e73e91d038a45dd041708094877cc975df72066e495c40adc0c8aeff319487cb

General

Target

e73e91d038a45dd041708094877cc975df72066e495c40adc0c8aeff319487cb
Size

60KB
MD5

009bb24219ee3b614a6807a85539272c
SHA1

8dadfc3d13df4baa1e657f90b5e94cd3bb2bd587
SHA256

e73e91d038a45dd041708094877cc975df72066e495c40adc0c8aeff319487cb
SHA512

ebedeeb30482522f1ba3f60b8c0dc64ef1869621d2c62e481e270434fb5bf273f50565dd325d026d8204978fe5d86be2808e234a3a39daf00c538f8079e06687
SSDEEP

768:RNGn8Lp8tc7dG7wrl4IXlDdxJJdUK4uFGVVCTzxkucMhkSExqkV+lU:RAnk2td8SydxJLd4uUVkT/cEkWtlU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e73e91d038a45dd041708094877cc975df72066e495c40adc0c8aeff319487cb

Files

e73e91d038a45dd041708094877cc975df72066e495c40adc0c8aeff319487cb
.exe windows:4 windows x86 arch:x86

803a89e1ce8d46b138bcda0aaf6d4169

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\NETBOX\Project\client6.15.1\src\probe\wgprotect\Release\wgprotect.pdb

Imports

kernel32

CreateToolhelp32Snapshot
GetVersionExA
Sleep
GetCurrentProcess
GetProcAddress
GetModuleHandleA
ReadProcessMemory
WriteFile
CreateFileA
WaitNamedPipeA
OutputDebugStringA
Process32First
OpenProcess
Module32Next
Module32First
VirtualFreeEx
VirtualAllocEx
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
Process32Next
CloseHandle
VirtualQuery
WideCharToMultiByte
ExitProcess
RtlUnwind
RaiseException
GetCommandLineA
HeapAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapFree
SetUnhandledExceptionFilter
HeapReAlloc
TerminateProcess
HeapSize
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LoadLibraryA
InterlockedExchange
SetFilePointer
MultiByteToWideChar
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
FlushFileBuffers

user32

FindWindowExA
SendMessageA
GetWindowThreadProcessId
FindWindowA

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

803a89e1ce8d46b138bcda0aaf6d4169

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 7KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 7KB