w3wp[.]exe | Triage

Resubmissions

30/04/2024, 08:50

240430-krtqcsgh7t 3

29/04/2024, 06:37

240429-hdmc1sda7z 3

Sharing

Copy URL Twitter E-mail

General

Target

w3wp.exe
Size

23KB
MD5

3c49492762be5985185665a7202c4dda
SHA1

706169c6c12c24470f6f724e90314e5f3417b9ea
SHA256

3fb9f0b5e922208c56707fe98133265c1676a9937adcb7dbeabc3eb67a05c22b
SHA512

616437a600bb57ce16b1bab0af2cc003b288db6bd8a80e6e4ec979bcd0a3c682e1f773c986d54fe36f8e15441da58ef9719cba09f2998aa76c723c2967221cac
SSDEEP

384:U+NQJPvshyN8jfV3rC3F258eH3VwufI8p+8s09Ux0X6gwRtWSu8fyDE:U+SJPveVcFLe3+CZ+nVx0XpwRxfW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
w3wp.exe

Files

w3wp.exe
.exe windows:10 windows x86 arch:x86

4b04a253ebf7228789290d55bf076d17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w3wp.pdb

Imports

msvcrt

__p__commode
__wgetmainargs
_XcptFilter
__set_app_type
_wcsicmp
wcstoul
swprintf_s
_wsetlocale
printf
_ultow
towupper
_getwch
wprintf
exit
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
?terminate@@YAXXZ
_controlfp
_except_handler4_common
_amsg_exit
_vsnwprintf
memset

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

ExitProcess
GetCurrentProcessId
TerminateProcess
SetThreadToken
GetCurrentThreadId
GetCurrentThread
OpenThreadToken
GetCurrentProcess

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoInitializeEx

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-console-l2-2-0

SetConsoleTitleW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadStringW
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-1-0

RevertToSelf

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

GetFullPathNameW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
SetConsoleCtrlHandler

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-perfcounters-l1-1-0

PerfStartProvider
PerfStopProvider
PerfSetCounterSetInfo

api-ms-win-core-processtopology-obsolete-l1-1-0

GetProcessAffinityMask

ntdll

NtQuerySystemTime
RtlSystemTimeToLocalTime
RtlTimeToTimeFields

iisutil

InitializeSdFromProcessToken
?Append@STRU@@QAEJPBG@Z
??0STRU@@QAE@XZ
PuDbgPrintError
PuLoadDebugFlagsFromRegStr
?Copy@STRU@@QAEJPBGK@Z
?Copy@STRU@@QAEJPBG@Z
MakePathCanonicalizationProof
??1STRU@@QAE@XZ
?Resize@STRU@@QAEJK@Z
PuDbgPrint
??0STRU@@QAE@PAGK@Z

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

4b04a253ebf7228789290d55bf076d17

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-console-l2-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-perfcounters-l1-1-0

api-ms-win-core-processtopology-obsolete-l1-1-0

ntdll

iisutil

Sections

.text Size: 13KB - Virtual size: 12KB

.data Size: 2KB - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 12KB

.data
Size: 2KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB