WM[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WM.zip
Size

381KB
MD5

f47aa946659026f8c22ba52b7a636e01
SHA1

45798567f516b5520965b86898e637d7d9144de0
SHA256

a643bb0bd23f775348852ecf9c1b1822bf41a13b4189384a3b4a0fa5be4859ed
SHA512

b60a21f6b00693443a4f080f014b0f7f772cedd8be1bafe0f2555fcb1a97c735314dcb882a3c61211a81391b1b2f5d7990f14cf53e1e7cf0df9a6adc47ee5d5b
SSDEEP

6144:RXAFNtny1M0BpdTtig/Nutnyx4ApXVIjERk5buFAQfJKA:RXAnNyb7dqNyJJV5cq1JX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WM/Wingsminer.exe

Files

WM.zip
.zip
WM/Wingsminer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\dayve\source\repos\WingsminerLogin\WingsminerLogin\obj\Debug\WingsminerLogin.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 410KB - Virtual size: 410KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WM/assets/imagelogger.py
.py .js
WM/assets/requirements.txt