eaa074ef10e
SHA512

bac2b39f5a30c300fcc7f234db398c8796f2e9ca679275051c9dc878c4de378ed630a0e1c13ed576cee2963dd791a9a4984cda1831553dd3c7c93d3b3db6f4ba
SSDEEP

12288:8I0d2zcW+g8IkuveyqrjAWsydTNNqd4mt6xNINlX3izZZ4NpXyO:Tcl2LeDjwM/1fzZC7Xy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Werner.exe

Files

Werner.exe
.exe windows x86

Password: w

fe26ace6b9e71422715722511bbaac2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetMessageA
DispatchMessageA
GetWindowRect
SetWindowPos
DefWindowProcA
GetMonitorInfoA
MonitorFromWindow
SetWindowLongA
GetAsyncKeyState
GetWindowLongA
GetForegroundWindow
GetSystemMetrics
SetRect
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
TranslateMessage
GetWindowThreadProcessId
AttachThreadInput
ShowWindow
SetForegroundWindow
SetFocus
FindWindowA

msvcr100

??3@YAXPAX@Z
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__FrameUnwindFilter
_amsg_exit
_cexit
??0exception@std@@QAE@ABV01@@Z
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxUnregisterExceptionObject
??_V@YAXPAX@Z
??2@YAPAXI@Z
_CxxThrowException
exit
memmove
memset
_vsnprintf
__CxxQueryExceptionSize
??1exception@std@@UAE@XZ
strstr
?__ExceptionPtrCopy@@YAXPAXPBX@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ

kernel32

GetTickCount
WaitForSingleObject
VirtualFreeEx
Sleep
LoadLibraryA
GetProcAddress
GetProcessId
CreateToolhelp32Snapshot
Module32First
Module32Next
CloseHandle
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
CreateThread
SetConsoleTextAttribute
GetStdHandle
OpenProcess
Beep
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateRemoteThread

msvcp100

?_Incref@facet@locale@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

dwmapi

DwmExtendFrameIntoClientArea

d3d9

Direct3DCreate9Ex

d3dx9_43

D3DXMatrixScaling
D3DXMatrixRotationZ
D3DXCreateFontA
D3DXCreateSprite
D3DXMatrixMultiply
D3DXCreateTextureFromFileInMemory
D3DXMatrixTranslation

mscoree

_CorExeMain

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 594KB - Virtual size: 593KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: w

fe26ace6b9e71422715722511bbaac2d

Headers

DLL Characteristics

File Characteristics

Imports

user32

msvcr100

kernel32

msvcp100

dwmapi

d3d9

d3dx9_43

mscoree

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 594KB - Virtual size: 593KB

.data Size: 32KB - Virtual size: 40KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 594KB - Virtual size: 593KB

.data
Size: 32KB - Virtual size: 40KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB