WinAudit[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

WinAudit.exe
Size

1.9MB
MD5

790a0c22656cf4752ecca36919d7a429
SHA1

6de071765bf0b27e7e754da432ba2a446cdf3152
SHA256

835b7ff01636762ee4cb081d5995e64a23e1da32daa5e9585b87588f6c4a672a
SHA512

ca6286a85f61c946cbf2095afd2324b7abcdcd192d04149f0ea5466d75c43b5d3dc8a5733a47916185bb251f7a2122d859d4be8f9630e5e4cca32097a352d1ea
SSDEEP

49152:tZ8j9p+6a8/7HL2lRH+W3jGdzdEWyFXA:38j9E6a8/rL2lR7jC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WinAudit.exe

Files

WinAudit.exe
.exe windows:6 windows x86 arch:x86

1406f7942d72949f27b886f13956417b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Develop\projects\WinAudit\VS2022\Win32\Release\WinAudit.pdb

Imports

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDescriptionW
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

netapi32

NetGroupGetInfo
NetUserGetGroups
NetLocalGroupGetMembers
NetUserModalsGet
NetShareGetInfo
NetShareEnum
NetFileEnum
NetSessionEnum
NetLocalGroupGetInfo
NetQueryDisplayInformation
NetLocalGroupEnum
NetGroupGetUsers
NetServerGetInfo
DsGetSiteNameW
NetApiBufferFree
NetWkstaGetInfo
NetUserGetInfo
NetUserGetLocalGroups

secur32

LsaCallAuthenticationPackage
LsaDeregisterLogonProcess
LsaConnectUntrusted
LsaLookupAuthenticationPackage
LsaFreeReturnBuffer

iphlpapi

GetTcpTable
GetExtendedTcpTable
GetUdpTable
GetIpForwardTable
GetAdaptersAddresses
GetIpAddrTable
GetExtendedUdpTable

msi

ord181
ord70
ord244
ord45
ord113

kernel32

MultiByteToWideChar
FormatMessageW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTimeFormatW
FreeLibrary
WideCharToMultiByte
GetDateFormatW
LoadLibraryExW
SizeofResource
ExpandEnvironmentStringsW
GetModuleFileNameW
LockResource
LoadResource
FindResourceW
ExitProcess
GetCurrentThreadId
VirtualQuery
GetEnvironmentVariableW
GetSystemDirectoryW
GetComputerNameExW
lstrcmpW
GetComputerNameW
IsWow64Process
GetACP
GetSystemInfo
CreateDirectoryW
FindFirstFileW
FindNextFileW
GetTempPathW
FindClose
SetLastError
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
CreateEventW
GetExitCodeThread
CreateThread
MulDiv
GetCurrentDirectoryW
GetUserDefaultLangID
LoadLibraryW
WriteFile
IsValidCodePage
FindFirstFileExW
GetProcessHeap
LCMapStringW
GetFileType
HeapAlloc
HeapFree
GetFileTime
GetStdHandle
HeapValidate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
TerminateProcess
UnhandledExceptionFilter
GetFileSizeEx
ReadFile
GetModuleHandleW
GetProcAddress
GetSystemDefaultLangID
Module32FirstW
Process32FirstW
K32GetProcessMemoryInfo
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
CompareStringW
GetTickCount64
LocalFree
SetUnhandledExceptionFilter
GetCommandLineW
GetDriveTypeW
GetDiskFreeSpaceExW
SetErrorMode
GetDiskFreeSpaceW
GetLogicalDrives
GetVolumeInformationW
CreateFileW
DeviceIoControl
lstrcmpiW
QueryPerformanceCounter
IsProcessorFeaturePresent
GetPriorityClass
GetNativeSystemInfo
GetEnvironmentStringsW
GetSystemTime
GlobalMemoryStatusEx
GetLocalTime
GetLastError
GetTimeZoneInformation
FreeEnvironmentStringsW
GetLocaleInfoW
GetOEMCP
GetCPInfo
GetCommandLineA
SetStdHandle
GetStringTypeW
FlushFileBuffers
SetFilePointerEx
CloseHandle
DeleteFileW
GetFileAttributesW
GetCurrentProcess
GetModuleHandleExW
SetFilePointer
HeapSize
HeapReAlloc
GetConsoleOutputCP
GetConsoleMode
GetThreadPriority
QueryPerformanceFrequency
GetCurrentThread
Sleep
GetProcessAffinityMask
SetThreadPriority
SetPriorityClass
SetThreadAffinityMask
SetEvent
SetCurrentDirectoryW
WaitForMultipleObjects
DecodePointer
GetWindowsDirectoryW
WriteConsoleW

user32

CreateMenu
CreatePopupMenu
SetMenuItemInfoW
InsertMenuW
RemoveMenu
AppendMenuW
GetKeyState
EqualRect
GetScrollInfo
CopyRect
GetForegroundWindow
DestroyMenu
DestroyAcceleratorTable
DrawMenuBar
GetMenuState
CheckMenuItem
EnableMenuItem
GetMessageW
GetLastActivePopup
GetMenuBarInfo
IsChild
TranslateAcceleratorW
GetMenuItemRect
SetForegroundWindow
IsIconic
SetLayeredWindowAttributes
SetRect
LoadIconW
SetCapture
ReleaseCapture
GetCapture
DialogBoxIndirectParamW
GetDialogBaseUnits
SetMenu
SetParent
SetScrollInfo
CreateAcceleratorTableW
DispatchMessageW
PostMessageW
InvalidateRect
RedrawWindow
EndDialog
MessageBoxW
ReleaseDC
EnumDisplaySettingsW
EnumDisplayDevicesW
GetDC
GetDesktopWindow
CopyImage
CopyIcon
DrawIcon
DestroyIcon
GetWindowLongW
GetWindowTextLengthW
GetMenuItemInfoW
DefWindowProcW
GetWindow
GetWindowRect
DestroyWindow
SetWindowPos
GetMenuItemCount
CreateWindowExW
ScreenToClient
SetWindowTextW
RegisterClassExW
BringWindowToTop
SetTimer
ClientToScreen
PeekMessageW
IsWindowEnabled
LoadBitmapW
TranslateMessage
GetClassNameW
GetWindowDC
SetWindowLongW
GetClientRect
KillTimer
GetSysColorBrush
GetClassInfoExW
PtInRect
UpdateWindow
BeginPaint
EndPaint
GetKeyboardType
GetSystemMetrics
OffsetRect
GetCursorPos
SystemParametersInfoW
EnableWindow
GetWindowTextW
CharUpperW
SetFocus
MoveWindow
GetSysColor
ShowWindow
IsWindowVisible
FillRect
MessageBeep
LoadCursorW
SetCursor
DrawTextW
PostQuitMessage
GetParent
GetFocus
SendMessageW
TrackPopupMenu

gdi32

TextOutW
Polygon
ExcludeClipRect
Arc
BeginPath
GetDeviceCaps
DeleteObject
GetObjectW
DeleteDC
SetPixelV
GetPixel
GetTextMetricsW
GetStockObject
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
GetCurrentObject
CreateFontIndirectW
CreateSolidBrush
RestoreDC
SetBkColor
MoveToEx
CreatePen
LineTo
SetBkMode
SetTextColor
GetTextExtentPoint32W
SaveDC
SetDCPenColor
SetMapMode
SelectClipRgn
Rectangle
EndPath
CreateRectRgn
PathToRegion

winspool.drv

GetPrinterDriverW
EnumPrintersW
EnumPortsW
ClosePrinter
OpenPrinterW

comdlg32

ChooseFontW
CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

advapi32

LsaFreeMemory
LsaEnumerateAccountRights
LsaNtStatusToWinError
LsaOpenPolicy
LsaClose
LookupAccountNameW
CloseEventLog
RevertToSelf
ReadEventLogW
OpenEventLogW
ConvertSidToStringSidW
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
EnumServicesStatusW
OpenServiceW
QueryServiceConfig2W
QueryServiceConfigW
OpenSCManagerW
CloseServiceHandle
RegQueryInfoKeyW
CryptCreateHash
CryptAcquireContextW
GetSidIdentifierAuthority
RegQueryValueExW
FreeSid
IsValidSid
InitializeSid
GetSidSubAuthority
AllocateAndInitializeSid
GetSidSubAuthorityCount
EqualSid
RegEnumKeyExW
IsTextUnicode
ImpersonateAnonymousToken
LsaEnumerateAccountsWithUserRight
RegOpenKeyExW
LookupPrivilegeDisplayNameW
LsaQueryInformationPolicy
GetUserNameW
RegEnumValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
LookupPrivilegeNameW
ImpersonateSelf
OpenProcessToken
OpenThreadToken
GetTokenInformation
GetSecurityDescriptorDacl
GetAce
GetNamedSecurityInfoW
GetSecurityDescriptorOwner
LookupAccountSidW
RegCloseKey

shell32

ExtractIconW
ShellExecuteW
FindExecutableW
SHGetFolderPathW

ole32

CLSIDFromProgID
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoCreateGuid
StringFromGUID2
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CLSIDFromString

oleaut32

VariantClear
SafeArrayDestroy
SysAllocString
SysFreeString
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound
VariantTimeToSystemTime
VariantInit
GetErrorInfo

odbc32

ord75
ord108
ord30
ord18
ord4
ord111
ord16
ord9
ord138
ord141
ord157
ord78
ord13
ord139
ord147
ord145
ord24
ord29
ord173
ord20
ord127
ord176
ord31
ord171
ord132
ord136

dbghelp

SymFromAddr
StackWalk64
SymInitialize
SymFunctionTableAccess64
SymGetModuleBase64
SymCleanup

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msimg32

GradientFill
TransparentBlt

Sections

.text
Size: 924KB - Virtual size: 923KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 462KB - Virtual size: 461KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 507KB - Virtual size: 506KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1406f7942d72949f27b886f13956417b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

mpr

netapi32

secur32

iphlpapi

msi

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

odbc32

dbghelp

version

msimg32

Sections

.text Size: 924KB - Virtual size: 923KB

.rdata Size: 462KB - Virtual size: 461KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 507KB - Virtual size: 506KB

.reloc Size: 58KB - Virtual size: 57KB

.text
Size: 924KB - Virtual size: 923KB

.rdata
Size: 462KB - Virtual size: 461KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 507KB - Virtual size: 506KB

.reloc
Size: 58KB - Virtual size: 57KB