e4ffd8e0c99a3e374632d441d0386dbf5be12459a1939518d82f15e8a5ed236e

Sharing

Copy URL Twitter E-mail

General

Target

e4ffd8e0c99a3e374632d441d0386dbf5be12459a1939518d82f15e8a5ed236e
Size

2.1MB
MD5

2206dbf10c61c42c1bccc2dff2a843d9
SHA1

653412919b03fb1225a41b5de93e8623a5a97f35
SHA256

e4ffd8e0c99a3e374632d441d0386dbf5be12459a1939518d82f15e8a5ed236e
SHA512

66a34f8d5a4d259ce7d61511a25a13335d77de9890d33b9b1907a423d8337d7714944b403a56a934b3579e11d6acd1a57a9823c55cc197f4eebc595c8d67c314
SSDEEP

49152:0L5/qZEcQZ1CdwqyFxdqQTOjczhwUaWGJgQi/q5aHgAc:cCZFQowZFLQYWWKgQiH4

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WxDatViewerAutoExportRust.exe
unpack001/libWxIkunPlus.dll

Files

e4ffd8e0c99a3e374632d441d0386dbf5be12459a1939518d82f15e8a5ed236e
.zip
WxDatViewerAutoExportRust.exe
.exe windows:6 windows x64

d5309c0392b4094d6c992175efb7160a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libwxikunplus

_setWinIcon
_setStartup
_setCloseWindow
_openSelectFolder
_set_tray
_setShowWindows

ws2_32

__WSAFDIsSet
select

comctl32

_TrackMouseEvent

gdi32

Polyline
PolyPolygon
Pie
Arc
Polygon
MoveToEx
SelectClipRgn
RectInRegion
LineTo
EqualRgn
SetStretchBltMode
StretchDIBits
CombineRgn
CreateBitmap
CreateRectRgn
DeleteObject
GetDeviceCaps
GetRgnBox
RestoreDC
SaveDC
SelectObject
SetBkMode
SetDIBitsToDevice
SetTextAlign
UpdateColors
GetEnhMetaFileHeader
PlayEnhMetaFile
CreateDIBSection
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
ExtCreateRegion
GetRegionData
GetWindowOrgEx
SelectPalette
SetPixel
CreatePolygonRgn
LPtoDP
SetWindowOrgEx
OffsetRgn
GetDCOrgEx
GetDIBits
GetObjectA
GdiFlush
CreatePalette
CreatePen
CreateSolidBrush
GetStockObject
RealizePalette
ExtCreatePen
CreateFontW
EnumFontFamiliesW
GetGlyphOutlineW
GetTextExtentPoint32W
GetCharacterPlacementW
SetTextColor
GetTextMetricsA
TextOutW
DPtoLP
StretchBlt

ole32

RegisterDragDrop
RevokeDragDrop
DoDragDrop
ReleaseStgMedium
OleInitialize

shell32

DragQueryFileW
ShellExecuteA
SHGetFolderPathW

advapi32

SystemFunction036

user32

SetActiveWindow
GetWindow
GetParent
SetWindowLongA
SetRect
SetWindowTextW
SetWindowRgn
PostMessageA
GetForegroundWindow
SystemParametersInfoA
CreateIconIndirect
DestroyIcon
LoadIconA
LoadCursorA
GetWindowLongA
MapWindowPoints
ClientToScreen
GetCursorPos
GetSysColor
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
ValidateRgn
InvalidateRect
GetUpdateRgn
ReleaseDC
GetDC
GetSystemMetrics
SetForegroundWindow
ReleaseCapture
SetCapture
GetAsyncKeyState
GetKeyState
SetFocus
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
ChangeClipboardChain
SetClipboardViewer
GetClipboardOwner
CloseClipboard
OpenClipboard
BringWindowToTop
IsIconic
GetWindowPlacement
SetWindowPos
OpenIcon
DestroyWindow
WindowFromPoint
CreateWindowExW
CreateWindowExA
RegisterClassExW
DefWindowProcW
SendMessageA
PeekMessageW
PeekMessageA
DispatchMessageW
TranslateMessage
RegisterWindowMessageW
GetKeyboardLayout
SetWindowLongPtrA
GetWindowLongPtrA
SetLayeredWindowAttributes
ShowWindow
MessageBeep
PostThreadMessageA
MessageBoxA
FillRect
GetKeyboardState
MsgWaitForMultipleObjects
IsWindow

kernel32

CreateEventW
GetModuleHandleW
GetModuleFileNameW
ExitProcess
WriteConsoleW
CreateThread
TlsGetValue
TlsSetValue
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
CreateDirectoryW
GetFileInformationByHandleEx
ResetEvent
RtlUnwind
TlsAlloc
TlsFree
LoadLibraryExW
SetEvent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateMutexA
AcquireSRWLockShared
QueryPerformanceFrequency
TerminateProcess
GetStdHandle
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetCurrentDirectoryW
SetLastError
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThread
GetCurrentProcess
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
ReleaseSRWLockShared
ReleaseMutex
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetConsoleMode
GetFileInformationByHandle
ReleaseSemaphore
ReadDirectoryChangesW
CreateSemaphoreW
CancelIo
TryAcquireSRWLockExclusive
TryEnterCriticalSection
AreFileApisANSI
ReadFile
HeapCreate
HeapFree
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
UnmapViewOfFile
HeapValidate
HeapSize
Sleep
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
DeleteFileA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CloseHandle
GetModuleHandleA
GetProcAddress
LoadLibraryA
GlobalAlloc
GlobalUnlock
GlobalLock
GetLocaleInfoA
MultiByteToWideChar
WideCharToMultiByte
MulDiv
GetFileAttributesW
GetLogicalDrives
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
LoadLibraryW
GetComputerNameA
GetACP
LocalFree
FormatMessageW
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
GetSystemInfo
HeapReAlloc
DeleteFileW

gdiplus

GdipCreatePen1
GdipDeletePen
GdipSetPenDashArray
GdipSetPenDashStyle
GdipGetPenWidth
GdipSetPenWidth
GdipFillPieI
GdipDrawArcI
GdipAddPathPolygonI
GdipCreateSolidFill
GdipDrawPath
GdipDrawLineI
GdipScaleWorldTransform
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetPenColor
GdiplusShutdown
GdipSetSolidFillColor
GdipFillPath
GdipAddPathLine2I
GdipFree
GdipAlloc
GdipAddPathLineI
GdipAddPathLine2
GdipClosePathFigure
GdipDeleteBrush
GdipDeletePath
GdipCloneBrush
GdipCreatePath
GdiplusStartup
GdipSetPenLineJoin
GdipSetPenEndCap
GdipSetPenStartCap

ntdll

RtlNtStatusToDosError
NtReadFile
NtWriteFile

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

sqrtf
acos
fmodf
round
floorf
cosf
ceilf
__setusermatherr
atan2f
acosf
sqrt
roundf
tanf
ceil
floor
lround
cos
sin
sinf
pow
log

api-ms-win-crt-string-l1-1-0

_strdup
wcsncmp
isdigit
strcspn
_stricmp
islower
strlen
strcmp
strncpy
isprint
isalnum
isspace
isxdigit
strcpy_s
strncmp
isalpha
tolower
toupper
isupper

api-ms-win-crt-stdio-l1-1-0

ftell
_wsopen_dispatch
__stdio_common_vfscanf
getc
fgets
__stdio_common_vsprintf
fseek
__stdio_common_vsscanf
fwrite
fread
ferror
_close
feof
_wopen
_lseeki64
__stdio_common_vfprintf
fputc
_read
fflush
__acrt_iob_func
fopen
_wfopen
_set_fmode
_open
_write
__p__commode
fclose

api-ms-win-crt-heap-l1-1-0

_msize
calloc
malloc
realloc
_set_new_mode
free

api-ms-win-crt-convert-l1-1-0

mbstowcs
_strtoi64
strtol
atol
atoi
wcstombs

api-ms-win-crt-runtime-l1-1-0

_c_exit
strerror
_register_thread_local_exe_atexit_callback
_crt_atexit
_errno
_exit
abort
__p___argc
_wsystem
_initterm_e
_initterm
_get_initial_narrow_environment
__p___argv
raise
_initialize_onexit_table
exit
_register_onexit_function
_initialize_narrow_environment
_configure_narrow_argv
terminate
_set_app_type
_seh_filter_exe
_beginthreadex
_cexit
_endthreadex

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
_ftime64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_create_locale
setlocale
localeconv

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-filesystem-l1-1-0

_wmkdir
_waccess
_wchdir
_wrename
_wstat64i32
_wchmod
_wrmdir
_stat64i32
_wunlink

api-ms-win-crt-environment-l1-1-0

_wgetcwd
_wgetenv
_wputenv
getenv

api-ms-win-crt-process-l1-1-0

_wexecvp

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 839KB - Virtual size: 838KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libWxIkunPlus.dll
.dll windows:6 windows x64

1c93624877e61eb06804c4cf9446f8cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WriteConsoleW
CreateFileW
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetProcAddress
LoadLibraryA
OpenMutexA
CloseHandle
GetLastError
CreateMutexA
GetThreadId
GetModuleHandleW
K32GetModuleFileNameExA
GetCurrentProcessId
OpenProcess
GetModuleHandleA
GetLocaleInfoW
LCMapStringW
CompareStringW
SetEnvironmentVariableW
HeapAlloc
WaitForSingleObjectEx
GetCurrentThreadId
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
QueryPerformanceCounter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleFileNameW
HeapFree
RtlUnwind

user32

CloseWindow
PostThreadMessageW
DestroyMenu
DestroyWindow
SetActiveWindow
SetFocus
IsWindowVisible
IsWindow
SetWindowPos
GetWindowLongW
GetWindowRect
DispatchMessageW
TranslateMessage
GetMessageA
ShowWindow
CreateWindowExA
RegisterClassExA
LoadCursorW
DefWindowProcW
TrackPopupMenu
SetMenuDefaultItem
ModifyMenuA
AppendMenuA
EnableMenuItem
InsertMenuA
CreatePopupMenu
SetForegroundWindow
GetCursorPos
PostQuitMessage
LoadIconW

advapi32

RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ExtractIconA
SHBrowseForFolderA
Shell_NotifyIconA
SHGetPathFromIDListA

ole32

CoInitialize
CoUninitialize
CoTaskMemFree

Exports

Exports

_createMutex
_hasMutex
_openSelectFolder
_removeMutex
_setCloseWindow
_setShowWindows
_setStartup
_setWinIcon
_setWindowsTop
_set_tray

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5309c0392b4094d6c992175efb7160a

Headers

DLL Characteristics

File Characteristics

Imports

libwxikunplus

ws2_32

comctl32

gdi32

ole32

shell32

advapi32

user32

kernel32

gdiplus

ntdll

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-process-l1-1-0

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 839KB - Virtual size: 838KB

.data Size: 37KB - Virtual size: 62KB

.pdata Size: 148KB - Virtual size: 147KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 162KB - Virtual size: 161KB

.reloc Size: 14KB - Virtual size: 14KB

1c93624877e61eb06804c4cf9446f8cd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 173KB - Virtual size: 173KB

.rdata Size: 79KB - Virtual size: 79KB

.data Size: 6KB - Virtual size: 13KB

.pdata Size: 10KB - Virtual size: 10KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 839KB - Virtual size: 838KB

.data
Size: 37KB - Virtual size: 62KB

.pdata
Size: 148KB - Virtual size: 147KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 162KB - Virtual size: 161KB

.reloc
Size: 14KB - Virtual size: 14KB

.text
Size: 173KB - Virtual size: 173KB

.rdata
Size: 79KB - Virtual size: 79KB

.data
Size: 6KB - Virtual size: 13KB

.pdata
Size: 10KB - Virtual size: 10KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 2KB - Virtual size: 2KB