f1dd371d75c568ee7504b47ff4580a5d7f2cd3ed879f3cb23727768337320585

Sharing

Copy URL Twitter E-mail

General

Target

f1dd371d75c568ee7504b47ff4580a5d7f2cd3ed879f3cb23727768337320585
Size

239KB
MD5

b4f1f2cf9f3777b475df3a37c5ad723d
SHA1

704563b775cebfa33db64370a80ac5d31ba1405a
SHA256

f1dd371d75c568ee7504b47ff4580a5d7f2cd3ed879f3cb23727768337320585
SHA512

7ce10b2bc9548d83b49f5fe7aa3c1e275f23cbde72267623d6f7aa86ecbfb0eceddff8a1e2695b34f462d7719837c7d83b323ac44b6965e57c0ddd7647412728
SSDEEP

6144:ToAGSDilA4aXfW4J3SQNUzRCIcgRBEkpsfvXUAA/+MwKVbYj5ty4Jf2/KCnRp5IZ:UAGSDiP/RCIcgRBEkpsfvXUAA/+MwKVc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1dd371d75c568ee7504b47ff4580a5d7f2cd3ed879f3cb23727768337320585

Files

f1dd371d75c568ee7504b47ff4580a5d7f2cd3ed879f3cb23727768337320585
.dll windows:6 windows x86 arch:x86

d4919d35dcbd28eefc0a7d4b0f048681

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Desktop\WebView2_Caller\CodesLab\WebView2_Caller.pdb

Imports

shlwapi

ord12

kernel32

LocalAlloc
LocalFree
GetFileAttributesW
CreateFileW
CloseHandle
OutputDebugStringA
OutputDebugStringW
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
lstrcpyW
LoadLibraryW
FreeLibrary
GetEnvironmentVariableW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
GlobalUnlock
GlobalLock
CreateThread
GlobalAlloc
GetLastError
lstrlenW
WriteConsoleW
GetModuleHandleW
GetCurrentProcessId
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
DecodePointer
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle

user32

PeekMessageW
TranslateMessage
SetProcessDPIAware
DispatchMessageW

shell32

ShellExecuteExW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RegGetValueW

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemAlloc

urlmon

URLDownloadToFileW

Exports

Exports

wv2_Controller_Attach_AcceleratorKeyPressed
wv2_Controller_Attach_ZoomFactorChanged
wv2_Controller_Close
wv2_Controller_Detach_AcceleratorKeyPressed
wv2_Controller_Detach_ZoomFactorChanged
wv2_Controller_GetAllowExternalDrop
wv2_Controller_GetBackgroundColor
wv2_Controller_GetBounds
wv2_Controller_GetParent
wv2_Controller_GetVisible
wv2_Controller_GetWebview2
wv2_Controller_GetZoomFactor
wv2_Controller_NotifyParentChanged
wv2_Controller_SetAllowExternalDrop
wv2_Controller_SetBackgroundColor
wv2_Controller_SetBounds
wv2_Controller_SetParent
wv2_Controller_SetVisible
wv2_Controller_SetZoomFactor
wv2_CookieData_GetDomain
wv2_CookieData_GetExpires
wv2_CookieData_GetHTTPOnly
wv2_CookieData_GetName
wv2_CookieData_GetPath
wv2_CookieData_GetSameSite
wv2_CookieData_GetSecure
wv2_CookieData_GetSession
wv2_CookieData_GetValue
wv2_CookieData_SetExpires
wv2_CookieData_SetHTTPOnly
wv2_CookieData_SetSameSite
wv2_CookieData_SetSecure
wv2_CookieData_SetValue
wv2_CookieList_GetCookieAtIndex
wv2_CookieList_GetCount
wv2_CookieManager_CopyCookie
wv2_CookieManager_CreateCookie
wv2_CookieManager_DeleteAllCookies
wv2_CookieManager_DeleteCookie
wv2_CookieManager_DeleteCookieWithParam
wv2_CookieManager_DeleteCookies
wv2_CookieManager_GetCookie
wv2_CookieManager_GetCookie_Sync
wv2_CookieManager_SetCookie
wv2_Deferral_Complete
wv2_DownloadArgs_Cancel_Attr
wv2_DownloadArgs_GetDeferral
wv2_DownloadArgs_GetOperation
wv2_DownloadArgs_Handled_Attr
wv2_DownloadArgs_ResultPath_Attr
wv2_DownloadOperation_Attach_BytesReceivedChanged
wv2_DownloadOperation_Attach_EstimatedEndTimeChanged
wv2_DownloadOperation_Attach_StateChanged
wv2_DownloadOperation_Cancel
wv2_DownloadOperation_Detach_BytesReceivedChanged
wv2_DownloadOperation_Detach_EstimatedEndTimeChanged
wv2_DownloadOperation_Detach_StateChanged
wv2_DownloadOperation_GetCanResume
wv2_DownloadOperation_GetContentDisposition
wv2_DownloadOperation_GetEstimatedEndTime
wv2_DownloadOperation_GetInterruptReason
wv2_DownloadOperation_GetMimeType
wv2_DownloadOperation_GetReceivedBytes
wv2_DownloadOperation_GetResultPath
wv2_DownloadOperation_GetState
wv2_DownloadOperation_GetTotalBytes
wv2_DownloadOperation_GetURL
wv2_DownloadOperation_Pause
wv2_DownloadOperation_Resume
wv2_Env_CreateContextMenuItem
wv2_Env_CreateController
wv2_Env_CreateController_Options
wv2_Env_CreateController_Options_Sync
wv2_Env_CreateController_Sync
wv2_Env_CreateWebResourceRequest
wv2_Env_CreateWebResourceResponse
wv2_Frame_Attach_Destroyed
wv2_Frame_Attach_NameChanged
wv2_Frame_Detach_Destroyed
wv2_Frame_Detach_NameChanged
wv2_Frame_ExecuteScript
wv2_Frame_ExecuteScript_Sync
wv2_Frame_GetName
wv2_Frame_IsDestroyed
wv2_Global_CheckEdgeRuntime
wv2_Global_CreateEnv_Sync
wv2_Global_EnableHighDPISupport
wv2_MenuItemCollection_GetCount
wv2_MenuItemCollection_GetValueAt
wv2_MenuItemCollection_InsertAt
wv2_MenuItemCollection_RemoveAt
wv2_MenuItem_Attach_ItemSelected
wv2_MenuItem_Checked_Attr
wv2_MenuItem_Detach_ItemSelected
wv2_MenuItem_Enabled_Attr
wv2_MenuItem_GetChildren
wv2_MenuItem_GetCommandID
wv2_MenuItem_GetIcon
wv2_MenuItem_GetLabel
wv2_MenuItem_GetName
wv2_MenuItem_GetShortcutKeyDescription
wv2_MenuItem_GetType
wv2_Object_AddRef
wv2_Object_Release
wv2_Profile_ClearAllBrowsingData
wv2_Profile_ClearAllBrowsingData_Sync
wv2_Profile_ClearBrowsingData
wv2_Profile_ClearBrowsingDataInTimeRange
wv2_Profile_ClearBrowsingDataInTimeRange_Sync
wv2_Profile_ClearBrowsingData_Sync
wv2_Profile_GetColorTheme
wv2_Profile_GetDefaultDownloadPath
wv2_Profile_GetName
wv2_Profile_GetPath
wv2_Profile_GetPrivateInMode
wv2_Profile_SetColorTheme
wv2_Profile_SetDefaultDownloadPath
wv2_ResourceRequestArgs_GetDeferral
wv2_ResourceRequestArgs_GetRequest
wv2_ResourceRequestArgs_GetResourceContext
wv2_ResourceRequestArgs_GetResponse
wv2_ResourceRequestArgs_SetResponse
wv2_ResourceRequest_GetData
wv2_ResourceRequest_GetHeaders
wv2_ResourceRequest_GetMethod
wv2_ResourceRequest_GetURL
wv2_ResourceRequest_SetData
wv2_ResourceRequest_SetMethod
wv2_ResourceRequest_SetURL
wv2_ResourceResponseView_GetData
wv2_ResourceResponseView_GetData_Sync
wv2_ResourceResponseView_GetHeaders
wv2_ResourceResponseView_GetReasonPhrase
wv2_ResourceResponseView_GetStatusCode
wv2_ResourceResponse_GetData
wv2_ResourceResponse_GetHeaders
wv2_ResourceResponse_GetReasonPhrase
wv2_ResourceResponse_GetStatusCode
wv2_ResourceResponse_SetData
wv2_ResourceResponse_SetReasonPhrase
wv2_ResourceResponse_SetStatusCode
wv2_Utility_Malloc
wv2_Utility_Mfree
wv2_Webview_AddPreloadScript
wv2_Webview_AddPreloadScript_Sync
wv2_Webview_AddWebResourceRequestedFilter
wv2_Webview_Attach_BasicAuthenticationRequested
wv2_Webview_Attach_ContainsFullScreenElementChanged
wv2_Webview_Attach_ContextMenuRequested
wv2_Webview_Attach_DocumentTitleChanged
wv2_Webview_Attach_DownloadStarting
wv2_Webview_Attach_FaviconChanged
wv2_Webview_Attach_FrameCreated
wv2_Webview_Attach_IsDocumentPlayingAudioChanged
wv2_Webview_Attach_NavigationCompleted
wv2_Webview_Attach_NavigationStarting
wv2_Webview_Attach_NewWindowRequest
wv2_Webview_Attach_PermissionRequested
wv2_Webview_Attach_ScriptDialogOpening
wv2_Webview_Attach_SourceChanged
wv2_Webview_Attach_WebMessageReceived
wv2_Webview_Attach_WebResourceRequested
wv2_Webview_Attach_WebResourceResponseReceived
wv2_Webview_Attach_WindowCloseRequest
wv2_Webview_BasicAuthenticationRequestedArgs_GetCancel
wv2_Webview_BasicAuthenticationRequestedArgs_GetChallenge
wv2_Webview_BasicAuthenticationRequestedArgs_GetDeferral
wv2_Webview_BasicAuthenticationRequestedArgs_GetURL
wv2_Webview_BasicAuthenticationRequestedArgs_Password_Attr
wv2_Webview_BasicAuthenticationRequestedArgs_SetCancel
wv2_Webview_BasicAuthenticationRequestedArgs_UserName_Attr
wv2_Webview_CallDevtoolsProtocolsMethod
wv2_Webview_CallDevtoolsProtocolsMethod_Sync
wv2_Webview_CanGoBack
wv2_Webview_CanGoForward
wv2_Webview_CapturePreview
wv2_Webview_CapturePreview_Sync
wv2_Webview_CloseDefaultDownloadDialog
wv2_Webview_ContextMenuArgs_GetDeferral
wv2_Webview_ContextMenuArgs_GetItemCollection
wv2_Webview_ContextMenuArgs_GetPos
wv2_Webview_ContextMenuArgs_GetTargetInfo
wv2_Webview_ContextMenuArgs_Handled_Attr
wv2_Webview_ContextMenuArgs_SelectedCommandID_Attr
wv2_Webview_Detach_BasicAuthenticationRequested
wv2_Webview_Detach_ContainsFullScreenElementChanged
wv2_Webview_Detach_ContextMenuRequested
wv2_Webview_Detach_DocumentTitleChanged
wv2_Webview_Detach_DownloadStarting
wv2_Webview_Detach_FaviconChanged
wv2_Webview_Detach_FrameCreated
wv2_Webview_Detach_IsDocumentPlayingAudioChanged
wv2_Webview_Detach_NavigationCompleted
wv2_Webview_Detach_NavigationStarting
wv2_Webview_Detach_NewWindowRequest
wv2_Webview_Detach_PermissionRequested
wv2_Webview_Detach_ScriptDialogOpening
wv2_Webview_Detach_SourceChanged
wv2_Webview_Detach_WebMessageReceived
wv2_Webview_Detach_WebResourceRequested
wv2_Webview_Detach_WebResourceResponseReceived
wv2_Webview_Detach_WindowCloseRequest
wv2_Webview_ExecuteScript
wv2_Webview_ExecuteScript_Sync
wv2_Webview_GetAudioPlaying
wv2_Webview_GetBrowserProcessID
wv2_Webview_GetCookieManager
wv2_Webview_GetDefaultDownloadDialogMargin
wv2_Webview_GetDocumentTitle
wv2_Webview_GetEnvironment
wv2_Webview_GetFaviconURL
wv2_Webview_GetFullscreenMode
wv2_Webview_GetMute
wv2_Webview_GetProfile
wv2_Webview_GetSettings
wv2_Webview_GetURL
wv2_Webview_GetUserAgent
wv2_Webview_GoBack
wv2_Webview_GoForward
wv2_Webview_HTTPRequestHeader_Contains
wv2_Webview_HTTPRequestHeader_GetHeader
wv2_Webview_HTTPRequestHeader_GetHeaders
wv2_Webview_HTTPRequestHeader_GetRawData
wv2_Webview_HTTPRequestHeader_RemoveHeader
wv2_Webview_HTTPRequestHeader_SetHeader
wv2_Webview_HTTPResponseHeader_AppendHeader
wv2_Webview_HTTPResponseHeader_Contains
wv2_Webview_HTTPResponseHeader_GetHeader
wv2_Webview_HTTPResponseHeader_GetHeaders
wv2_Webview_HTTPResponseHeader_GetRawData
wv2_Webview_IsDefaultDownloadDialogOpen
wv2_Webview_Navigate
wv2_Webview_NavigateRequest
wv2_Webview_NavigateToString
wv2_Webview_NavigationStartingEventArgs_GetRequestHeader
wv2_Webview_NavigationStartingEventArgs_GetURL
wv2_Webview_NavigationStartingEventArgs_PutCancel
wv2_Webview_NewWindowRequestArgs_GetDeferral
wv2_Webview_NewWindowRequestArgs_GetFeatures
wv2_Webview_NewWindowRequestArgs_GetHandled
wv2_Webview_NewWindowRequestArgs_GetNewWindow
wv2_Webview_NewWindowRequestArgs_GetURL
wv2_Webview_NewWindowRequestArgs_SetHandled
wv2_Webview_NewWindowRequestArgs_SetNewWindow
wv2_Webview_OpenDefaultDownloadDialog
wv2_Webview_OpenDevTools
wv2_Webview_OpenTaskManager
wv2_Webview_PermissionRequestArgs_GetDeferral
wv2_Webview_PermissionRequestArgs_GetState
wv2_Webview_PermissionRequestArgs_GetType
wv2_Webview_PermissionRequestArgs_GetURL
wv2_Webview_PermissionRequestArgs_SetState
wv2_Webview_PostWebMessageAsJSON
wv2_Webview_PostWebMessageAsString
wv2_Webview_Reload
wv2_Webview_RemovePreloadScript
wv2_Webview_RemoveWebResourceRequestedFilter
wv2_Webview_ScriptDialogOpeningArgs_Accept
wv2_Webview_ScriptDialogOpeningArgs_GetDefaultText
wv2_Webview_ScriptDialogOpeningArgs_GetDeferral
wv2_Webview_ScriptDialogOpeningArgs_GetMessage
wv2_Webview_ScriptDialogOpeningArgs_GetResultText
wv2_Webview_ScriptDialogOpeningArgs_GetType
wv2_Webview_ScriptDialogOpeningArgs_GetURL
wv2_Webview_ScriptDialogOpeningArgs_SetResultText
wv2_Webview_SetDefaultDownloadDialogMargin
wv2_Webview_SetMute
wv2_Webview_SetSettings
wv2_Webview_SetUserAgent
wv2_Webview_Stop
wv2_Webview_WebMessageReceivedArgs_GetMessageAsJSON
wv2_Webview_WebMessageReceivedArgs_GetURL
wv2_Webview_WebMessageReceivedArgs_TryGetString

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4919d35dcbd28eefc0a7d4b0f048681

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

shell32

advapi32

ole32

urlmon

Exports

Exports

Sections

.text Size: 109KB - Virtual size: 109KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 46KB - Virtual size: 48KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 109KB - Virtual size: 109KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 46KB - Virtual size: 48KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB