APT28wmsApplication[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

APT28wmsApplication.exe
Size

192KB
MD5

92b90b0208805daaa8ab45fa19d36b14
SHA1

657b3e726b56618577f4fb2cbe7c8b7f9bab8dcf
SHA256

6f2589be92c2d0fa6050e52fbedb967c2590a8abbc4a9459fb7f78bc52407195
SHA512

21290d68aca3ac47e48d9ba04290bf8ac5824fdd6cd29c135aadd6bc138cf3a37782cfbce231dc63fab4ed3343de5ff0766383ee784c07628e3ba23b964a8715
SSDEEP

3072:Flnoi11sepXwT57rrr+sjvbGADINlGVSvWej5fe:Po4+eU52qb1DGs6Wk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
APT28wmsApplication.exe

Files

APT28wmsApplication.exe
.exe windows:5 windows x86 arch:x86

287595010a7d7f2e14aec2068098ad43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetVolumeInformationW
SetEndOfFile
CreateFileW
WriteConsoleW
SetStdHandle
LoadLibraryW
CreateDirectoryW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
GetComputerNameA
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
CloseHandle
GetLocaleInfoW
HeapSize
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetCPInfo
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
HeapCreate
GetProcAddress
GetModuleHandleW
ExitProcess
ReadFile
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
GetProcessHeap

user32

UpdateWindow
CreateWindowExW
ShowWindow
DefWindowProcW
LoadIconW
RegisterClassExW
TranslateMessage
BeginPaint
DispatchMessageW
GetDesktopWindow
EndPaint
SetTimer
GetWindowRect
GetMessageW
PostQuitMessage
KillTimer
LoadCursorW

gdi32

TextOutW

shell32

ShellExecuteW

ws2_32

send
closesocket
socket
recv
WSACleanup
shutdown
htons
inet_addr
WSAStartup
connect

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

287595010a7d7f2e14aec2068098ad43

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ws2_32

Sections

.text Size: 125KB - Virtual size: 125KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 14KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 125KB - Virtual size: 125KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB