0439a6aca4f24f1934acb1da8bcf7de1

Sharing

Copy URL Twitter E-mail

General

Target

0439a6aca4f24f1934acb1da8bcf7de1
Size

1.1MB
MD5

0439a6aca4f24f1934acb1da8bcf7de1
SHA1

b7cb11460eb0bc081133a32971ad713524e57385
SHA256

14ee17c628ec72b1bcbc493c7e05dc49f452301fbb45bd11c26ab8014a1ff2df
SHA512

c079cbef63fe4710e8ade876fc59b17a7a3e96d11bc42ec5be6303eb0c33d88c4189fcd77d02b819068558d33afb9228b7cfb0464e7e9bb7045617886d11eacb
SSDEEP

24576:btzy9FGDyLp8I26AddJwlRBXBXRfR+8m+M7G:btzy/GDm8IZAdv8RTXH6G

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wfCalc/PlugIns/DigiConv.dll
unpack001/wfCalc/PlugIns/LICalc.dll
unpack001/wfCalc/PlugIns/MGraph.dll
unpack001/wfCalc/PlugIns/MeasConv.dll

Files

0439a6aca4f24f1934acb1da8bcf7de1
.rar
wfCalc/License.txt
wfCalc/PlugIns/DigiConv.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

LoadWFsoftPlugInsForm
WFsoftPlugInsAuthor
WFsoftPlugInsDate
WFsoftPlugInsDescription
WFsoftPlugInsSoftware
WFsoftPlugInsVersion
WFsoftPlugInsWebsite

Sections

CODE
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wfCalc/PlugIns/LICalc.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

LoadWFsoftPlugInsForm
WFsoftPlugInsAuthor
WFsoftPlugInsDate
WFsoftPlugInsDescription
WFsoftPlugInsSoftware
WFsoftPlugInsVersion
WFsoftPlugInsWebsite

Sections

CODE
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wfCalc/PlugIns/MGraph.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

LoadWFsoftPlugInsForm
WFsoftPlugInsAuthor
WFsoftPlugInsDate
WFsoftPlugInsDescription
WFsoftPlugInsSoftware
WFsoftPlugInsVersion
WFsoftPlugInsWebsite

Sections

CODE
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wfCalc/PlugIns/MeasConv.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

LoadWFsoftPlugInsForm
WFsoftPlugInsAuthor
WFsoftPlugInsDate
WFsoftPlugInsDescription
WFsoftPlugInsSoftware
WFsoftPlugInsVersion
WFsoftPlugInsWebsite

Sections

CODE
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wfCalc/Readme.txt
wfCalc/Skin/01-橄榄-Royale.skn
wfCalc/Skin/02-天蓝-Royale.skn
wfCalc/Skin/03-灰蓝-Royale.skn
wfCalc/Skin/04-石墨-Royale.skn
wfCalc/Skin/05-橄榄-Longhorn.skn
wfCalc/Skin/06-天蓝-Longhorn.skn
wfCalc/Skin/07-银灰-Longhorn.skn
wfCalc/Skin/08-钢青-Longhorn.skn
wfCalc/Skin/09-橄榄-Sustenance.skn
.ps1
wfCalc/Skin/10-天蓝-Sustenance.skn
wfCalc/Skin/11-灰蓝-Sustenance.skn
wfCalc/Skin/12-银灰-Sustenance.skn
wfCalc/Skin/13-石墨-Sustenance.skn
wfCalc/help.chm
.chm

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 343KB - Virtual size: 342KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 7KB

.edata Size: 512B - Virtual size: 272B

.reloc Size: 25KB - Virtual size: 25KB

.rsrc Size: 22KB - Virtual size: 22KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 337KB - Virtual size: 336KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 7KB

.edata Size: 512B - Virtual size: 270B

.reloc Size: 24KB - Virtual size: 24KB

.rsrc Size: 23KB - Virtual size: 23KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 375KB - Virtual size: 375KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 270B

.reloc Size: 26KB - Virtual size: 25KB

.rsrc Size: 22KB - Virtual size: 22KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 343KB - Virtual size: 343KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 7KB

.edata Size: 512B - Virtual size: 272B

.reloc Size: 25KB - Virtual size: 25KB

.rsrc Size: 22KB - Virtual size: 22KB

CODE
Size: 343KB - Virtual size: 342KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 7KB

.edata
Size: 512B - Virtual size: 272B

.reloc
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 22KB - Virtual size: 22KB

CODE
Size: 337KB - Virtual size: 336KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 7KB

.edata
Size: 512B - Virtual size: 270B

.reloc
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 23KB - Virtual size: 23KB

CODE
Size: 375KB - Virtual size: 375KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 270B

.reloc
Size: 26KB - Virtual size: 25KB

.rsrc
Size: 22KB - Virtual size: 22KB

CODE
Size: 343KB - Virtual size: 343KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 7KB

.edata
Size: 512B - Virtual size: 272B

.reloc
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 22KB - Virtual size: 22KB