WsmAgent[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

WsmAgent.dll
Size

25KB
MD5

3953dd2baadeeb308483377e604790e0
SHA1

89473a43eaf9c96265b1633898972831179bcab9
SHA256

14a009ceb52b77ab8f3b6ed5b4965c13cf33346cc979cee92ac161d2531cb4bb
SHA512

4255d46f8848f7cbf308465977bd710ea92c548ebc3e9a4f04aeb925ec250cb6e628282de15f40506de1a9fdc09df033949e906ef13ffdb1c2d6651e9d418ce9
SSDEEP

384:YMX/h7SrcIvtL4twZcYKMt4lg8gL86zFT7SB+L0IPNLWjhWwEgC9:YeMYwHjJ7zTPNUc9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WsmAgent.dll

Files

WsmAgent.dll
.dll regsvr32 windows:10 windows x86 arch:x86

08f146bfb8d9d6fe5997572129dede9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wsmagent.pdb

Imports

msvcrt

_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_purecall
malloc
free
swprintf_s
__CxxFrameHandler3
memset

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW
TraceMessage

api-ms-win-core-sysinfo-l1-2-1

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-1

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetProcAddress
LoadLibraryExW
FreeLibrary

api-ms-win-security-lsalookup-l2-1-1

LookupAccountNameW

api-ms-win-core-processthreads-l1-1-2

OpenThreadToken
GetCurrentThread
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-security-base-l1-2-0

CheckTokenMembership

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

vaultcli

VaultCreateItemType
VaultGetItemType
VaultOpenVault
VaultCloseVault
VaultGetItem
VaultAddItem
VaultRemoveItem
VaultFree

wsmsvc

?IsLocalSystemSid@CSecurity@@SGHPAX@Z
?GetSid@CSecurity@@SGPAXXZ
?StringIsBlank@@YGHPBG@Z
?Alloc@WSManMemory@@SGPAXIHW4_NitsFaultMode@@@Z
?Free@WSManMemory@@SGXPAXH@Z
??0AutoImpersonateUser@@QAE@XZ
?BeginRevertToSelf@CSecurity@@SGHPAPAXK@Z
??0?$AutoDelete@U_SID@@@@QAE@PAU_SID@@@Z
??1AutoImpersonateUser@@QAE@XZ
??1?$AutoDelete@U_SID@@@@QAE@XZ
??1CWSManCriticalSection@@QAE@XZ

Exports

Exports

??1CWSManCriticalSectionWithConditionVar@@QAE@XZ
?GetInitError@CWSManCriticalSection@@QBEKXZ
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08f146bfb8d9d6fe5997572129dede9a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-security-lsalookup-l2-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-security-base-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

vaultcli

wsmsvc

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB