WfHC[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WfHC.dll
Size

63KB
MD5

b1e5bf138c7e512f28c8909f47ce7f4b
SHA1

1c35bc39c3fc554a5fd39855306f62da806d5075
SHA256

62ba2b5d8f10cbdb2e6a9fba90e593c836e5c4fa8787e22295cce0c9025b58d0
SHA512

44c4ea78289f342ef6d95fc7c2b869ea4dcb8d014466fb1e0c83ca06ac17762911c95b75b7d582cacc885e7156d46b13272415096bdda6e3e9490a4015a5a80d
SSDEEP

768:9KDY5rvzz4vtdB5j8Ih8JYAqlA8xEJbawO+x4opV3JhI5cmORSNdW9VzvlUq1DsL:954FXqTKA8eJWbMnhtE7QR1Ds8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WfHC.dll

Files

WfHC.dll
.dll windows:6 windows x86 arch:x86

3a7276851be505460ca01637cba6c208

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wfhc.pdb

Imports

msvcrt

wcsncmp
wcsnlen
__CxxFrameHandler3
??0exception@@QAE@ABQBD@Z
vswprintf_s
_vscwprintf
wcsstr
memcpy_s
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
malloc
memmove_s
memset
free
_purecall
_vsnwprintf
memcpy

kernel32

GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
CompareStringW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
SizeofResource
LockResource
LoadResource
FindResourceExW
FormatMessageW
LocalFree
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap

advapi32

IsValidSid

user32

LoadStringW
UnregisterClassA

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

shlwapi

PathFindFileNameW
ord487
AssocQueryStringW

ws2_32

htons
ntohs

firewallapi

FwAlloc
FWOpenPolicyStore
FWFreeFirewallRules
FWClosePolicyStore
FWAddFirewallRule
FWDeleteFirewallRule
FWSetFirewallRule
FWGetGlobalConfig
FWQueryFirewallRules
FwFree

ntdll

EtwTraceMessage

fwpuclnt

FwpmEngineClose0
FwpmEngineOpen0
FwpmFilterGetById0
FwpmFreeMemory0

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a7276851be505460ca01637cba6c208

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

user32

ole32

shlwapi

ws2_32

firewallapi

ntdll

fwpuclnt

rpcrt4

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 49KB

.data Size: 2KB - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 49KB - Virtual size: 49KB

.data
Size: 2KB - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 5KB