23542ca9447a9fb28583d229b22ad4f6cf1a71b4bc332c4fdbc0746963f67506

Sharing

Copy URL

Twitter E-mail

General

Target

23542ca9447a9fb28583d229b22ad4f6cf1a71b4bc332c4fdbc0746963f67506
Size

2.4MB
MD5

1a8c0d5ded7f399be1b43d1b6c3a6692
SHA1

12c882aea0cbe460d04f838bdf9b44c57f0aa36e
SHA256

23542ca9447a9fb28583d229b22ad4f6cf1a71b4bc332c4fdbc0746963f67506
SHA512

20a3600b1ca50e1c8acd42375c3c6cd102b8fb305eb431c2b083da1068c9400cd310b36413c193f6dd5b3b19572a4cc242116a9748e9b396caa696c578d9754e
SSDEEP

49152:zvSzkJnOyQpABa+VsNbwzPhTzoL6Y0fxfNrBUf0uzkf:zqzkbkbhwzmLb0fxfNr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23542ca9447a9fb28583d229b22ad4f6cf1a71b4bc332c4fdbc0746963f67506

Files

23542ca9447a9fb28583d229b22ad4f6cf1a71b4bc332c4fdbc0746963f67506
.exe windows:6 windows x86 arch:x86

06069c089469016295f0a16bdca1fba9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\devops_yanfa\workspace\p-4663c901377d457795e7a5c44ce670aa\src\bin\WAE_ESP.pdb

Imports

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

wldap32

ord46
ord22
ord211
ord217
ord143
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord60
ord41
ord45

crypt32

CertAddCertificateContextToStore
CryptQueryObject
CryptDecodeObjectEx
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertGetCertificateChain
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertOpenStore
CryptStringToBinaryA
CertFindCertificateInStore
PFXImportCertStore
CertCloseStore
CertFreeCertificateContext

kernel32

GlobalAlloc
MulDiv
ReleaseMutex
CreateMutexW
CreateDirectoryW
GetFileAttributesW
LocalFileTimeToFileTime
SetFilePointer
SetFileTime
SystemTimeToFileTime
LocalFree
FormatMessageW
VerSetConditionMask
GetLocalTime
lstrcmpiW
lstrcpynW
lstrcpyW
SetLastError
FreeLibrary
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
QueryPerformanceFrequency
SleepEx
QueryPerformanceCounter
VerifyVersionInfoA
GetEnvironmentVariableA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
MoveFileExA
CreateFileA
GetDriveTypeW
GetCurrentProcess
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetEnvironmentVariableW
SetErrorMode
CreateProcessW
GetExitCodeProcess
TerminateProcess
lstrcmpW
SetEndOfFile
TerminateThread
GetFileAttributesExW
CreateThread
SetFilePointerEx
SetFileAttributesW
LeaveCriticalSection
SetEnvironmentVariableA
WriteConsoleW
InitializeSListHead
WideCharToMultiByte
GetThreadTimes
GetFullPathNameW
SetStdHandle
ReadConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetModuleHandleExW
GetCurrentThread
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
MoveFileExW
SystemTimeToTzSpecificLocalTime
FindClose
FindNextFileW
FindFirstFileExW
FileTimeToSystemTime
GetFileInformationByHandle
FileTimeToLocalFileTime
AreFileApisANSI
RtlUnwind
GetCommandLineA
GetCPInfo
ExitThread
IsProcessorFeaturePresent
IsDebuggerPresent
GetStringTypeW
EncodePointer
lstrlenW
LoadLibraryW
GlobalUnlock
GlobalLock
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
CloseHandle
SetEvent
WaitForSingleObject
GetTimeZoneInformation
LoadLibraryExW
GetProcAddress
GetCurrentThreadId
FindResourceW
LoadResource
SizeofResource
LockResource
FindResourceExW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetSystemDefaultLCID
GetUserDefaultLCID
GetTickCount
ReadFile
GetFileSize
GetCurrentDirectoryW
ExitProcess
GetACP
OutputDebugStringW
MultiByteToWideChar
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetFileSizeEx
DeleteFileW
CreateSemaphoreW
SetUnhandledExceptionFilter
FreeResource
OpenProcess
GetCurrentProcessId
GetModuleFileNameW
VirtualQuery
WriteFile
CreateFileW
lstrcatW
GetTempPathW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
Sleep
CreateEventW
GetNativeSystemInfo
GetVersionExW
EnterCriticalSection

user32

CharPrevW
AdjustWindowRectEx
GetPropW
SetPropW
GetMenu
EnableWindow
GetClassInfoExW
RegisterClassExW
GetGUIThreadInfo
RegisterClassW
CallWindowProcW
DrawTextW
FillRect
SetRect
DestroyMenu
EnableMenuItem
CreateCaret
UpdateLayeredWindow
GetWindowRgn
UpdateWindow
IsWindowEnabled
wsprintfA
DrawTextA
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
SendMessageW
ScreenToClient
GetWindowRect
SetWindowPos
GetDC
GetSystemMetrics
wsprintfW
MessageBoxW
EnumWindows
GetWindowThreadProcessId
GetParent
IsWindowVisible
InvalidateRgn
CreateAcceleratorTableW
MoveWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
EqualRect
ClientToScreen
GetShellWindow
FindWindowW
GetLastActivePopup
SetForegroundWindow
ShowWindow
SetFocus
CreatePopupMenu
AppendMenuW
TrackPopupMenu
PtInRect
LoadIconW
IsWindow
GetClassNameW
PostQuitMessage
GetCursorPos
IsIconic
BringWindowToTop
SetActiveWindow
SetCursor
InflateRect
UnionRect
OffsetRect
LoadCursorW
IsZoomed
SetWindowRgn
GetClientRect
GetWindowLongW
SetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
CreateWindowExW
DestroyWindow
CharNextW
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
MapWindowPoints
GetSysColor
IntersectRect
IsRectEmpty
GetWindow
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
LoadImageW
DefWindowProcW
GetCaretBlinkTime

gdi32

SetBitmapBits
GetBitmapBits
GetTextExtentPointA
PtInRegion
CreateRectRgn
CreatePatternBrush
GdiFlush
TextOutW
MoveToEx
GetObjectA
CreateDIBSection
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
CreateRoundRectRgn

advapi32

RegCreateKeyExW
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegEnumKeyExW
CheckTokenMembership
FreeSid
RevertToSelf
AllocateAndInitializeSid
RegDeleteValueW
ImpersonateLoggedOnUser
RegQueryInfoKeyW
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptGetHashParam
RegCloseKey
RegQueryValueExW
CryptDestroyHash

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetFolderLocation
ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationW
CommandLineToArgvW
ord165
DragQueryFileW
SHGetFolderPathW

ole32

ReleaseStgMedium
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleDuplicateData
DoDragDrop
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString
VariantClear
GetErrorInfo
SysFreeString
VariantChangeType
VariantInit
VariantCopy

shlwapi

wnsprintfW
PathFileExistsW

gdiplus

GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipImageSelectActiveFrame
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathArc
GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipSetStringFormatLineAlign

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

dbghelp

MiniDumpWriteDump

psapi

GetModuleFileNameExW

ws2_32

ntohl
inet_ntoa
inet_addr
ioctlsocket
__WSAFDIsSet
select
WSACreateEvent
WSAEventSelect
WSACloseEvent
WSAEnumNetworkEvents
recvfrom
sendto
htonl
listen
accept
getaddrinfo
freeaddrinfo
WSASetLastError
connect
socket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
recv
WSACleanup
WSAGetLastError
send
closesocket
gethostname
gethostbyname
WSAStartup

winhttp

WinHttpQueryHeaders
WinHttpOpen
WinHttpCloseHandle
WinHttpCrackUrl
WinHttpAddRequestHeaders
WinHttpConnect
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpReceiveResponse

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 791KB - Virtual size: 791KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06069c089469016295f0a16bdca1fba9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

wldap32

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

imm32

dbghelp

psapi

ws2_32

winhttp

version

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 336KB - Virtual size: 336KB

.data Size: 21KB - Virtual size: 38KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 791KB - Virtual size: 791KB

.reloc Size: 71KB - Virtual size: 70KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 336KB - Virtual size: 336KB

.data
Size: 21KB - Virtual size: 38KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 791KB - Virtual size: 791KB

.reloc
Size: 71KB - Virtual size: 70KB