179334251c00cd5f0fa6738016e610253222cb2bc11ab9c4d7f1b8c5be4d1adb

Sharing

Copy URL Twitter E-mail

General

Target

179334251c00cd5f0fa6738016e610253222cb2bc11ab9c4d7f1b8c5be4d1adb
Size

42KB
MD5

65a7e50b2cceb9a0c37ea28812bce25c
SHA1

66a90e2ab697a92cc546370202fbee63523754e3
SHA256

179334251c00cd5f0fa6738016e610253222cb2bc11ab9c4d7f1b8c5be4d1adb
SHA512

eff25fbfdd05387164c7eea2adae141adbb2c568cc04bba21ae8c0bcec7e58ce0e0de2184b0d2423dbd22e9f2d7a6308f448f8f32a41c6caabda46d2ba0af18e
SSDEEP

768:XvFxPTA3d6ij+hCvsfmmCVptdloKki+4LIeWXxh34TGs+OxTVl/:/FxPAdj+hCvsft4ptdgPI6v4T9+O9V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
179334251c00cd5f0fa6738016e610253222cb2bc11ab9c4d7f1b8c5be4d1adb

Files

179334251c00cd5f0fa6738016e610253222cb2bc11ab9c4d7f1b8c5be4d1adb
.exe windows:5 windows x86 arch:x86

7ef211758d19d83b78f76c72de1648fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\workspace\ci.wwlight.build\symbol\Release\WWCmd.pdb

Imports

kernel32

GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
LoadLibraryW
SetCurrentDirectoryW
GetCommandLineW
SetEvent
GetCurrentThreadId
Sleep
GetProcAddress
WaitForSingleObject
CreateEventW
CreateThread
LockResource
FindResourceExW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeLibrary
OutputDebugStringW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
CloseHandle
HeapFree
WaitForSingleObjectEx
ResetEvent
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent
InitializeSListHead

user32

PostThreadMessageW
CharNextW
TranslateMessage
CharUpperW
GetMessageW
DispatchMessageW

advapi32

RegFlushKey
RegSetValueW
RegCreateKeyW
RegOpenKeyW
RegOpenCurrentUser
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoReleaseServerProcess
StringFromGUID2
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoCreateInstance
CoAddRefServerProcess

oleaut32

SysAllocString
SysFreeString
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
VarUI4FromStr
SysStringLen

shlwapi

SHDeleteKeyW

vcruntime140

memcpy
wcsstr
wcsrchr
memset
_except_handler4_common
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memmove
__CxxFrameHandler3

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
malloc
_recalloc

api-ms-win-crt-runtime-l1-1-0

_errno
_controlfp_s
terminate
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_invalid_parameter_noinfo
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-string-l1-1-0

_wcslwr_s
wcscmp
wmemcpy_s
wcscpy_s
wcscat_s
wcsncpy_s
wcslen

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__p__commode
__stdio_common_vswprintf_s
_set_fmode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ef211758d19d83b78f76c72de1648fd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 2KB