wIWkQ[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

wIWkQ.exe
Size

16.0MB
MD5

d8d87f27fd08e0ecba73bd90480bc7fd
SHA1

69966b37a6e3ad0b39c1445a89e589a536d53708
SHA256

61792169e5a7fe35fd21ea3b96659786b92725368e94c2788edad04024d5640f
SHA512

937923322b563a11eaaa6abf197c9bc15f4acb4b51cd0c28790a6ecd81891cf9fdbc5616e6031b30eec096f2e569cc6c3f284b4bc946676f5bdb790305de3620
SSDEEP

393216:YqAOU8/f8sfuqXuMjP/uQFxj9sg+rmU6P:cdN3GZFb+rl6P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
wIWkQ.exe

Files

wIWkQ.exe
.exe windows:6 windows x64 arch:x64

44d0e00e343d89627fdc531e95881763

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CheckRemoteDebuggerPresent
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

BlockInput

gdi32

CreateRectRgn

ole32

CoCreateInstance

oleaut32

SysAllocString

shell32

ShellExecuteW

d3d9

Direct3DCreate9Ex

advapi32

CloseServiceHandle

imm32

ImmGetContext

dwmapi

DwmEnableBlurBehindWindow

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

ws2_32

WSACleanup

urlmon

URLDownloadToFileW

ntdll

NtQuerySystemInformation

vcruntime140

_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

_aligned_free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-runtime-l1-1-0

__p___argc

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-string-l1-1-0

_strdup

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-utility-l1-1-0

qsort

Sections

J@iuPP7U
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

7.f|{D.\
Size: - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

&emMq`LH
Size: - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

%uh@a2(K
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

uu.,|Z2H
Size: - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

kB?(9R81
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

L?F(.J#c
Size: - Virtual size: 38B

27:b7hT1
Size: - Virtual size: 10.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

i}\)1j+v
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Rjz.^g?C
Size: 16.0MB - Virtual size: 16.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

??JCAi%1
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Ua0y#tK,
Size: 512B - Virtual size: 422B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44d0e00e343d89627fdc531e95881763

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

shell32

d3d9

advapi32

imm32

dwmapi

msvcp140

ws2_32

urlmon

ntdll

vcruntime140

vcruntime140_1

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

J@iuPP7U Size: - Virtual size: 1.0MB

7.f|{D.\ Size: - Virtual size: 300KB

&emMq`LH Size: - Virtual size: 61KB

%uh@a2(K Size: - Virtual size: 28KB

uu.,|Z2H Size: - Virtual size: 40B

kB?(9R81 Size: - Virtual size: 4KB

L?F(.J#c Size: - Virtual size: 38B

27:b7hT1 Size: - Virtual size: 10.3MB

i}\)1j+v Size: 9KB - Virtual size: 9KB

Rjz.^g?C Size: 16.0MB - Virtual size: 16.0MB

??JCAi%1 Size: 512B - Virtual size: 268B

Ua0y#tK, Size: 512B - Virtual size: 422B

J@iuPP7U
Size: - Virtual size: 1.0MB

7.f|{D.\
Size: - Virtual size: 300KB

&emMq`LH
Size: - Virtual size: 61KB

%uh@a2(K
Size: - Virtual size: 28KB

uu.,|Z2H
Size: - Virtual size: 40B

kB?(9R81
Size: - Virtual size: 4KB

L?F(.J#c
Size: - Virtual size: 38B

27:b7hT1
Size: - Virtual size: 10.3MB

i}\)1j+v
Size: 9KB - Virtual size: 9KB

Rjz.^g?C
Size: 16.0MB - Virtual size: 16.0MB

??JCAi%1
Size: 512B - Virtual size: 268B

Ua0y#tK,
Size: 512B - Virtual size: 422B