WfHC[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WfHC.dll
Size

64KB
MD5

a9f9c0a2390021b99372035b17887547
SHA1

3861838b1e34c0f44db347f57fb84e389f0e5812
SHA256

83c1f089d6d0d2ac7938bcbdc17e630620c322642a36466cd7cae0cedcb67e9b
SHA512

2b5208f1a44b9ce813470bcc3f83eea8cb350e71223cfe663f86660cb6402c7b3efa851e635e85be78dc21c64c144f7499f32705f4fc0b8071a80613bb317de0
SSDEEP

1536:n/trtZ4vurKmRQI+qD/JE5U2bFrXGJ5D4H0q:nFgvu+mRQkD/h2bF2D4H0q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WfHC.dll

Files

WfHC.dll
.dll windows:6 windows x86 arch:x86

3a7276851be505460ca01637cba6c208

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wfhc.pdb

Imports

msvcrt

wcsncmp
wcsnlen
__CxxFrameHandler3
??0exception@@QAE@ABQBD@Z
vswprintf_s
_vscwprintf
wcsstr
memcpy_s
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
malloc
memmove_s
memset
free
_purecall
_vsnwprintf
memcpy

kernel32

GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
CompareStringW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
SizeofResource
LockResource
LoadResource
FindResourceExW
FormatMessageW
LocalFree
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap

advapi32

IsValidSid

user32

LoadStringW
UnregisterClassA

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

shlwapi

PathFindFileNameW
ord487
AssocQueryStringW

ws2_32

htons
ntohs

firewallapi

FwAlloc
FWOpenPolicyStore
FWFreeFirewallRules
FWClosePolicyStore
FWAddFirewallRule
FWDeleteFirewallRule
FWSetFirewallRule
FWGetGlobalConfig
FWQueryFirewallRules
FwFree

ntdll

EtwTraceMessage

fwpuclnt

FwpmEngineClose0
FwpmEngineOpen0
FwpmFilterGetById0
FwpmFreeMemory0

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a7276851be505460ca01637cba6c208

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

user32

ole32

shlwapi

ws2_32

firewallapi

ntdll

fwpuclnt

rpcrt4

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.data Size: 2KB - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 52KB - Virtual size: 52KB

.data
Size: 2KB - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB