WMSServer[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WMSServer.exe
Size

167KB
MD5

a2f143a48808017065668199e231f60d
SHA1

558fe2c874310f8ecbbe2ea87d0161e54d375c80
SHA256

8ec09acdb87b98652483b44ea2e8e6f1a82dd42a094eade301f6bef2aed2eba3
SHA512

bdcaf683e2c27cc6a5171daa4331841acf0e90204e4a1a6772bdd748f7044194c485a87b400fb0e4dfca03b8c06fbb4fc503e604c36b491a61f88c4e576f7b41
SSDEEP

3072:sat1IN7lN7roauQmRVxBJ2Ln/Tb28W/WrL1ArL1urN7:s7n7+Z/2/u07

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WMSServer.exe

Files

WMSServer.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ