8a7fbe0f345aa26da3fcef09f5861c41782cadf2e38ee93b71eb28e920830ab7

General

Target

8a7fbe0f345aa26da3fcef09f5861c41782cadf2e38ee93b71eb28e920830ab7
Size

60KB
MD5

005134685311cbe775420914884bf309
SHA1

f157e0bd72e45e6672f1c087d8509d1de85b3b86
SHA256

8a7fbe0f345aa26da3fcef09f5861c41782cadf2e38ee93b71eb28e920830ab7
SHA512

c422e3417918157f73afd25f1e50d3dbb55840cb32998e9b6ddb2099336024f33bd3a2b437abcbadae0450197077b430f43ab5ed17a5ce21ffff6986a8555e13
SSDEEP

768:oNGn8Lp8tc7dG7wrl4IXlDdxJJdUK4uFGVVCTzxkucMhkSExqkV+lU:oAnk2td8SydxJLd4uUVkT/cEkWtlU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a7fbe0f345aa26da3fcef09f5861c41782cadf2e38ee93b71eb28e920830ab7

Files

8a7fbe0f345aa26da3fcef09f5861c41782cadf2e38ee93b71eb28e920830ab7
.exe windows:4 windows x86 arch:x86

803a89e1ce8d46b138bcda0aaf6d4169

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\NETBOX\Project\client6.15.1\src\probe\wgprotect\Release\wgprotect.pdb

Imports

kernel32

CreateToolhelp32Snapshot
GetVersionExA
Sleep
GetCurrentProcess
GetProcAddress
GetModuleHandleA
ReadProcessMemory
WriteFile
CreateFileA
WaitNamedPipeA
OutputDebugStringA
Process32First
OpenProcess
Module32Next
Module32First
VirtualFreeEx
VirtualAllocEx
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
Process32Next
CloseHandle
VirtualQuery
WideCharToMultiByte
ExitProcess
RtlUnwind
RaiseException
GetCommandLineA
HeapAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapFree
SetUnhandledExceptionFilter
HeapReAlloc
TerminateProcess
HeapSize
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LoadLibraryA
InterlockedExchange
SetFilePointer
MultiByteToWideChar
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
FlushFileBuffers

user32

FindWindowExA
SendMessageA
GetWindowThreadProcessId
FindWindowA

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

803a89e1ce8d46b138bcda0aaf6d4169

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 7KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 7KB