wvsc[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

wvsc.exe
Size

18.5MB
MD5

fa69e341a2d1b1f9827a5fdb2849ece3
SHA1

644266b5c8e1dd1fc16f4d0cdd4414b89e4abaf7
SHA256

549d3a52cd9b25d24fc547f25a9e6615501a18142baa362199f4f82577a48edf
SHA512

7ce6fae1ac232e1d54ba652800a869dadfb2e6f0b2b6922972e66302a3e611b4248ba92fd08502aaa7dbe682def75e54636b426c26a976c746206067c7c82e2a
SSDEEP

393216:sMTLIzs73BcvUPKcn7jdylXq/zqc83+4szhnjPIK8xHCJNop:s0I0BQUicn7jAlYz983+DzhMJxiJC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
wvsc.exe

Files

wvsc.exe
.exe windows:6 windows x64 arch:x64

a38490bc4899c77baf435d35fbe27e2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

zlib

get_crc_table

kernel32

GetVersion
GetVersionExW

v8

?NewDefaultAllocator@Allocator@ArrayBuffer@v8@@SAPEAV123@XZ

v8_libplatform

?PumpMessageLoop@platform@v8@@YA_NPEAVPlatform@2@PEAVIsolate@2@W4MessageLoopBehavior@12@@Z

secur32

FreeContextBuffer

icuuc67

??4UnicodeString@icu_67@@QEAAAEAV01@$$QEAV01@@Z

tbb

?internal_push_if_not_full@concurrent_queue_base_v3@internal@tbb@@IEAA_NPEBX@Z

user32

GetSystemMetrics

advapi32

InitializeSecurityDescriptor

iphlpapi

GetAdaptersAddresses

userenv

GetUserProfileDirectoryW

ws2_32

WSASetLastError

libssl-3-x64

SSL_set_security_level

libcrypto-3-x64

EVP_sha512

bcrypt

BCryptGenRandom

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance

oleaut32

VariantInit

msvcp140

?putback@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z

vcruntime140

_purecall

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_crt_atexit

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func

api-ms-win-crt-filesystem-l1-1-0

_wrmdir

api-ms-win-crt-time-l1-1-0

_mktime64

api-ms-win-crt-string-l1-1-0

_wcsnicmp

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-convert-l1-1-0

strtoll

api-ms-win-crt-math-l1-1-0

round

Sections

.text
Size: - Virtual size: 11.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 625KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Pwn3rzs
Size: - Virtual size: 11.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Pwn3rzs
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Pwn3rzs
Size: 18.5MB - Virtual size: 18.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a38490bc4899c77baf435d35fbe27e2b

Headers

DLL Characteristics

File Characteristics

Imports

zlib

kernel32

v8

v8_libplatform

secur32

icuuc67

tbb

user32

advapi32

iphlpapi

userenv

ws2_32

libssl-3-x64

libcrypto-3-x64

bcrypt

shell32

ole32

oleaut32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: - Virtual size: 11.3MB

.rdata Size: - Virtual size: 2.5MB

.data Size: - Virtual size: 2.7MB

.pdata Size: - Virtual size: 625KB

.Pwn3rzs Size: - Virtual size: 11.8MB

.Pwn3rzs Size: 1024B - Virtual size: 1016B

.Pwn3rzs Size: 18.5MB - Virtual size: 18.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 11.3MB

.rdata
Size: - Virtual size: 2.5MB

.data
Size: - Virtual size: 2.7MB

.pdata
Size: - Virtual size: 625KB

.Pwn3rzs
Size: - Virtual size: 11.8MB

.Pwn3rzs
Size: 1024B - Virtual size: 1016B

.Pwn3rzs
Size: 18.5MB - Virtual size: 18.5MB

.rsrc
Size: 1KB - Virtual size: 1KB