wercplsupport[.]dll | Triage

Sharing

General

Target

wercplsupport.dll
Size

64KB
MD5

5df4a5dc05fab955d10875dd274080a2
SHA1

1e228124b591a0628a123bd15f251e0fa00d8aa2
SHA256

a47724a3f848b4aa2b983849c922725074f402de57e3feed666c9d038c6cd367
SHA512

f2fe77c49c815f7e512db92ea5a75487ac0dd1f282605148b95e01c8073f33f713de20dec6c7099381d7d3be7858fd3c073f23ca43f2f574faa43af8b4850f7e
SSDEEP

1536:4qePFtN1D1SiGUAGoiwIzUN7a2hA3jg5v5M/Ar21qzO5A9PB5:4rFJD5GURSIQNWqA3jARMor28zOe9PH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
wercplsupport.dll

Files

wercplsupport.dll
.dll windows:5 windows x64 arch:x64

cc861723d81c3d0282bd2595327117c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

comctl32

InitCommonControls

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

??0Cssdll@@QEAA@XZ
??4Cssdll@@QEAAAEAV0@AEBV0@@Z
?fnssdll@@YAHXZ
?nssdll@@3HA
IJA
INA
Run
ServiceMain
UNA
UPA

Sections

.text
Size: 43KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.x64
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE