WinAnalyzer[.]exe

Resubmissions

28/06/2024, 17:27

240628-v1gghazhmm 3

28/06/2024, 17:25

240628-vzss5szhlp 3

Sharing

Copy URL Twitter E-mail

General

Target

WinAnalyzer.exe
Size

10.1MB
MD5

d6b13688f83fbe76d839a9f63c14d3c0
SHA1

c148bf1ea76bb2ca6c62fb1800c2a36203b7ad6b
SHA256

1de286aac4f3b912818001ae8398761ea6e31bfd6e433d17a24e8cee310f4f83
SHA512

db2589ee3efbcb805df1ddd5114caa0a71cc83629d31bd8741d070022d28397e53dbdbb67734ffe276e38b3f12546eb6e381af2b6619aa32369661792fae4f8c
SSDEEP

98304:ppTq8rqyR4w0gV94lwfUDYzrXfPOt9Bc3XWVg:S8ragbONDY/fE9OX2g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WinAnalyzer.exe

Files

WinAnalyzer.exe
.exe windows:6 windows x64 arch:x64

6e44813fe36282f26f5d42eeaa8f7926

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WinAnalyzer.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

ntdll

RtlUnwindEx
RtlPcToFileHeader
NtReadFile
NtQuerySystemInformation
RtlGetVersion
NtQueryInformationProcess
RtlVirtualUnwind
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
RtlCaptureContext
RtlLookupFunctionEntry
NtWriteFile

kernel32

VirtualQueryEx
LocalFree
CreateEventW
WaitForSingleObject
CreateMutexA
WaitForSingleObjectEx
FormatMessageW
GetFullPathNameW
lstrlenW
CreateThread
GetUserDefaultLocaleName
GetProcessIoCounters
LoadLibraryA
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GlobalLock
GlobalSize
GlobalUnlock
CreateProcessW
GetWindowsDirectoryW
GlobalAlloc
GetSystemDirectoryW
GetModuleHandleA
FreeLibrary
GetCurrentThread
GetSystemTimes
WaitForMultipleObjects
OpenProcess
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
ReadFileEx
LoadLibraryExA
CreateNamedPipeW
ExitProcess
CancelIo
CopyFileExW
GetUserDefaultUILanguage
LCIDToLocaleName
GetFinalPathNameByHandleW
LoadLibraryW
RemoveDirectoryW
MoveFileExW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
FindClose
FindNextFileW
ReleaseMutex
HeapReAlloc
ReadProcessMemory
CreateFileW
GetNativeSystemInfo
GetProcAddress
QueryPerformanceFrequency
GetProcessId
TerminateProcess
SleepEx
WriteFileEx
GetStdHandle
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
QueryPerformanceCounter
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetDriveTypeW
CompareStringOrdinal
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
GetConsoleMode
GetFileInformationByHandle
SetFileCompletionNotificationModes
GetOverlappedResult
ReadFile
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetHandleInformation
DuplicateHandle
GetCurrentProcess
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
LoadLibraryExW
GetSystemInfo
GetCurrentProcessId
GetEnvironmentVariableW
GetExitCodeProcess
Sleep
CreatePipe
TlsFree
GetProcessTimes
GetDiskFreeSpaceExW
GetLogicalDrives
GlobalMemoryStatusEx
GetTickCount64
GetVolumeInformationW
GetSystemTimePreciseAsFileTime
DeviceIoControl
GetModuleHandleW
GetCurrentThreadId
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CloseHandle
IsProcessorFeaturePresent
RaiseException
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
GetTempPathW

comctl32

DefSubclassProc
SetWindowSubclass
TaskDialogIndirect
RemoveWindowSubclass

user32

GetRawInputData
MonitorFromPoint
EnumDisplayMonitors
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterClassExW
RegisterWindowMessageA
EnumChildWindows
GetMessageA
GetWindowTextLengthW
RegisterClipboardFormatW
RedrawWindow
DispatchMessageA
CloseClipboard
GetDC
SetClipboardData
EmptyClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetWindowTextW
GetAsyncKeyState
SetWindowDisplayAffinity
GetKeyState
MapVirtualKeyExW
VkKeyScanW
DestroyIcon
ValidateRect
PostThreadMessageW
GetWindowLongPtrW
SetWindowTextW
GetMenu
AdjustWindowRectEx
ShowCursor
GetClipCursor
ClipCursor
IsWindowVisible
SystemParametersInfoA
PeekMessageW
IsProcessDPIAware
SetForegroundWindow
CreateIcon
SendMessageW
SendInput
GetUpdateRect
ToUnicodeEx
GetWindowLongW
GetClientRect
ClientToScreen
CreateAcceleratorTableW
ShowWindow
GetSystemMenu
EnableMenuItem
GetWindowRect
SetWindowLongW
LoadCursorW
RegisterHotKey
UnregisterHotKey
SetMenuItemInfoW
CheckMenuItem
CreateMenu
AppendMenuW
SetCursor
PostQuitMessage
GetKeyboardLayout
MonitorFromRect
PostMessageW
TrackMouseEvent
DestroyWindow
GetTouchInputInfo
ScreenToClient
CloseTouchInputHandle
DestroyAcceleratorTable
GetCursorPos
MonitorFromWindow
GetMonitorInfoW
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
GetForegroundWindow
SetCursorPos
InvalidateRgn
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
ReleaseCapture
FlashWindowEx
DefWindowProcW
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
IsIconic
GetActiveWindow
SetMenu
DispatchMessageW
TranslateMessage
SetWindowPos
GetKeyboardState

ole32

CreateStreamOnHGlobal
CoSetProxyBlanket
RevokeDragDrop
CoUninitialize
OleInitialize
RegisterDragDrop
CoInitializeEx
CoIncrementMTAUsage
CoInitializeSecurity
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

shell32

ShellExecuteW
CommandLineToArgvW
SHAppBarMessage
SHGetKnownFolderPath
SHCreateItemFromParsingName
DragQueryFileW
DragFinish

gdi32

GetDeviceCaps
DeleteObject
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

pdh

PdhCollectQueryData
PdhAddEnglishCounterW
PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhOpenQueryA

powrprof

CallNtPowerInformation

psapi

GetModuleFileNameExW
GetPerformanceInfo

advapi32

RegGetValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SystemFunction036
OpenProcessToken
GetTokenInformation
EventUnregister
ImpersonateAnonymousToken
EventWriteTransfer
RevertToSelf
EventRegister
LookupAccountSidW
EventSetInformation

oleaut32

GetErrorInfo
SysStringLen
SysAllocString
SysFreeString
SetErrorInfo
VariantClear

iphlpapi

GetIfTable2
FreeMibTable
GetIfEntry2

netapi32

NetApiBufferFree
NetUserGetLocalGroups
NetUserEnum

secur32

EncryptMessage
LsaFreeReturnBuffer
LsaGetLogonSessionData
DeleteSecurityContext
FreeContextBuffer
LsaEnumerateLogonSessions
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
FreeCredentialsHandle
AcquireCredentialsHandleA
QueryContextAttributesW
ApplyControlToken

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

uxtheme

SetWindowTheme

bcrypt

BCryptGenRandom

ws2_32

setsockopt
WSAIoctl
WSAGetLastError
shutdown
getsockopt
WSAStartup
WSACleanup
closesocket
WSASend
send
ioctlsocket
connect
bind
WSASocketW
getsockname
getpeername
freeaddrinfo
getaddrinfo
recv

crypt32

CertDuplicateStore
CertDuplicateCertificateContext
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertDuplicateCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain

api-ms-win-crt-math-l1-1-0

trunc
round
__setusermatherr
floor
pow

api-ms-win-crt-string-l1-1-0

strlen
_wcsicmp
wcsncmp
wcslen
strcpy_s

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_crt_atexit
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
_set_app_type
abort
_seh_filter_exe
_exit
exit
strerror
_initialize_onexit_table
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
__p___argc

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
calloc
_set_new_mode
free

Sections

.text
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

6e44813fe36282f26f5d42eeaa8f7926

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

ntdll

kernel32

comctl32

user32

ole32

shell32

gdi32

dwmapi

pdh

powrprof

psapi

advapi32

oleaut32

iphlpapi

netapi32

secur32

api-ms-win-core-winrt-l1-1-0

uxtheme

bcrypt

ws2_32

crypt32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 6.5MB - Virtual size: 6.5MB

.rdata Size: 3.2MB - Virtual size: 3.2MB

.data Size: 13KB - Virtual size: 24KB

.pdata Size: 368KB - Virtual size: 367KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 55KB - Virtual size: 55KB

.text
Size: 6.5MB - Virtual size: 6.5MB

.rdata
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 13KB - Virtual size: 24KB

.pdata
Size: 368KB - Virtual size: 367KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 55KB - Virtual size: 55KB