Wsmselpl[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Wsmselpl.dll
Size

131KB
MD5

fac076551e31369eb9ed518534a6db86
SHA1

35572e4d5faf9bb601a75698abd3814e20835bbf
SHA256

529618ec47c45828d25050f132ead0c832a67d672c3fcff3c9050bcbadb76686
SHA512

4d136d812eb02e0ad57cad685294bf47714ad75f30d0aaa48ce06b403677c7629b27e26b45f14fc46e1dd8bfe8cf4efb1bd3244dd869949cac3355a8de7d8102
SSDEEP

3072:+m5PPfwaQetFKU7NV3iuuCxfqfstKou9OegJBHeU6hxUYU7:7NJi/Lfst0bhxM7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Wsmselpl.dll

Files

Wsmselpl.dll
.dll windows:6 windows x86 arch:x86

e3d3f899636b5b437c8cb29227753ca7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WsmSelPl.pdb

Imports

msvcrt

_wtoi
??0exception@@QAE@XZ
wcsstr
wcstoul
_wcsicoll
_itow
_fpclass
_ultow
_wcslwr
memset
wcschr
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memmove_s
memcpy_s
wcsncmp
_wcsnicmp
swscanf_s
memcpy
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
_amsg_exit
_initterm
free
malloc
_XcptFilter
_snwscanf_s
_CxxThrowException
_vsnwprintf
_wcsicmp
__CxxFrameHandler3
wcsrchr

ntdll

EtwLogTraceEvent
EtwEventEnabled
EtwEventWrite
EtwEventUnregister
EtwEventRegister
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

kernel32

OutputDebugStringA
GetVersionExW
SetEvent
LocalFree
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
SetLastError
GetProcessHeap
GetLastError
HeapCreate
HeapDestroy
HeapAlloc
CloseHandle
GetCurrentProcess
GetCurrentThread
GetLocaleInfoW
FormatMessageW
GetUserDefaultLangID
WaitForMultipleObjects
GetComputerNameExW
GetCurrentThreadId
GetCurrentProcessId
CreateThread
CreateEventW
GetSystemDirectoryW
Sleep
InterlockedCompareExchange
CompareFileTime
SystemTimeToFileTime
DelayLoadFailureHook
LoadLibraryExA
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LoadLibraryExW
FileTimeToSystemTime
HeapFree
GetComputerNameW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnumUILanguagesW

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

VariantInit
VariantClear
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetDim
GetErrorInfo

wsmsvc

?FreeBstr@WSManMemory@@SGXPAGHABVCallSite@TestSystem@@@Z
?ReAlloc@WSManMemory@@SGPAXPAXIABVCallSite@TestSystem@@W4Mode@3@@Z
WSManEnumeratorAddEvent
WSManCloseObjectHandle
WSManEncodeObject
WSManDecodeObject
FwXmlParserCreate
FwXmlParseText
FwXmlCloseParser
FwXmlCompareElementName
?AllocBstr@WSManMemory@@SGPAGPBGHABVCallSite@TestSystem@@@Z
FwXmlGetChild
?Alloc@WSManMemory@@SGPAXIABVCallSite@TestSystem@@W4Mode@3@@Z
?Free@WSManMemory@@SGXPAXABVCallSite@TestSystem@@@Z
FwXmlGetSimpleContent
FwXmlIsSimpleContent
FwXmlIsEmpty
FwXmlNumChildren

Exports

Exports

WSManPluginShutdown
WSManPluginStartup
WSManProvPullEvents
WSManProvSubscribe
WSManProvUnsubscribe

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3d3f899636b5b437c8cb29227753ca7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-security-sddl-l1-1-0

kernel32

ole32

oleaut32

wsmsvc

Exports

Exports

Sections

.text Size: 114KB - Virtual size: 114KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 114KB - Virtual size: 114KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 13KB - Virtual size: 12KB