webpost[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

webpost.exe
Size

3.2MB
MD5

80f6d5406134b769ae480b2edceecb14
SHA1

d7c148b28e6a71504c037438dbc923d724cc9360
SHA256

d303709ccef28fccba1a2832cbfb0dcf3d895facaa87cd9a7e6cb36d3f083c61
SHA512

d96f162ae9c3177d030e541bf84751b3bc15882e90c89d910b3a0e37905f85351872fd7cc7f966106fe5cfe37fb5ab7eadc4a04963ccb1b1c065c76e6857cd46
SSDEEP

49152:sXM9OzHmFqcgVJ9fZkPIpppz0jC8J+RTJn9Q3Ju3+p2nli/B9yTLI/I6IJ7V1o+7:syOzGEcgVOga5w+DSB1o+7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
webpost.exe

Files

webpost.exe
.exe windows x86

eba5c6334692b52fb9bd6cd3ed0d64b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetUserNameA
IsTextUnicode
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueA
RegQueryValueExA
RegSetValueExA

kernel32

AllocConsole
CloseHandle
CompareFileTime
CompareStringA
CreateDirectoryA
CreateFileA
CreateFileMappingA
CreateFileW
CreateMutexA
CreatePipe
CreateProcessA
DeleteFileA
DuplicateHandle
EnterCriticalSection
EnumDateFormatsA
EnumTimeFormatsA
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushFileBuffers
FormatMessageA
FreeConsole
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDriveStringsA
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetProcessTimes
GetProfileIntA
GetProfileStringA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetSystemInfo
GetTempFileNameA
GetTempPathA
GetTickCount
GetTimeFormatA
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAddAtomA
GlobalAlloc
GlobalCompact
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalLock
GlobalMemoryStatus
GlobalMemoryStatusEx
GlobalReAlloc
GlobalSize
GlobalUnfix
GlobalUnlock
HeapAlloc
HeapFree
InterlockedDecrement
InterlockedIncrement
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockFile
LockFileEx
LockResource
MapViewOfFile
MoveFileA
MulDiv
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
RemoveDirectoryA
RtlUnwind
SearchPathA
SetConsoleCtrlHandler
SetConsoleTitleA
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetLocalTime
SetStdHandle
SetThreadLocale
SetUnhandledExceptionFilter
SetVolumeLabelA
SizeofResource
Sleep
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
WritePrivateProfileStringA
WriteProfileStringA
_hread
_hwrite
_lclose
_lcreat
_llseek
_lopen
_lread
lstrcatA
lstrcmpA
lstrcpyA
lstrcpynA
lstrlenA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winspool.drv

ClosePrinter
EndDocPrinter
EndPagePrinter
EnumPrintersA
GetPrinterA
OpenPrinterA
SetPrinterA
StartDocPrinterA
StartPagePrinter
WritePrinter

comctl32

ImageList_Add
ImageList_AddMasked
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
ImageList_LoadImageA
ord17
InitCommonControlsEx
_TrackMouseEvent
ImageList_Create

comdlg32

ChooseColorA
ChooseFontA
CommDlgExtendedError
FindTextA
GetOpenFileNameA
GetSaveFileNameA
PageSetupDlgA
PrintDlgA

gdi32

AbortDoc
AddFontResourceA
Arc
BeginPath
BitBlt
Chord
CloseEnhMetaFile
CloseMetaFile
CombineRgn
CreateBitmap
CreateBitmapIndirect
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateDIBitmap
CreateEllipticRgn
CreateEllipticRgnIndirect
CreateEnhMetaFileA
CreateFontA
CreateFontIndirectA
CreateHatchBrush
CreateMetaFileA
CreatePalette
CreatePatternBrush
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EndPath
EnumFontFamiliesA
EnumFontsA
Escape
ExcludeClipRect
ExtFloodFill
ExtTextOutA
ExtTextOutW
FillPath
FillRgn
FloodFill
FrameRgn
GetBkColor
GetCurrentObject
GetDIBits
GetDeviceCaps
GetEnhMetaFileA
GetEnhMetaFileHeader
GetMapMode
GetMetaFileA
GetMetaFileBitsEx
GetObjectA
GetObjectType
GetPixel
GetStockObject
GetTextAlign
GetTextColor
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentPointA
GetTextFaceA
GetTextMetricsA
GetTextMetricsW
GetViewportOrgEx
GetWinMetaFileBits
GetWindowOrgEx
LineTo
MoveToEx
OffsetRgn
PatBlt
PathToRegion
Pie
PlayEnhMetaFile
PlayMetaFile
PolyPolygon
PtInRegion
RealizePalette
Rectangle
RemoveFontResourceA
ResetDCA
RestoreDC
RoundRect
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBitsToDevice
SetMapMode
SetMetaFileBitsEx
SetPixel
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
SetTextColor
SetTextJustification
SetViewportExtEx
SetViewportOrgEx
SetWinMetaFileBits
SetWindowExtEx
SetWindowOrgEx
StartDocA
StartPage
StretchBlt
StretchDIBits
StrokeAndFillPath
StrokePath
TextOutA
TextOutW
UnrealizeObject

msimg32

AlphaBlend
TransparentBlt

shell32

DragAcceptFiles
DragQueryFileA
DragQueryPoint
ExtractIconA
SHBrowseForFolderA
SHGetFileInfoA
ShellAboutA
ShellExecuteA
SHGetPathFromIDListA
SHCreateDirectoryExA

user32

AppendMenuA
AppendMenuW
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcA
CharLowerA
CharToOemA
CharToOemBuffA
CharUpperA
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CloseWindow
CopyRect
CreateAcceleratorTableA
CreateCaret
CreateCursor
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
CreateMDIWindowA
CreateMenu
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DefWindowProcW
DestroyAcceleratorTable
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxIndirectParamA
DialogBoxIndirectParamW
DialogBoxParamA
DialogBoxParamW
DispatchMessageA
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawStateA
DrawTextA
DrawTextExA
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDialog
EndPaint
EnumChildWindows
EnumThreadWindows
EqualRect
ExitWindowsEx
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretPos
GetClassInfoA
GetClassInfoW
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetFocus
GetIconInfo
GetKeyState
GetKeyboardState
GetMenu
GetMenuBarInfo
GetMenuInfo
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetNextDlgTabItem
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSystemMenu
GetWindow
GetWindowDC
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
GetWindowWord
HideCaret
HiliteMenuItem
InsertMenuA
InsertMenuW
IntersectRect
InvalidateRect
InvertRect
IsChild
IsClipboardFormatAvailable
IsDialogMessageA
IsIconic
IsMenu
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadAcceleratorsA
LoadBitmapA
LoadBitmapW
LoadCursorA
LoadIconA
LoadImageA
LoadMenuA
LockWindowUpdate
MapDialogRect
MapVirtualKeyA
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
ModifyMenuA
MoveWindow
OemToCharA
OemToCharBuffA
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostMessageW
PostQuitMessage
PtInRect
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
ScrollWindow
ScrollWindowEx
SendInput
SendMessageA
SendMessageTimeoutA
SendMessageW
SetActiveWindow
SetCapture
SetCaretPos
SetClassLongA
SetClassWord
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetKeyboardState
SetLayeredWindowAttributes
SetMenu
SetMenuInfo
SetMenuItemBitmaps
SetMenuItemInfoA
SetParent
SetPropA
SetRectEmpty
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowTextW
SetWindowWord
SetWindowsHookExA
ShowCaret
ShowCursor
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TrackPopupMenuEx
TranslateAcceleratorA
TranslateMessage
UnhookWindowsHookEx
UpdateWindow
ValidateRect
WaitMessage
WinHelpA
WindowFromPoint
keybd_event
wsprintfA
GetSystemMetrics

winmm

waveOutOpen
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoGetClassObject
CoInitialize
CoTaskMemFree
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
OleCreateFromFile
OleCreateStaticFromData
OleDuplicateData
OleFlushClipboard
OleInitialize
OleSetContainedObject
OleUninitialize
ProgIDFromCLSID
ReleaseStgMedium
StgCreateDocfile
StgCreateDocfileOnILockBytes
StringFromCLSID

oleaut32

GetActiveObject
LoadTypeLi
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPutElement
SysAllocStringLen
SysFreeString
VarR8FromCy
VarR8FromDec
VariantClear
VariantCopy
VariantInit

oledlg

ord4

gdiplus

GdiplusStartup
GdiplusShutdown
GdipSetSmoothingMode
GdipSetPenWidth
GdipSetPenMode
GdipSetPenLineCap197819
GdipSetPenColor
GdipSetPageUnit
GdipSaveImageToFile
GdipImageRotateFlip
GdipGetImageWidth
GdipGetImageThumbnail
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageGraphicsContext
GdipFree
GdipFillRectangleI
GdipFillRectangle
GdipFillEllipse
GdipDrawRectangle
GdipDrawPath
GdipDrawLine
GdipDrawImageRectI
GdipDrawImageI
GdipDrawEllipse
GdipDrawArc
GdipDisposeImage
GdipDeletePen
GdipDeletePath
GdipDeleteGraphics
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipCreatePath
GdipCreateHBITMAPFromBitmap
GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipClosePathFigure
GdipCloneImage
GdipCloneBrush
GdipBitmapUnlockBits
GdipBitmapSetPixel
GdipBitmapLockBits
GdipBitmapGetPixel
GdipAlloc
GdipAddPathRectangleI
GdipAddPathLineI
GdipAddPathArcI

Exports

Exports

__DbgWndProc
__GetExceptDLLinfo
__WndProc
___CPPdebugHook

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 480KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eba5c6334692b52fb9bd6cd3ed0d64b7

Headers

File Characteristics

Imports

advapi32

kernel32

version

winspool.drv

comctl32

comdlg32

gdi32

msimg32

shell32

user32

winmm

ole32

oleaut32

oledlg

gdiplus

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.data Size: 1.4MB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 17KB - Virtual size: 20KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 480KB - Virtual size: 484KB

.reloc Size: 100KB - Virtual size: 100KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 1.4MB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 17KB - Virtual size: 20KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 480KB - Virtual size: 484KB

.reloc
Size: 100KB - Virtual size: 100KB