a1efc23097a874b173b90ee76a2fd75b0d1085233fc2495bf2e2aa636460c903

Sharing

Copy URL Twitter E-mail

General

Target

a1efc23097a874b173b90ee76a2fd75b0d1085233fc2495bf2e2aa636460c903
Size

84KB
MD5

03b953790a1770253301fa7d4f5ea225
SHA1

08e56cd9de3b381a4261890f209483995ca3f9ff
SHA256

a1efc23097a874b173b90ee76a2fd75b0d1085233fc2495bf2e2aa636460c903
SHA512

6c56d3d8ed9272667aa8ad4eb8aa2004c5da6f7a69a2003fe62a7b14481f3d5367ba982c3ab31f5b338febf3e6facf049ce08fa027bab8df6f290dfde504c5fd
SSDEEP

1536:1fdeVOcp/SPFM3XjDI4TKMmRlnZzFZhqRZW8ekRgP/fqCBap2D4FK6BZFR7D+LJy:1Fdcp/fXjDI4T5mR9rT8ekyyCBoe4s6D

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/womtrust.dll
unpack001/wontrust.dll

Files

a1efc23097a874b173b90ee76a2fd75b0d1085233fc2495bf2e2aa636460c903
.zip
womtrust.dll
.dll regsvr32 windows:6 windows x64

804df78f28d79db45ff0710e86813c0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsW

kernel32

CreateFileW
LoadLibraryA
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
RaiseException
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW

Exports

Exports

AddPersonalTrustDBPages
CatalogCompactHashDatabase
ComputeFirstPageHash
ConfigCiFinalPolicy
CryptCATAdminAcquireContext
CryptCATAdminAcquireContext2
CryptCATAdminAddCatalog
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminCalcHashFromFileHandle2
CryptCATAdminEnumCatalogFromHash
CryptCATAdminPauseServiceForBackup
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminRemoveCatalog
CryptCATAdminResolveCatalogPath
CryptCATAllocSortedMemberInfo
CryptCATCDFClose
CryptCATCDFEnumAttributes
CryptCATCDFEnumAttributesWithCDFTag
CryptCATCDFEnumCatAttributes
CryptCATCDFEnumMembers
CryptCATCDFEnumMembersByCDFTag
CryptCATCDFEnumMembersByCDFTagEx
CryptCATCDFOpen
CryptCATCatalogInfoFromContext
CryptCATClose
CryptCATEnumerateAttr
CryptCATEnumerateCatAttr
CryptCATEnumerateMember
CryptCATFreeSortedMemberInfo
CryptCATGetAttrInfo
CryptCATGetCatAttrInfo
CryptCATGetMemberInfo
CryptCATHandleFromStore
CryptCATOpen
CryptCATPersistStore
CryptCATPutAttrInfo
CryptCATPutCatAttrInfo
CryptCATPutMemberInfo
CryptCATStoreFromHandle
CryptCATVerifyMember
CryptSIPCreateIndirectData
CryptSIPGetCaps
CryptSIPGetInfo
CryptSIPGetRegWorkingFlags
CryptSIPGetSealedDigest
CryptSIPGetSignedDataMsg
CryptSIPPutSignedDataMsg
CryptSIPRemoveSignedDataMsg
CryptSIPVerifyIndirectData
DllRegisterServer
DllUnregisterServer
DriverCleanupPolicy
DriverFinalPolicy
DriverInitializePolicy
FindCertsByIssuer
GenericChainCertificateTrust
GenericChainFinalProv
HTTPSCertificateTrust
HTTPSFinalProv
IsCatalogFile
MsCatConstructHashTag
MsCatFreeHashTag
OfficeCleanupPolicy
OfficeInitializePolicy
OpenPersonalTrustDBDialog
OpenPersonalTrustDBDialogEx
SoftpubAuthenticode
SoftpubCheckCert
SoftpubCleanup
SoftpubDefCertInit
SoftpubDllRegisterServer
SoftpubDllUnregisterServer
SoftpubDumpStructure
SoftpubFreeDefUsageCallData
SoftpubInitialize
SoftpubLoadDefUsageCallData
SoftpubLoadMessage
SoftpubLoadSignature
TrustDecode
TrustFindIssuerCertificate
TrustFreeDecode
TrustIsCertificateSelfSigned
TrustOpenStores
WTGetSignatureInfo
WTHelperCertCheckValidSignature
WTHelperCertFindIssuerCertificate
WTHelperCertIsSelfSigned
WTHelperCheckCertUsage
WTHelperGetAgencyInfo
WTHelperGetFileHandle
WTHelperGetFileHash
WTHelperGetFileName
WTHelperGetKnownUsages
WTHelperGetProvCertFromChain
WTHelperGetProvPrivateDataFromChain
WTHelperGetProvSignerFromChain
WTHelperIsChainedToMicrosoft
WTHelperIsChainedToMicrosoftFromStateData
WTHelperIsInRootStore
WTHelperOpenKnownStores
WTHelperProvDataFromStateData
WVTAsn1CatMemberInfo2Decode
WVTAsn1CatMemberInfo2Encode
WVTAsn1CatMemberInfoDecode
WVTAsn1CatMemberInfoEncode
WVTAsn1CatNameValueDecode
WVTAsn1CatNameValueEncode
WVTAsn1IntentToSealAttributeDecode
WVTAsn1IntentToSealAttributeEncode
WVTAsn1SealingSignatureAttributeDecode
WVTAsn1SealingSignatureAttributeEncode
WVTAsn1SealingTimestampAttributeDecode
WVTAsn1SealingTimestampAttributeEncode
WVTAsn1SpcFinancialCriteriaInfoDecode
WVTAsn1SpcFinancialCriteriaInfoEncode
WVTAsn1SpcIndirectDataContentDecode
WVTAsn1SpcIndirectDataContentEncode
WVTAsn1SpcLinkDecode
WVTAsn1SpcLinkEncode
WVTAsn1SpcMinimalCriteriaInfoDecode
WVTAsn1SpcMinimalCriteriaInfoEncode
WVTAsn1SpcPeImageDataDecode
WVTAsn1SpcPeImageDataEncode
WVTAsn1SpcSigInfoDecode
WVTAsn1SpcSigInfoEncode
WVTAsn1SpcSpAgencyInfoDecode
WVTAsn1SpcSpAgencyInfoEncode
WVTAsn1SpcSpOpusInfoDecode
WVTAsn1SpcSpOpusInfoEncode
WVTAsn1SpcStatementTypeDecode
WVTAsn1SpcStatementTypeEncode
WinVerifyTrust
WintrustAddActionID
WintrustAddDefaultForUsage
WintrustCertificateTrust
WintrustGetDefaultForUsage
WintrustGetRegPolicyFlags
WintrustLoadFunctionPointers
WintrustRemoveActionID
WintrustSetDefaultIncludePEPageHashes
WintrustSetRegPolicyFlags
mscat32DllRegisterServer
mscat32DllUnregisterServer
mssip32DllRegisterServer
mssip32DllUnregisterServer

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wontrust.dll
.dll regsvr32 windows:5 windows x86

9b16a1bf9bedd42ddef7c3eff3d83502

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsW

kernel32

CreateFileW
LoadLibraryA
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
RaiseException
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
DecodePointer

Exports

Exports

AddPersonalTrustDBPages
CatalogCompactHashDatabase
ComputeFirstPageHash
ConfigCiFinalPolicy
CryptCATAdminAcquireContext
CryptCATAdminAcquireContext2
CryptCATAdminAddCatalog
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminCalcHashFromFileHandle2
CryptCATAdminEnumCatalogFromHash
CryptCATAdminPauseServiceForBackup
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminRemoveCatalog
CryptCATAdminResolveCatalogPath
CryptCATAllocSortedMemberInfo
CryptCATCDFClose
CryptCATCDFEnumAttributes
CryptCATCDFEnumAttributesWithCDFTag
CryptCATCDFEnumCatAttributes
CryptCATCDFEnumMembers
CryptCATCDFEnumMembersByCDFTag
CryptCATCDFEnumMembersByCDFTagEx
CryptCATCDFOpen
CryptCATCatalogInfoFromContext
CryptCATClose
CryptCATEnumerateAttr
CryptCATEnumerateCatAttr
CryptCATEnumerateMember
CryptCATFreeSortedMemberInfo
CryptCATGetAttrInfo
CryptCATGetCatAttrInfo
CryptCATGetMemberInfo
CryptCATHandleFromStore
CryptCATOpen
CryptCATPersistStore
CryptCATPutAttrInfo
CryptCATPutCatAttrInfo
CryptCATPutMemberInfo
CryptCATStoreFromHandle
CryptCATVerifyMember
CryptSIPCreateIndirectData
CryptSIPGetCaps
CryptSIPGetInfo
CryptSIPGetRegWorkingFlags
CryptSIPGetSealedDigest
CryptSIPGetSignedDataMsg
CryptSIPPutSignedDataMsg
CryptSIPRemoveSignedDataMsg
CryptSIPVerifyIndirectData
DllRegisterServer
DllUnregisterServer
DriverCleanupPolicy
DriverFinalPolicy
DriverInitializePolicy
FindCertsByIssuer
GenericChainCertificateTrust
GenericChainFinalProv
HTTPSCertificateTrust
HTTPSFinalProv
IsCatalogFile
MsCatConstructHashTag
MsCatFreeHashTag
OfficeCleanupPolicy
OfficeInitializePolicy
OpenPersonalTrustDBDialog
OpenPersonalTrustDBDialogEx
SoftpubAuthenticode
SoftpubCheckCert
SoftpubCleanup
SoftpubDefCertInit
SoftpubDllRegisterServer
SoftpubDllUnregisterServer
SoftpubDumpStructure
SoftpubFreeDefUsageCallData
SoftpubInitialize
SoftpubLoadDefUsageCallData
SoftpubLoadMessage
SoftpubLoadSignature
TrustDecode
TrustFindIssuerCertificate
TrustFreeDecode
TrustIsCertificateSelfSigned
TrustOpenStores
WTGetSignatureInfo
WTHelperCertCheckValidSignature
WTHelperCertFindIssuerCertificate
WTHelperCertIsSelfSigned
WTHelperCheckCertUsage
WTHelperGetAgencyInfo
WTHelperGetFileHandle
WTHelperGetFileHash
WTHelperGetFileName
WTHelperGetKnownUsages
WTHelperGetProvCertFromChain
WTHelperGetProvPrivateDataFromChain
WTHelperGetProvSignerFromChain
WTHelperIsChainedToMicrosoft
WTHelperIsChainedToMicrosoftFromStateData
WTHelperIsInRootStore
WTHelperOpenKnownStores
WTHelperProvDataFromStateData
WVTAsn1CatMemberInfo2Decode
WVTAsn1CatMemberInfo2Encode
WVTAsn1CatMemberInfoDecode
WVTAsn1CatMemberInfoEncode
WVTAsn1CatNameValueDecode
WVTAsn1CatNameValueEncode
WVTAsn1IntentToSealAttributeDecode
WVTAsn1IntentToSealAttributeEncode
WVTAsn1SealingSignatureAttributeDecode
WVTAsn1SealingSignatureAttributeEncode
WVTAsn1SealingTimestampAttributeDecode
WVTAsn1SealingTimestampAttributeEncode
WVTAsn1SpcFinancialCriteriaInfoDecode
WVTAsn1SpcFinancialCriteriaInfoEncode
WVTAsn1SpcIndirectDataContentDecode
WVTAsn1SpcIndirectDataContentEncode
WVTAsn1SpcLinkDecode
WVTAsn1SpcLinkEncode
WVTAsn1SpcMinimalCriteriaInfoDecode
WVTAsn1SpcMinimalCriteriaInfoEncode
WVTAsn1SpcPeImageDataDecode
WVTAsn1SpcPeImageDataEncode
WVTAsn1SpcSigInfoDecode
WVTAsn1SpcSigInfoEncode
WVTAsn1SpcSpAgencyInfoDecode
WVTAsn1SpcSpAgencyInfoEncode
WVTAsn1SpcSpOpusInfoDecode
WVTAsn1SpcSpOpusInfoEncode
WVTAsn1SpcStatementTypeDecode
WVTAsn1SpcStatementTypeEncode
WinVerifyTrust
WintrustAddActionID
WintrustAddDefaultForUsage
WintrustCertificateTrust
WintrustGetDefaultForUsage
WintrustGetRegPolicyFlags
WintrustLoadFunctionPointers
WintrustRemoveActionID
WintrustSetDefaultIncludePEPageHashes
WintrustSetRegPolicyFlags
mscat32DllRegisterServer
mscat32DllUnregisterServer
mssip32DllRegisterServer
mssip32DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

804df78f28d79db45ff0710e86813c0f

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 3KB - Virtual size: 3KB

.gfids Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

9b16a1bf9bedd42ddef7c3eff3d83502

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 160B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 3KB - Virtual size: 3KB

.gfids
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 160B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB