d6d72d994a4f25339e92933c6ee37be9558ee09e30a910a8b967913f93ac83d3

Sharing

Copy URL Twitter E-mail

General

Target

d6d72d994a4f25339e92933c6ee37be9558ee09e30a910a8b967913f93ac83d3
Size

11.0MB
MD5

363ecdd6c087c358b79c2041fcb25f72
SHA1

35693165bb13f0ac7a0b94f9adf0a2ce516af1f7
SHA256

d6d72d994a4f25339e92933c6ee37be9558ee09e30a910a8b967913f93ac83d3
SHA512

63035575b717874060a6592353cf43c6383034b18090b8941abfb64434a179aff6893c37676b817bc3a67e3923730a3e0f82e18b584de6decf2cb52dbe3a33bb
SSDEEP

196608:hD9pnA8YjmzUgjpnKCKKZSzFZOv/27E4Pl8IXv8DpqLY4OVKYKuN3qEtCajusom7:hffbzU6pnKCLZSxZO32MI2pqLNO0903z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WKTools v1.0.0.11 20221031 64bit/WKTools.exe

Files

d6d72d994a4f25339e92933c6ee37be9558ee09e30a910a8b967913f93ac83d3
.zip
WKTools v1.0.0.11 20221031 64bit/WKTools.exe
.exe windows:6 windows x64

696011b1a9d48a5edfc57186c6ca6cb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVersionExW
GetVersion
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ScrollWindow
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

SetTextAlign

msimg32

TransparentBlt

winspool.drv

ClosePrinter

advapi32

QueryServiceStatusEx

shell32

SHGetSpecialFolderPathW

comctl32

ImageList_GetImageCount

shlwapi

StrCpyW

uxtheme

DrawThemeText

ole32

IsAccelerator

oleaut32

VarBstrFromDate

oledlg

OleUIAddVerbMenuW

dbghelp

MiniDumpWriteDump

odbc32

ord139

crypt32

CryptProtectData

version

GetFileVersionInfoW

wintrust

CryptCATAdminAcquireContext

netapi32

NetApiBufferFree

ws2_32

inet_ntoa

gdiplus

GdipCreateFromHDC

oleacc

LresultFromObject

wininet

InternetSetStatusCallbackW

imm32

ImmReleaseContext

winmm

PlaySoundW

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ZF0
Size: - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ZF1
Size: 11.2MB - Virtual size: 11.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WKTools v1.0.0.11 20221031 64bit/process_cn.png
.png
WKTools v1.0.0.11 20221031 64bit/说明.txt

Sharing

General

Malware Config

Signatures

Files

696011b1a9d48a5edfc57186c6ca6cb3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

dbghelp

odbc32

crypt32

version

wintrust

netapi32

ws2_32

gdiplus

oleacc

wininet

imm32

winmm

wtsapi32

Sections

.text Size: - Virtual size: 4.2MB

.rdata Size: - Virtual size: 1.7MB

.data Size: - Virtual size: 468KB

.pdata Size: - Virtual size: 186KB

.ZF0 Size: - Virtual size: 8.4MB

.ZF1 Size: 11.2MB - Virtual size: 11.2MB

.rsrc Size: 124KB - Virtual size: 124KB

.text
Size: - Virtual size: 4.2MB

.rdata
Size: - Virtual size: 1.7MB

.data
Size: - Virtual size: 468KB

.pdata
Size: - Virtual size: 186KB

.ZF0
Size: - Virtual size: 8.4MB

.ZF1
Size: 11.2MB - Virtual size: 11.2MB

.rsrc
Size: 124KB - Virtual size: 124KB