7a4cb33f3acdc9c2ff16cc82a76355df

Sharing

Copy URL

Twitter E-mail

General

Target

7a4cb33f3acdc9c2ff16cc82a76355df
Size

84KB
MD5

7a4cb33f3acdc9c2ff16cc82a76355df
SHA1

152114afc119d14b029fb07975fea9ddf0ccfdf8
SHA256

5f837af331a09a01f47e6b00628d4cc4f2936713940e709f1d885ab3a0f35076
SHA512

e2d4d6f3b79435c67697b4bb72fcabbf186c6a5453b4b2ed75eecef7c5f8a71c2ab73dbb3b05849f76e52335d357131541c6774ca2497cc6e1664a1ee6c83003
SSDEEP

1536:CE/S54KsMeS+5bCLNok1Ri64uUlJIdqFruT4nchSyelV8oV:CE6veSsbC2yCIdqFruT4n2jelGW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a4cb33f3acdc9c2ff16cc82a76355df

Files

7a4cb33f3acdc9c2ff16cc82a76355df
.dll windows:4 windows x86 arch:x86

177a04b2fc8164ed58714d744c107f53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Projects\WoW\WoW!Execute\Release\WoW!Execute.pdb

Imports

winmm

timeGetTime

kernel32

TlsFree
Sleep
CloseHandle
WriteFile
SetFilePointer
CreateFileA
VirtualFreeEx
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
GetProcAddress
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
DisableThreadLibraryCalls
GetModuleFileNameA
SetLastError
VirtualProtect
FlushInstructionCache
GetCurrentProcess
LoadLibraryA
VirtualQuery
ExitProcess
GetLocalTime
GetDriveTypeA
GetCurrentDirectoryA
GetFullPathNameA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
TlsAlloc
GetLastError
TlsSetValue
TlsGetValue
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
InterlockedExchange
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
MultiByteToWideChar
LCMapStringW
SetStdHandle
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetSystemInfo
FlushFileBuffers

Exports

Exports

CastSpellByID
CastSpellByName
ClearTarget
EjectExecuteDLL
GetAsyncTimeMs
GetAvgFrequency
GetChatlogPath
GetCurrentEvent
GetFrequency
InjectExecuteDLL
LeftClickTarget
LuaNoReturn
PickupAllLoot
PickupLoot
RightClickTarget
SendScript
SetAddChatMessagePtr
SetAntiAFKPtr
SetAutoStoreAllLootItemsPtr
SetCastSpellByIDPtr
SetCastSpellByNamePtr
SetChatlogPath
SetClearTargetPtr
SetDetourPtr
SetFrameScriptExecutePtr
SetLeftClickPtr
SetLootSlotPtr
SetMovementPtr
SetOsGetAsyncTimeMsPtr
SetReadAllLanguages
SetRightClickPtr
StartMovement
StopMovement
TimedMovement

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

177a04b2fc8164ed58714d744c107f53

Headers

File Characteristics

PDB Paths

Imports

winmm

kernel32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 10KB

.shared Size: 4KB - Virtual size: 664B

.rsrc Size: 4KB - Virtual size: 840B

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 10KB

.shared
Size: 4KB - Virtual size: 664B

.rsrc
Size: 4KB - Virtual size: 840B

.reloc
Size: 8KB - Virtual size: 5KB