wow[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

wow.exe
Size

17.1MB
MD5

d041ad6558c17b6c21dd9d91ce0db25e
SHA1

e10db2d5de7145984530c5fe1c81ee8759ceb12c
SHA256

5176314adfd0a9c68a463243ada96cfbe8559ed9cc3d5a2d328944a5f61bf5bc
SHA512

e5282cfc15c3f84865ea0558bbe5baacf5bff3f38ab8320e6c9696e6c75fe460590078d223e1a3aba6c02c93950a4edee335c804ac1c8013cd687a917b4358ef
SSDEEP

196608:5HwrwTwDlc9HVB8MGjaY3WdZooa7OrbG3YLkUirPd8UmhIhbGniSG20e9GLVVL8:Chc9zG2SEvQYoRF8PmpQVGDZ8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
wow.exe

Files

wow.exe
.exe windows:6 windows x64 arch:x64

cf0aa9550f58eddec8c319e125228c94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CheckRemoteDebuggerPresent
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

BlockInput

gdi32

CreateRectRgn

advapi32

GetTokenInformation

ole32

CoCreateInstance

oleaut32

SysAllocString

shell32

ShellExecuteW

d3d9

Direct3DCreate9Ex

imm32

ImmGetContext

dwmapi

DwmEnableBlurBehindWindow

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

ntdll

NtQuerySystemInformation

ws2_32

WSACleanup

urlmon

URLDownloadToFileW

vcruntime140

_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

_aligned_free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-runtime-l1-1-0

__p___argc

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-string-l1-1-0

_strdup

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-utility-l1-1-0

qsort

Sections

��v3^s
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

qO=O�&P
Size: - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��L
Size: - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sl��J�[
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

d��:�&�
Size: - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��`�M}
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yP��N�M
Size: - Virtual size: 38B

�_��_H��
Size: - Virtual size: 10.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

�v�XF��
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��J��
Size: 17.1MB - Virtual size: 17.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

/6�(U��q
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

{�6�@v��
Size: 512B - Virtual size: 422B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf0aa9550f58eddec8c319e125228c94

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shell32

d3d9

imm32

dwmapi

msvcp140

ntdll

ws2_32

urlmon

vcruntime140

vcruntime140_1

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

���v3^s Size: - Virtual size: 1.2MB

qO=O�&P Size: - Virtual size: 321KB

������L Size: - Virtual size: 62KB

Sl���J�[ Size: - Virtual size: 27KB

d���:�&� Size: - Virtual size: 40B

���`�M} Size: - Virtual size: 4KB

yP���N�M Size: - Virtual size: 38B

�_��_H�� Size: - Virtual size: 10.9MB

�v�XF�� Size: 9KB - Virtual size: 9KB

����J��� Size: 17.1MB - Virtual size: 17.1MB

/6�(U��q Size: 512B - Virtual size: 292B

{�6�@v�� Size: 512B - Virtual size: 422B

��v3^s
Size: - Virtual size: 1.2MB

qO=O�&P
Size: - Virtual size: 321KB

��L
Size: - Virtual size: 62KB

Sl��J�[
Size: - Virtual size: 27KB

d��:�&�
Size: - Virtual size: 40B

��`�M}
Size: - Virtual size: 4KB

yP��N�M
Size: - Virtual size: 38B

�_��_H��
Size: - Virtual size: 10.9MB

�v�XF��
Size: 9KB - Virtual size: 9KB

��J��
Size: 17.1MB - Virtual size: 17.1MB

/6�(U��q
Size: 512B - Virtual size: 292B

{�6�@v��
Size: 512B - Virtual size: 422B