wnh64[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

wnh64.dll
Size

15KB
MD5

eeddb9ca444d7d5730f1e5c1a1bc8a45
SHA1

e6ced60e38f6c55bd65c0a355215c79d83e49b78
SHA256

f728628e9e9208f36de582f8f8342f62f58feb861efca0de65587fd0f177c04b
SHA512

57db4931ea1e743506be96af64c219e8d72592914d27f81ad2bd7471ab4d942146edbc4efdced6f8d97173f7d90bcad9e346f0e28db4f690bf3bf9640f5d8b94
SSDEEP

192:ZR7rVL8lEbV/Tq4l0gx8iMyhc976ciqDLIig4RDD5:ZRlL8lEbV/Tvxfzhc9270Iigid

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
wnh64.dll

Files

wnh64.dll
.dll windows:6 windows x64

dce46c327948df7428eb579482b3b0ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DeviceIoControl
CreateFileW
CloseHandle
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
RtlCaptureContext

user32

MessageBoxA

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy
__C_specific_handler
memmove
memcpy
_CxxThrowException
__std_type_info_destroy_list
__std_terminate
__std_exception_destroy
memset

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_execute_onexit_table
_cexit
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

Exports

Exports

Java_net_minecraft_client_main_Main_init_10
Java_ru_wendoxd_celestial_Starter_messageBox

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dce46c327948df7428eb579482b3b0ce

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 708B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 76B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 708B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 76B