Weave_Manager[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Weave_Manager.exe
Size

10.1MB
MD5

21ec35790ef312a8f97b57e7f8a63220
SHA1

821769ef270128d8bc8abef0d0b22b69d49c0056
SHA256

757a7e0bb5a8f49c75caf1944fec52dd9989d19137b90b60e54484e1a1e67289
SHA512

e409bba23b7b3e53116cfb35dc3601522ef027eea578a7c71e5a4fb9aff1297b49947ef77d88eccac6973db0f24cd675fc704d3ef8d1c4438e7b7c10afd47ff0
SSDEEP

98304:R2+khqX/bG9bd+dtt1sbtyJHd3UXjj6rqUcDd+mJG1sLFq991:o7CGB+VaIkuCLS1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Weave_Manager.exe

Files

Weave_Manager.exe
.exe windows:6 windows x64 arch:x64

0585a8e3c17378b274862dccffe9de07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\TT-PC\Downloads\WEVEMANGWERUBtIWATWORKSTUARI\Weave-Manager-master\src-tauri\target\release\deps\app.pdb

Imports

kernel32

GetSystemTimeAsFileTime
TlsGetValue
CreateThread
WriteConsoleW
MultiByteToWideChar
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempPathW
UnhandledExceptionFilter
CreateNamedPipeW
GetFullPathNameW
ExitProcess
GetConsoleMode
CreateEventW
CopyFileExW
GetFinalPathNameByHandleW
CreateHardLinkW
CreateSymbolicLinkW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
FindNextFileW
CreateMutexA
HeapReAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
WakeConditionVariable
WakeAllConditionVariable
GetProcessId
TerminateProcess
SleepEx
WriteFileEx
GetStdHandle
TlsSetValue
LoadLibraryW
LCIDToLocaleName
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
SetEnvironmentVariableW
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
GetUserDefaultUILanguage
WaitForSingleObject
SetEvent
SetUnhandledExceptionFilter
LoadLibraryExW
IsProcessorFeaturePresent
GetEnvironmentVariableW
Sleep
GetModuleHandleA
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlLookupFunctionEntry
RtlCaptureContext
FreeLibrary
GetProcAddress
GetCurrentThread
SwitchToThread
RtlUnwindEx
RtlPcToFileHeader
RaiseException
LoadLibraryA
FormatMessageW
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
SetFileTime
lstrlenW
IsDebuggerPresent
InitializeSListHead
ResetEvent
DeleteCriticalSection
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
RtlVirtualUnwind
InitializeCriticalSectionAndSpinCount
DuplicateHandle
GetCurrentProcess
CreatePipe
TryAcquireSRWLockExclusive
ReleaseSemaphore
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
FindClose
ReadDirectoryChangesW
CreateSemaphoreW
CreateFileW
CancelIo
EncodePointer
LocalFree
ReleaseMutex
ReleaseSRWLockShared
AcquireSRWLockShared
SleepConditionVariableSRW
FreeEnvironmentStringsW
WaitForSingleObjectEx
DeviceIoControl
GetVolumeInformationW
GetDriveTypeW
GetModuleHandleW
GetCurrentThreadId
TlsAlloc
TlsFree
SetHandleInformation
CloseHandle
GetCurrentProcessId
ReleaseSRWLockExclusive
EnterCriticalSection
WaitForMultipleObjects
LeaveCriticalSection
GetSystemInfo
GetDiskFreeSpaceExW
GetLogicalDrives
GlobalMemoryStatusEx
GetTickCount64
CreateIoCompletionPort
ReadProcessMemory
GetQueuedCompletionStatusEx
VirtualQueryEx
PostQueuedCompletionStatus
ReadFile
GetOverlappedResult
SetFileCompletionNotificationModes
GetExitCodeProcess
GetFileInformationByHandle
SetFileAttributesW
MoveFileExW
ReadFileEx
AcquireSRWLockExclusive
OpenProcess
GetProcessIoCounters
GetProcessTimes
GetSystemTimes
RtlUnwind

user32

MonitorFromPoint
EnumDisplayMonitors
DestroyAcceleratorTable
IsWindowVisible
AdjustWindowRectEx
GetWindowRect
PostQuitMessage
SendInput
AppendMenuW
CreatePopupMenu
CreateMenu
CheckMenuItem
SetMenuItemInfoW
GetWindowLongPtrW
ValidateRect
SetWindowDisplayAffinity
GetMenu
SetCursor
SystemParametersInfoA
DestroyIcon
CreateIcon
GetRawInputData
SetForegroundWindow
GetDC
VkKeyScanW
TrackPopupMenu
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
IsProcessDPIAware
GetKeyboardState
SetWindowTextW
MonitorFromRect
ShowCursor
ClipCursor
TrackMouseEvent
GetWindowTextLengthW
GetClipCursor
GetWindowTextW
ToUnicodeEx
CreateAcceleratorTableW
GetMessageA
SetWindowLongW
LoadCursorW
GetWindowLongW
DispatchMessageA
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
FlashWindowEx
DefWindowProcW
PostThreadMessageW
GetClientRect
TranslateAcceleratorW
ClientToScreen
SendMessageW
EnableMenuItem
GetSystemMenu
ShowWindow
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
GetKeyboardLayout
RegisterClassExW
RegisterWindowMessageA
GetAncestor
GetMessageW
EnumChildWindows
MapVirtualKeyW
InvalidateRgn
SetWindowPos
RegisterTouchWindow
GetSystemMetrics
DispatchMessageW
TranslateMessage
PeekMessageW
RedrawWindow
IsWindow
CreateWindowExW
RegisterClassW
PostMessageW
DestroyWindow
SetCursorPos
GetForegroundWindow
GetActiveWindow
IsIconic
SetMenu
ReleaseCapture
GetMonitorInfoW
GetUpdateRect
MonitorFromWindow
GetCursorPos
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo

comctl32

RemoveWindowSubclass
SetWindowSubclass
DefSubclassProc
TaskDialogIndirect

gdi32

GetDeviceCaps
CreateRectRgn
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

ole32

CoTaskMemAlloc
RevokeDragDrop
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
RegisterDragDrop
OleInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal

shell32

DragQueryFileW
CommandLineToArgvW
DragFinish
SHGetKnownFolderPath
ShellExecuteW
SHAppBarMessage
Shell_NotifyIconGetRect
Shell_NotifyIconW

advapi32

GetTokenInformation
IsValidSid
GetLengthSid
CopySid
LookupAccountSidW
RegGetValueW
RegCloseKey
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
SystemFunction036

oleaut32

GetErrorInfo
SysStringLen
SetErrorInfo
VariantClear
SysAllocString
SysFreeString

uxtheme

SetWindowTheme

bcrypt

BCryptGenRandom

ws2_32

WSAGetLastError
getaddrinfo
closesocket
freeaddrinfo
WSACleanup
WSAStartup
getsockname
getpeername
WSASocketW
bind
connect
ioctlsocket
getsockopt
shutdown
recv
send
WSASend
WSAIoctl
setsockopt

secur32

DeleteSecurityContext
QueryContextAttributesW
DecryptMessage
FreeContextBuffer
AcceptSecurityContext
InitializeSecurityContextW
EncryptMessage
FreeCredentialsHandle
AcquireCredentialsHandleA
LsaEnumerateLogonSessions
ApplyControlToken
LsaFreeReturnBuffer
LsaGetLogonSessionData

crypt32

CertCloseStore
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateChain
CertDuplicateStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertFreeCertificateChain
CertDuplicateCertificateChain
CertVerifyCertificateChainPolicy

ntdll

NtCreateFile
NtQueryInformationProcess
NtWriteFile
NtCancelIoFileEx
NtDeviceIoControlFile
RtlNtStatusToDosError
NtReadFile
RtlGetVersion
NtQuerySystemInformation

pdh

PdhOpenQueryA
PdhCloseQuery
PdhCollectQueryData
PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhRemoveCounter

powrprof

CallNtPowerInformation

iphlpapi

GetAdaptersAddresses
GetIfEntry2
FreeMibTable
GetIfTable2

netapi32

NetApiBufferFree
NetUserGetInfo
NetUserGetLocalGroups
NetUserEnum

psapi

GetModuleFileNameExW
GetPerformanceInfo

api-ms-win-crt-math-l1-1-0

trunc
floor
__setusermatherr
pow
round

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp
_wcsicmp
wcslen

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
calloc
free

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_register_onexit_function
_initialize_onexit_table
_set_app_type
__p___argc
abort
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_seh_filter_exe
terminate
_initterm_e
__p___argv
exit
_exit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0585a8e3c17378b274862dccffe9de07

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

comctl32

gdi32

dwmapi

ole32

shell32

advapi32

oleaut32

uxtheme

bcrypt

ws2_32

secur32

crypt32

ntdll

pdh

powrprof

iphlpapi

netapi32

psapi

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 6.6MB - Virtual size: 6.6MB

.rdata Size: 3.1MB - Virtual size: 3.1MB

.data Size: 13KB - Virtual size: 16KB

.pdata Size: 365KB - Virtual size: 365KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 47KB - Virtual size: 47KB

.text
Size: 6.6MB - Virtual size: 6.6MB

.rdata
Size: 3.1MB - Virtual size: 3.1MB

.data
Size: 13KB - Virtual size: 16KB

.pdata
Size: 365KB - Virtual size: 365KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 47KB - Virtual size: 47KB