Wsmselpl[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Wsmselpl.dll
Size

119KB
MD5

e4ea11ee03713247fd81412397352009
SHA1

f43066ce87ce67b029ca278ae32962eeb8a59064
SHA256

f33359f196643fcd83194dae95e5b74b16e7b01ac61656da5a2408f391c5e10d
SHA512

a3cb327a5415b1025afea8f8979bc13d1dd01e389dd08fc6c7eb7b01f4da8cb9fcb2276eb634ce6daf2bcb3073046c089d5839c43d72b036daa392600047b2aa
SSDEEP

3072:V26LNRAFfDn2tsPXB9FCPFMdj2vL2wkO69/ZHwSj:qPXBkrtP6hZHw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Wsmselpl.dll

Files

Wsmselpl.dll
.dll windows:6 windows x86 arch:x86

35a5f67dc35d46d243b2420ea6d454b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WsmSelPl.pdb

Imports

msvcrt

malloc
free
swscanf_s
_wcsicoll
wcsrchr
_wcslwr
_ultow
_initterm
_wtoi
_itow
towlower
wcsstr
_fpclass
wcsncmp
wcscpy_s
??1type_info@@UAE@XZ
_lock
_unlock
__dllonexit
_onexit
_except_handler4_common
_ftol2
wcschr
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_snwscanf_s
_vsnwprintf
memcpy_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_wcsicmp
memmove_s
memcpy

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
CompareFileTime
ResolveDelayLoadedAPI
DelayLoadFailureHook
OutputDebugStringA
GetSystemDirectoryW
GetComputerNameW
FileTimeToSystemTime
SystemTimeToFileTime
CreateThread
LocalFree
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
SetEvent
DisableThreadLibraryCalls
HeapAlloc
LoadLibraryExW
GetCurrentProcess
HeapFree
GetCurrentThread
GetProcessHeap
GetUserDefaultLangID
WaitForMultipleObjects
GetLocaleInfoW
Sleep
FormatMessageW
HeapDestroy
HeapCreate
GetLastError
GetComputerNameExW
CreateEventW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoFreeUnusedLibrariesEx

oleaut32

GetErrorInfo
SysAllocString
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
SysStringLen
SafeArrayGetDim
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy

wsmsvc

?Append@TSTRBUFFER@@QAEJPBGII@Z
?Resize@RBUFFER@@QAEHI@Z
?AppendChar@TSTRBUFFER@@QAEJG@Z
?GetCharInUse@TSTRBUFFER@@QBEIXZ
?Free@WSManMemory@@SGXPAXH@Z
?Alloc@WSManMemory@@SGPAXIHW4_NitsFaultMode@@@Z
?WSManError@@YGXPBGK0KPAVIRequestContext@@@Z
?RecordOutOfMemory@CErrorContext@@UAEXXZ
??1CErrorContext@@UAE@XZ
??0CErrorContext@@QAE@_N@Z
??1CWSManCriticalSection@@QAE@XZ
??1?$AutoRelease@UIWbemServices@@@@QAE@XZ
??1?$AutoDeleteVector@G@@QAE@XZ
?GetErrorCode@CErrorContext@@UBEKXZ
WSManCloseObjectHandle
WSManEnumeratorAddEvent
FwXmlIsSimpleContent
FwXmlCloseParser
?AppendEscapeXmlContent@TSTRBUFFER@@QAEJPBG_N@Z
FwXmlGetChild
WSManEncodeObject
WSManDecodeObject
FwXmlParseText
FwXmlIsEmpty
FwXmlCompareElementName
FwXmlNumChildren
?WrapperCoSetProxyBlanket@@YGJPAUIUnknown@@KKPAGKKPAXKW4BehaviourForNoInterfaceError@@@Z
FwXmlParserCreate
FwXmlGetSimpleContent
??1TSTRBUFFER@@QAE@XZ
?Append@TSTRBUFFER@@QAEJPBG@Z
??0TSTRBUFFER@@QAE@XZ
??1AutoLibrary@@QAE@XZ
??0AutoLibrary@@QAE@PAUHINSTANCE__@@@Z
?Acquire@CWSManCriticalSection@@QAEXXZ
?Release@CWSManCriticalSection@@QAEXXZ
??0CWSManCriticalSection@@QAE@XZ
?IsValid@CWSManCriticalSection@@QBEHXZ
??0AutoHandle@@QAE@PAX@Z
?GetToken@CSecurity@@SGPAXXZ
??0AutoLocalFree@@QAE@XZ
?ExtractSidFromToken@CSecurity@@SGHPAVIRequestContext@@PAXAAVAutoLocalFree@@@Z
??0AutoBstr@@QAE@PAG@Z
??4AutoBstr@@QAEAAV0@PAG@Z
?AllocBstr@WSManMemory@@SGPAGPBGHH@Z
??0?$AutoRelease@UIClientSecurity@@@@QAE@XZ
??0?$AutoRelease@UIWbemLocator@@@@QAE@XZ
??4?$AutoRelease@UIWbemServices@@@@QAEAAV0@PAUIWbemServices@@@Z
??0?$AutoRelease@UIWbemServices@@@@QAE@PAUIWbemServices@@@Z
??0?$AutoRelease@UIWbemServices@@@@QAE@XZ
??4?$AutoDeleteVector@G@@QAEAAV0@PAG@Z
??0?$AutoDeleteVector@G@@QAE@XZ
??1?$AutoRelease@UIClientSecurity@@@@QAE@XZ
??1?$AutoRelease@UIWbemLocator@@@@QAE@XZ
??1AutoBstr@@QAE@XZ
??1AutoLocalFree@@QAE@XZ
??1AutoHandle@@QAE@XZ
??0AutoBstrNoAlloc@@QAE@XZ
?StringCchEqualsCI@@YGHPBG0@Z
?StringCchEquals@@YGHPBG0@Z
??0BufferFormatter@@QAE@XZ
??1BufferFormatter@@UAE@XZ
?GrowBuffer@BufferFormatter@@UAEKXZ
?StringCchStartsWithCI@@YGHPBG0@Z
??0AutoBstr@@QAE@XZ
?Reset@TSTRBUFFER@@QAEXXZ
?RecordMIFailure@IRequestContext@@QAEXW4_MI_Result@@K@Z
?AppendXmlStartElem@TSTRBUFFER@@QAEJPBGHKPAU_XML_ATTRIB@@@Z
?AppendXmlStartElemWithPrefix@TSTRBUFFER@@QAEJPBG0HKPAU_XML_ATTRIB@@@Z
?AppendXmlEndElem@TSTRBUFFER@@QAEJPBG@Z
?AppendXmlEndElemWithPrefix@TSTRBUFFER@@QAEJPBG0@Z
?AppendXmlStartElemWithNamespaces@TSTRBUFFER@@QAEJPBGKPAU_XML_NAMESPACE_PREFIX@@HKPAU_XML_ATTRIB@@@Z
?AppendXmlStartElemWithNamespacesAndPrefixes@TSTRBUFFER@@QAEJPBG0KPAU_XML_NAMESPACE_PREFIX@@HKPAU_XML_ATTRIB@@@Z
??0?$AutoDeleteVector@E@@QAE@XZ
??1?$AutoDeleteVector@E@@QAE@XZ
?RestoreAllPrivileges@@YGHPAU_TOKEN_PRIVILEGES@@@Z
??0CRequestContext@@QAE@XZ
??1CRequestContext@@UAE@XZ
??0?$AutoRelease@UIErrorInfo@@@@QAE@XZ
??0?$AutoRelease@UIWbemPathKeyList@@@@QAE@PAUIWbemPathKeyList@@@Z
??0?$AutoRelease@UIWbemPath@@@@QAE@PAUIWbemPath@@@Z
??0?$AutoRelease@UIWbemQualifierSet@@@@QAE@XZ
??4?$AutoDelete@VTSTRBUFFER@@@@QAEAAV0@PAVTSTRBUFFER@@@Z
??0?$AutoDelete@VTSTRBUFFER@@@@QAE@PAVTSTRBUFFER@@@Z
??0?$AutoRelease@UIWbemContext@@@@QAE@XZ
??0?$AutoRelease@UIWbemClassObject@@@@QAE@XZ
??4?$AutoDeleteVector@E@@QAEAAV0@PAE@Z
??1?$AutoRelease@UIErrorInfo@@@@QAE@XZ
??1?$AutoRelease@UIWbemContext@@@@QAE@XZ
??1?$AutoRelease@UIWbemPathKeyList@@@@QAE@XZ
??1?$AutoRelease@UIWbemPath@@@@QAE@XZ
??1?$AutoRelease@UIWbemQualifierSet@@@@QAE@XZ
??1AutoBstrNoAlloc@@QAE@XZ
??1?$AutoDelete@VTSTRBUFFER@@@@QAE@XZ
??1?$AutoRelease@UIWbemClassObject@@@@QAE@XZ

miutils

RtlReleaseCachedFastLockExclusive
RtlQueueAcquireCachedFastLockExclusive
RtlReleaseCachedFastLockShared
RtlTryAcquireCachedFastLockShared
RtlQueueAcquireCachedFastLockShared
RtlDeleteCachedFastLock
MI_Hash
RtlInitializeCachedFastLock

Exports

Exports

??0?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@XZ
??0?$SafeMap_Iterator@VKey@Locale@@K@@QAE@AAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z
??0?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@ABV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z
??1?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@XZ
??1?$SafeMap_Iterator@VKey@Locale@@K@@QAE@XZ
??1?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@XZ
??1CWSManCriticalSectionWithConditionVar@@QAE@XZ
??_7?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@6B@
?Acquire@?$SafeMap@VKey@CWmiPtrCache@@VMapping@2@V?$SafeMap_Iterator@VKey@CWmiPtrCache@@VMapping@2@@@@@UBEXXZ
?Acquire@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UBEXXZ
?Acquire@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAEXXZ
?Acquired@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE_NXZ
?AsReference@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAEAAV1@XZ
?Data@?$SafeMap_Iterator@VKey@Locale@@K@@IBEAAV?$STLMap@VKey@Locale@@K@@XZ
?DeInitialize@?$SafeMap@VKey@CWmiPtrCache@@VMapping@2@V?$SafeMap_Iterator@VKey@CWmiPtrCache@@VMapping@2@@@@@UAE_NAAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UAE_NAAVIRequestContext@@@Z
?GetInitError@CWSManCriticalSection@@QBEKXZ
?GetMap@?$SafeMap_Iterator@VKey@Locale@@K@@QBEAAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ
?GetMap@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QBEABV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ
?Initialize@?$SafeMap@VKey@CWmiPtrCache@@VMapping@2@V?$SafeMap_Iterator@VKey@CWmiPtrCache@@VMapping@2@@@@@UAE_NAAVIRequestContext@@@Z
?Initialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UAE_NAAVIRequestContext@@@Z
?IsValid@?$SafeMap_Iterator@VKey@CWmiPtrCache@@VMapping@2@@@QBE_NXZ
?IsValid@?$SafeMap_Iterator@VKey@Locale@@K@@QBE_NXZ
?Release@?$SafeMap@VKey@CWmiPtrCache@@VMapping@2@V?$SafeMap_Iterator@VKey@CWmiPtrCache@@VMapping@2@@@@@UBEXXZ
?Release@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UBEXXZ
?Reset@?$SafeMap_Iterator@VKey@Locale@@K@@QAEXXZ
?SkipOrphans@?$SafeMap_Iterator@VKey@Locale@@K@@IAEXXZ
WSManPluginShutdown
WSManPluginStartup
WSManProvPullEvents
WSManProvSubscribe
WSManProvUnsubscribe

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35a5f67dc35d46d243b2420ea6d454b6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-security-sddl-l1-1-0

kernel32

ole32

oleaut32

wsmsvc

miutils

Exports

Exports

Sections

.text Size: 99KB - Virtual size: 99KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 99KB - Virtual size: 99KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 9KB - Virtual size: 9KB