gwergewr[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

gwergewr.exe
Size

4.2MB
MD5

b043f96d8a14f0cc8f9a326af4bdc2da
SHA1

1d2f4ee5a62ebbda4f6acbcc2949fb5e6ae3275b
SHA256

8a7604f32b15636ef4962ade0c127493ff172992d1621b0a65bf429d2cab9d4d
SHA512

d4fa666e212628fb25e7debff6e2afc0f80b8b52841af9070cc307f4d3682e8c6f1811ccadcdeeebc50465ce166667d53aae52e67f1453d0c8db0342ed62e2d4
SSDEEP

98304:ZK8zTOvhT8UEgIP0rw4XiwpuBbNHXxE6ZgQAM/d5kJrD6CBkJHK0S:wcTOpQIIqDUBBH7mQlFK/6Ky7S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gwergewr.exe

Files

gwergewr.exe
.exe windows:6 windows x64 arch:x64

1a4802862d94da9f183b8033c7825d13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

QueryPerformanceFrequency
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowRect

advapi32

CryptCreateHash

shell32

ShellExecuteA

ole32

CoInitialize

msvcp140

??1_Lockit@std@@QEAA@XZ

winmm

waveOutSetVolume

normaliz

IdnToAscii

wldap32

ord45

crypt32

CertCreateCertificateChainEngine

ws2_32

getpeername

psapi

GetModuleInformation

rpcrt4

UuidToStringA

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy

api-ms-win-crt-runtime-l1-1-0

_errno

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-stdio-l1-1-0

fputc

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-filesystem-l1-1-0

_unlock_file

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-convert-l1-1-0

strtoll

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-utility-l1-1-0

qsort

Sections

.text
Size: - Virtual size: 522KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

only_pdb
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

only_pdb
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

only_pdb
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a4802862d94da9f183b8033c7825d13

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

msvcp140

winmm

normaliz

wldap32

crypt32

ws2_32

psapi

rpcrt4

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: - Virtual size: 522KB

.rdata Size: - Virtual size: 103KB

.data Size: - Virtual size: 4KB

.pdata Size: - Virtual size: 17KB

only_pdb Size: - Virtual size: 3.3MB

only_pdb Size: 4KB - Virtual size: 4KB

only_pdb Size: 4.2MB - Virtual size: 4.2MB

.reloc Size: 1024B - Virtual size: 608B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 522KB

.rdata
Size: - Virtual size: 103KB

.data
Size: - Virtual size: 4KB

.pdata
Size: - Virtual size: 17KB

only_pdb
Size: - Virtual size: 3.3MB

only_pdb
Size: 4KB - Virtual size: 4KB

only_pdb
Size: 4.2MB - Virtual size: 4.2MB

.reloc
Size: 1024B - Virtual size: 608B

.rsrc
Size: 512B - Virtual size: 480B