WlanMM[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WlanMM.dll
Size

731KB
MD5

4b8441782918424827f2937cfb669136
SHA1

6de4e720ea9939865a56a274cebac575a0de14f5
SHA256

7203084c05d2de7b6636247947da801445dd5d89ece2d8776dda69aade067881
SHA512

6af8668f327a21ab63cbb361585c68f3069b40eb3fe7c52044d92780524b8618bb7ea579d7c0f8286ddf2d5c5568a885357960987e1738b8edb845a65f305e9e
SSDEEP

6144:Y3fZYiT458xP4QatvtETvEcsJjL247XPydRbTCVVPXpaq56nO3TWgh:DQK8xYvGHB47/4C/vpae6nkX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WlanMM.dll

Files

WlanMM.dll
.dll regsvr32 windows:6 windows x86 arch:x86

1c0b6c13ced6dbefe3673feea21b2dd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WlanMM.pdb

Imports

msvcrt

_onexit
_lock
__dllonexit
_unlock
_errno
realloc
_except_handler4_common
??1type_info@@UAE@XZ
_amsg_exit
_initterm
_XcptFilter
_callnewh
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
iswxdigit
towlower
_ultow
wprintf
swscanf
memcpy
_wtoi
iswspace
iswdigit
wcsstr
vswprintf_s
memmove_s
wcscat_s
wcscpy_s
_resetstkoflw
calloc
memset
_purecall
__CxxFrameHandler3
wcsncpy_s
_CxxThrowException
memcpy_s
free
malloc

api-ms-win-core-localregistry-l1-1-0

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW

api-ms-win-security-base-l1-1-0

CheckTokenMembership
AllocateAndInitializeSid
FreeSid

wlanhlp

WlanPrivateGetAvailableNetworkList
WlanInternalScan
WlanGenerateProfileXmlBasicSettings
WlanParseProfileXmlBasicSettings
WlanConnectWithInput

ntdll

EtwTraceMessage
EtwGetTraceEnableFlags
RtlNtStatusToDosError
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel

rpcrt4

UuidToStringW
RpcStringFreeW

nlaapi

NlaDeleteDataSet
NlaAddToTypeSet
NlaDeleteTypeSet
NlaQueryNetDataEx
NlaCloseQuery
NlaOpenQuery
NlaCreateTypeSet

wlanutil

WlanStringToSsid
WlanSsidToDisplayName

kernel32

CreateEventW
DisableThreadLibraryCalls
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
SetEvent
CloseHandle
InterlockedExchange
InterlockedCompareExchange
WaitForSingleObject
lstrcmpiW
GetModuleHandleW
GetProcAddress
LoadLibraryW
InterlockedDecrement
InterlockedIncrement
GetLastError
DeleteCriticalSection
SetThreadLocale
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
lstrcmpW
GetThreadLocale
QueueUserWorkItem
ResetEvent
lstrlenA
DebugBreak
OutputDebugStringW
ExpandEnvironmentStringsW
Sleep
CreateThread
WaitForMultipleObjects
HeapFree
HeapAlloc
GetProcessHeap
OutputDebugStringA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DelayLoadFailureHook
LoadLibraryExA
WideCharToMultiByte
InitializeCriticalSection
GetVersionExA
GetCurrentProcess
SetLastError
LocalFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
StartDiagnosticsW

Sections

.text
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 527KB - Virtual size: 527KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c0b6c13ced6dbefe3673feea21b2dd0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-localregistry-l1-1-0

api-ms-win-security-base-l1-1-0

wlanhlp

ntdll

rpcrt4

nlaapi

wlanutil

kernel32

Exports

Exports

Sections

.text Size: 186KB - Virtual size: 185KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 527KB - Virtual size: 527KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 186KB - Virtual size: 185KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 527KB - Virtual size: 527KB

.reloc
Size: 15KB - Virtual size: 14KB