WsmAgent[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

WsmAgent.dll
Size

22KB
MD5

8ce07c343259bdb5c20e758fd0c7e5c3
SHA1

30aac8e1e6b8cdbabe700a4ff2f0b48afdbb1281
SHA256

6c517c953ffb309da51b242412dd2328391644f131c0177f2944168477dfefc2
SHA512

2f26cae65c81b7bf9198e431c51e1a31844ef2ee5ce30b4e90c06b1a665482032a35f4815eeb12993372d4df6fa3ba33882d1f5724761498b653bcbc219cd404
SSDEEP

384:79tYoRh7SrcIvtLxClRk87qd6AtB6zge5WEa0z0tEWshW0EP/:BtxRM/ClN5Ot64/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WsmAgent.dll

Files

WsmAgent.dll
.dll regsvr32 windows:10 windows x86 arch:x86

658d1053ebbc26d53842b2596256f8d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wsmagent.pdb

Imports

msvcrt

free
malloc
_purecall
swprintf_s
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
__dllonexit
_onexit
_except_handler4_common
__CxxFrameHandler3
memcpy
memset

advapi32

CredFree
CredDeleteW
CredWriteW
CredReadW
CheckTokenMembership
OpenThreadToken
LookupAccountNameW
TraceMessage
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids

kernel32

GetCurrentProcess
GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetLastError
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
LoadLibraryExW
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentThread
SetUnhandledExceptionFilter
CloseHandle
UnhandledExceptionFilter
Sleep

wsmsvc

??1CWSManCriticalSection@@QAE@XZ
?GetSid@CSecurity@@SGPAXXZ
?IsLocalSystemSid@CSecurity@@SGHPAX@Z
??0AutoImpersonateUser@@QAE@XZ
?BeginRevertToSelf@CSecurity@@SGHPAPAXK@Z
??0?$AutoDelete@U_SID@@@@QAE@PAU_SID@@@Z
??1AutoImpersonateUser@@QAE@XZ
??1?$AutoDelete@U_SID@@@@QAE@XZ
?Alloc@WSManMemory@@SGPAXIHW4_NitsFaultMode@@@Z
?StringIsBlank@@YGHPBG@Z
?Free@WSManMemory@@SGXPAXH@Z

Exports

Exports

??1CWSManCriticalSectionWithConditionVar@@QAE@XZ
?GetInitError@CWSManCriticalSection@@QBEKXZ
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

658d1053ebbc26d53842b2596256f8d2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

wsmsvc

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 1004B

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 1004B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB