sswws[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sswws.exe
Size

6.6MB
MD5

1d05f76f4424d758d0d22a8480e7e47d
SHA1

b0cefee037e88aaa835d69aea0ccdbdd5197a2f5
SHA256

45425dcc12f9f320cc02c3935e6b33893dfce631679cf093ad7eaa1c02deae3d
SHA512

8ff6dd770068cf84542d1d28869b99a53ae949d77169ef4672673f2df38d159c86c367afb2fb760707dab3acf404af6a7b1dbaa1ed33558d771391e0426b888b
SSDEEP

98304:Jnkr+jowOcjXWeTUNeKxoEKSPfF3BAUZLo6:oVcjXWeT9KxoEHnF3Vk6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sswws.exe

Files

sswws.exe
.exe windows:6 windows x64

8a2135d383c54bc960bc6e172054f188

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

SystemFunction036
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
DeregisterEventSource
RegisterEventSourceW
ReportEventW

kernel32

GetCurrentProcessId
RtlCaptureContext
GetCurrentProcess
GetCurrentThread
SetLastError
GetEnvironmentVariableW
GetLastError
FormatMessageW
GetModuleFileNameW
GetFullPathNameW
GetCurrentDirectoryW
DeleteCriticalSection
WideCharToMultiByte
GetConsoleMode
SetConsoleMode
GetFileType
GetFileInformationByHandle
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
VirtualFree
DuplicateHandle
GetCurrentThreadStackLimits
QueryPerformanceCounter
QueryPerformanceFrequency
CreateIoCompletionPort
GetQueuedCompletionStatusEx
VirtualAlloc
GetSystemTimePreciseAsFileTime
CancelIoEx
ReadFile
GetTimeZoneInformation
CreateFileW
CloseHandle
FindNextFileW
FindFirstFileW
FindClose
Sleep
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
FormatMessageA
GetSystemInfo
VirtualProtect
VirtualLock
SwitchToFiber
DeleteFiber
CreateFiberEx
MultiByteToWideChar
RtlVirtualUnwind
GetStdHandle
WriteFile
GetModuleHandleW
GetSystemTimeAsFileTime
GetACP
ConvertFiberToThread
ConvertThreadToFiberEx
ReadConsoleA
ReadConsoleW
GetSystemTime
SystemTimeToFileTime
SetThreadStackGuarantee
WaitForSingleObject
CreateMutexA
DebugBreak
SetUnhandledExceptionFilter
VirtualQuery
GetModuleHandleA
GlobalAlloc
GlobalFree
GetEnvironmentVariableA
CreateFileA
SetFilePointer
InitializeCriticalSection
GetTickCount
GetModuleFileNameA
SetEvent
ResetEvent
CreateEventA
CreateThread
ExitThread
GetExitCodeThread
SuspendThread
ResumeThread
GetThreadContext
GetProcessAffinityMask
RtlLookupFunctionEntry
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
HeapSize
RaiseException
WriteConsoleW
GetProcessHeap
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
FindFirstFileExW
OutputDebugStringW
SetCurrentDirectoryW
GetFileSizeEx
FlushFileBuffers
HeapReAlloc
SetEndOfFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
LoadLibraryExW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetCPInfo
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
SetConsoleCtrlHandler
SetFilePointerEx
DeleteFileW
SetStdHandle
GetFileAttributesExW
AddVectoredExceptionHandler
InitializeCriticalSectionAndSpinCount
SetConsoleOutputCP
GetConsoleOutputCP
SetConsoleCP
GetConsoleCP
IsValidCodePage
ReleaseMutex
ExitProcess
GetModuleHandleExW
TlsFree

ws2_32

gethostbyname
WSAStartup
socket
WSAIoctl
closesocket
getaddrinfo
WSASocketW
setsockopt
bind
listen
shutdown
connect
accept
send
recv
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
inet_ntoa
inet_addr
freeaddrinfo
htonl
WSACleanup
htons
select
getsockopt
ioctlsocket
getpeername
inet_ntop
WSARecv
WSAGetOverlappedResult
WSASend
WSAGetLastError
ntohs
getsockname

dbghelp

SymGetOptions
StackWalk64
SymGetLineFromAddrW64
SymGetModuleInfoW64
SymGetModuleBase64
SymFromAddrW
SymSetOptions
SymInitializeW

bcrypt

BCryptGenRandom

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

crypt32

CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty

Exports

Exports

_libiconv_version

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a2135d383c54bc960bc6e172054f188

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ws2_32

dbghelp

bcrypt

user32

crypt32

Exports

Exports

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 30KB - Virtual size: 1.5MB

.pdata Size: 216KB - Virtual size: 215KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 30KB - Virtual size: 1.5MB

.pdata
Size: 216KB - Virtual size: 215KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 42KB - Virtual size: 41KB