WfHC[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

WfHC.dll
Size

64KB
MD5

964e2607de7ebc7cead952169bf749bc
SHA1

d88dd8351c5f157e891adc15178a4a0f74372b94
SHA256

d93c69603aecc418d458798e227c6ea3a09fa0180dab07b392897e556a55f4bc
SHA512

a73ede139f7722b9af62e89719355742e5227a44cc766e0973d9f3368e32a7ef1f917fa484b780f30140e6ea7bd81225525278fa511dbce7db2a6c27de233f62
SSDEEP

1536:f9dCXSa8bYtRMgOI0aVNzqIdLtE8weHAFU:fLCX1t6gT/Hb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WfHC.dll

Files

WfHC.dll
.dll windows:6 windows x86 arch:x86

93d2ee38682c02e9bb96ad054e58398e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wfhc.pdb

Imports

msvcrt

_vscwprintf
vswprintf_s
memcpy_s
wcsstr
wcsnlen
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_callnewh
_XcptFilter
_initterm
_amsg_exit
?terminate@@YAXXZ
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
??0exception@@QAE@ABQBD@Z
malloc
memmove_s
free
_CxxThrowException
__CxxFrameHandler3
_purecall
memset
_vsnwprintf
wcsncmp
??1type_info@@UAE@XZ
memcpy

kernel32

GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FormatMessageW
FindResourceExW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetLastError
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InterlockedExchange
CompareStringW
lstrcmpiW
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OutputDebugStringA
FindResourceW
LoadResource
LocalFree
SizeofResource
LockResource

advapi32

IsValidSid

user32

UnregisterClassA
LoadStringW

ole32

CoTaskMemRealloc
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

shlwapi

AssocQueryStringW
ord487
PathFindFileNameW

ws2_32

htons
ntohs

firewallapi

FWSetFirewallRule
FWAddFirewallRule
FWDeleteFirewallRule
FWOpenPolicyStore
FWQueryFirewallRules
FWFreeFirewallRules
FWClosePolicyStore
FWGetGlobalConfig
FwFree
FwAlloc

ntdll

EtwTraceMessage

fwpuclnt

FwpmFreeMemory0
FwpmFilterGetById0
FwpmEngineOpen0
FwpmEngineClose0

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93d2ee38682c02e9bb96ad054e58398e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

user32

ole32

shlwapi

ws2_32

firewallapi

ntdll

fwpuclnt

rpcrt4

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 54KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 54KB - Virtual size: 54KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 4KB