WlS0WndH[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WlS0WndH.dll
Size

9KB
MD5

9375178cb40a8080c0022ecf0da08e8b
SHA1

2c228f19268c8348e93924f4dc0a9464c2636108
SHA256

58af9c9d51e0247594811305a9005b3c9340539866b15eee22d7865fa6646f3e
SHA512

312b7b4535280fff65438d751f19879d4719c427323979ac27ec947e5a9eed178f11a73a4b3407391ae87a8e0d021939c28acbf1e0d40db79cbac556322c3bed
SSDEEP

192:8Hm8iaZtHcT8qcx6fzDYNylN7WOQUJkWQ:8XiajHGSsAN8WOQWkW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WlS0WndH.dll

Files

WlS0WndH.dll
.dll windows:6 windows x86 arch:x86

275273b4f8cf46153aff2db128a43145

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wls0wndh.pdb

Imports

msvcrt

_amsg_exit
free
_except_handler4_common
_initterm
malloc
_XcptFilter

ntdll

RtlTimeToSecondsSince1980

user32

GetParent
CallNextHookEx
FindWindowW

kernel32

GetSystemTimeAsFileTime
ResolveDelayLoadedAPI
DelayLoadFailureHook
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
QueueUserWorkItem
GetLastError

Exports

Exports

Session0ViewerWindowProcHook

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 866B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ