pwcreator[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

pwcreator.exe
Size

656KB
MD5

39290a0c664a443308ccc12b60c230bb
SHA1

360b23495115879c2b3c3842ea7a671927612823
SHA256

bed22501fc80cc17ec37091d57ec7915a13db74a169a10197114844faa6af38b
SHA512

20b75b1dae86068de511abdc9975c376573b078d1341b9d5747813782873280ba5bf725de94c2e371ab7f6cae1c05a05c69450d63716bc7ad4346e1dc7a7b898
SSDEEP

6144:aa/z5ukx7TsT88ZJs7qpMCdAN3c8f26C0hWH8Uz0JicIEsSLUcTlWC0W6:aa/FukNB8ZOAdAN3cy26HWH8vzRWCs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pwcreator.exe

Files

pwcreator.exe
.exe windows:10 windows x86

781dd11dfc3ea4e25300a115470f6d6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
RegDeleteValueW
EventUnregister
RegOpenKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
RegSetValueExW
GetTraceEnableFlags
RegEnumKeyExW
GetTraceLoggerHandle
RegCreateKeyExW
EventRegister
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
EventSetInformation
EventWriteTransfer
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
SetNamedSecurityInfoW
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
RegUnLoadKeyW
RegLoadKeyW
GetTokenInformation
LsaFreeMemory
LsaClose
LsaQueryInformationPolicy
LsaOpenPolicy
EventActivityIdControl
QueryTraceW
ControlTraceW
EnableTrace
StartTraceW
LookupPrivilegeValueW
AdjustTokenPrivileges
EventWrite
OpenProcessToken
InitiateSystemShutdownExW
GetSecurityDescriptorSacl

kernel32

UnmapViewOfFile
GetFileSizeEx
QueryDosDeviceW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
DecodePointer
EncodePointer
LoadLibraryExA
VirtualAlloc
VirtualFree
GetCurrentThread
CreateFileMappingW
MapViewOfFile
GetVolumeInformationW
GetFileAttributesW
SetFileAttributesW
SizeofResource
GetTempPathW
GetLastError
LockResource
FindResourceExW
LoadResource
LocalAlloc
GetModuleHandleExW
SearchPathW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
GetVersionExW
GetFileInformationByHandle
CreateDirectoryW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
RaiseException
MultiByteToWideChar
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
GetCurrentProcessId
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
GetEnvironmentVariableW
WideCharToMultiByte
Sleep
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
LoadLibraryW
FormatMessageW
CloseHandle
LocalFree
lstrlenW
MoveFileExW
GetTempFileNameW
CopyFileExW
DeleteFileW
GetNativeSystemInfo
CreateFileW
CreateEventW
WaitForSingleObject
SetEvent
CreateMutexW
QueueUserWorkItem
GlobalFree
WriteFile
FlushFileBuffers
DeviceIoControl
SetThreadExecutionState
FindClose
SetLastError
GetFullPathNameW
FindFirstFileW
FindNextFileW

user32

PeekMessageW
DispatchMessageW
GetMessageW
SetWindowLongW
GetWindowTextW
DestroyWindow
TranslateMessage
PostThreadMessageW
GetAncestor
SendMessageW
InvalidateRect
PostMessageW
IsWindowVisible
SetWindowTextW
SetDlgItemTextW
SendDlgItemMessageW
ShutdownBlockReasonCreate
ShutdownBlockReasonDestroy
GetWindowTextLengthW
GetClientRect
IsWindowEnabled
GetDlgItem
GetParent
EnableWindow
SendMessageTimeoutW
EnumWindows
GetWindowLongW
DefWindowProcW
CallWindowProcW
GetActiveWindow
GetSystemMetrics
DestroyIcon
UnregisterClassA
ShowWindow
CharNextW
SetForegroundWindow
IsIconic

msvcrt

__iob_func
_wcstoui64
wcsrchr
__RTDynamicCast
??3@YAXPAX@Z
_wcsupr
bsearch
wcsncmp
fwprintf
_vsnwprintf_s
fflush
swprintf_s
iswalpha
_wcsnicmp
wcschr
vsprintf_s
_vscprintf
strchr
_vscwprintf
vswprintf_s
memcpy_s
__CxxFrameHandler3
wcstoul
wcsstr
_wcsicmp
??0exception@@QAE@ABQBD@Z
memmove
_ftol2_sse
_controlfp
memmove_s
??_V@YAXPAX@Z
_purecall
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
free
_except_handler4_common
memcpy
?terminate@@YAXXZ
realloc
_errno
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
wcscpy_s
memset
_vsnwprintf
wcsncpy_s
malloc

comctl32

InitCommonControlsEx
PropertySheetW
DestroyPropertySheetPage
ord381
CreatePropertySheetPageW

shlwapi

PathFileExistsW
PathStripPathW
PathAppendW
StrFormatByteSizeW
PathRemoveBackslashW

ole32

CoGetObject
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoCreateGuid
CLSIDFromString
CoSetProxyBlanket

oleaut32

VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
VariantInit
SafeArrayAccessData
SafeArrayCreate
SafeArrayUnaccessData
SysStringLen
VariantCopy
VariantClear

devobj

DevObjGetDeviceProperty
DevObjDestroyDeviceInfoList
DevObjEnumDeviceInterfaces
DevObjOpenDeviceInfo
DevObjGetDeviceInterfaceDetail
DevObjGetClassDevs
DevObjCreateDeviceInfoList

fveapi

FveIsPassphraseCompatibleW
FveCloseHandle
FveCheckPassphrasePolicy
FveOpenVolumeW

winbrand

BrandingFormatString

ntdll

NtSetInformationThread
NtSetInformationFile
RtlFreeHeap
RtlAllocateHeap
LdrAccessResource
LdrFindResource_U
RtlCompareMemory
NtQuerySystemInformation
NtQueryVolumeInformationFile
WinSqmStartSession
WinSqmEndSession
WinSqmAddToStreamEx
WinSqmSetDWORD
RtlInitUnicodeString
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtClose
RtlNtStatusToDosError
RtlCheckPortableOperatingSystem
NtQueryInformationProcess
NtOpenProcess
RtlStringFromGUID
NtDeviceIoControlFile
RtlImageNtHeader
NtCreateEvent
NtQueryInformationFile
NtQueryInformationThread
NtWaitForSingleObject
NtOpenFile
RtlFreeUnicodeString

shell32

SHCreateDirectoryExW
SHGetKnownFolderPath

setupapi

SetupDiGetClassDevsExW
CM_Get_Parent
CM_Request_Device_EjectW
SetupDiGetDevicePropertyW
SetupDiEnumDeviceInterfaces
SetupDiOpenDevRegKey
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInterfaceDetailW
CM_Get_Device_ID_Size
CM_Get_Device_IDW
SetupDiOpenDeviceInfoW

wimgapi

WIMApplyImage
WIMSetTemporaryPath
WIMRegisterMessageCallback
WIMLoadImage
WIMGetImageInformation
WIMUnregisterLogFile
WIMRegisterLogFile
WIMGetImageCount
WIMCloseHandle
WIMUnregisterMessageCallback
WIMCreateFile

rpcrt4

UuidCreate

imagehlp

CheckSumMappedFile

bcd

BcdQueryObject
BcdOpenObject
BcdCloseObject
BcdSetElementData
BcdForciblyUnloadStore
BcdDeleteObject
BcdOpenStoreFromFile
BcdCopyObjects
BcdCreateStore
BcdSetElementDataWithFlags
BcdCloseStore
BcdEnumerateObjects
BcdDeleteElement
BcdMarkAsSystemStore
BcdGetElementData
BcdCopyObjectEx
SyspartGetSystemPartition

Sections

.text
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

781dd11dfc3ea4e25300a115470f6d6b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

comctl32

shlwapi

ole32

oleaut32

devobj

fveapi

winbrand

ntdll

shell32

setupapi

wimgapi

rpcrt4

imagehlp

bcd

Sections

.text Size: 389KB - Virtual size: 389KB

.data Size: 9KB - Virtual size: 11KB

.idata Size: 10KB - Virtual size: 10KB

.rsrc Size: 216KB - Virtual size: 216KB

.reloc Size: 29KB - Virtual size: 28KB

.text
Size: 389KB - Virtual size: 389KB

.data
Size: 9KB - Virtual size: 11KB

.idata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 216KB - Virtual size: 216KB

.reloc
Size: 29KB - Virtual size: 28KB