Woffer free[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Woffer free.rar
Size

25.4MB
MD5

bf44461b2802ff306b8d7fc31fd8a1d5
SHA1

89fec0cddbc571aa13b1cc5b3b5c55ffe3894be4
SHA256

7ba56342bc2988832d533ea86d3f5f20412698c0594cbc96839a1d6f72a0a7dd
SHA512

fe26fabea1814f60c078b9d6375a7bba3ab4cb502438f9ecde5fdc47fcafd82353ba2372c364ed3d2fd132db1a68cdeee5f6136c48dd73a729137bcf1468fb59
SSDEEP

393216:YyhjLc28KYZjeJcWGxCx13x3DHV+gDXpQ8IcH94wrJKD/tRlB0zxh:YMC5jeJcRIx13RrV5V3IcmBrtDMh

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Woffer free/SpooferX/Saqxz Permanent.exe
unpack001/Woffer free/ed/Bypass TPM.exe
unpack001/Woffer free/ed/RESET_TPM.exe

Files

Woffer free.rar
.rar
Woffer free/SpooferX/Saqxz Permanent.exe
.exe windows:6 windows x64 arch:x64

a0fb0580ea3f209ab13aabd2ce93e798

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d9

Direct3DCreate9

kernel32

WakeAllConditionVariable
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

GetClipboardData

advapi32

AddAccessAllowedAce

shell32

ShellExecuteA

ole32

CoCreateInstance

oleaut32

VariantClear

msvcp140

?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z

imm32

ImmGetContext

dwmapi

DwmExtendFrameIntoClientArea

shlwapi

PathFindFileNameW

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

normaliz

IdnToAscii

wldap32

ord46

crypt32

CertOpenStore

ws2_32

WSASetLastError

rpcrt4

UuidCreate

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memchr

api-ms-win-crt-stdio-l1-1-0

_wfopen

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-string-l1-1-0

_strdup

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-runtime-l1-1-0

_beginthreadex

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-math-l1-1-0

powf

api-ms-win-crt-time-l1-1-0

strftime

api-ms-win-crt-filesystem-l1-1-0

_fstat64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: - Virtual size: 900KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.|IZ
Size: - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.~[u
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gc3
Size: 14.9MB - Virtual size: 14.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Woffer free/SpooferX/Serialchecker.bat
Woffer free/SpooferX/imgui.ini
Woffer free/SpooferX/key.json
Woffer free/SpooferX/key.txt
Woffer free/ed/Bypass TPM.exe
.exe windows:6 windows x64 arch:x64

408757497078cd7bde4ab92c14026777

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

QueryFullProcessImageNameW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

MessageBoxA

advapi32

CryptHashData

shell32

ShellExecuteA

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

shlwapi

PathFindFileNameW

ntdll

NtQuerySystemInformation

normaliz

IdnToAscii

wldap32

ord46

crypt32

CertFreeCertificateChain

ws2_32

ioctlsocket

rpcrt4

UuidCreate

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp

api-ms-win-crt-runtime-l1-1-0

_getpid

api-ms-win-crt-stdio-l1-1-0

_write

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_stat64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-string-l1-1-0

wcscpy_s

Sections

.text
Size: - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.5tN
Size: - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

..Ae
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.m#&
Size: 13.2MB - Virtual size: 13.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Woffer free/ed/RESET_TPM.exe
.exe windows:4 windows x86 arch:x86

2c5f2513605e48f2d8ea5440a870cb9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
wcscat
memcpy
tolower
malloc

kernel32

GetModuleHandleW
HeapCreate
GetStdHandle
SetConsoleCtrlHandler
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetNativeSystemInfo
GetShortPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
GetProcAddress
GetVersionExW
Sleep
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
PeekNamedPipe
TerminateProcess
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CreatePipe
CreateProcessW
GetExitCodeProcess
SetUnhandledExceptionFilter
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

user32

CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
DestroyWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
EnableWindow
GetSystemMetrics
CreateWindowExW
SetWindowLongW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos

gdi32

GetStockObject

comctl32

InitCommonControlsEx

shell32

ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

winmm

timeBeginPeriod

ole32

CoInitialize
CoTaskMemFree

shlwapi

PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW

Sections

.code
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Woffer free/ed/key.txt

Sharing

General

Malware Config

Signatures

Files

a0fb0580ea3f209ab13aabd2ce93e798

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp140

imm32

dwmapi

shlwapi

d3dx9_43

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: - Virtual size: 900KB

.rdata Size: - Virtual size: 231KB

.data Size: - Virtual size: 2.5MB

.pdata Size: - Virtual size: 34KB

.|IZ Size: - Virtual size: 9.2MB

.~[u Size: 16KB - Virtual size: 15KB

.gc3 Size: 14.9MB - Virtual size: 14.9MB

.reloc Size: 512B - Virtual size: 272B

.rsrc Size: 512B - Virtual size: 480B

408757497078cd7bde4ab92c14026777

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp140

shlwapi

ntdll

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

.text
Size: - Virtual size: 900KB

.rdata
Size: - Virtual size: 231KB

.data
Size: - Virtual size: 2.5MB

.pdata
Size: - Virtual size: 34KB

.|IZ
Size: - Virtual size: 9.2MB

.~[u
Size: 16KB - Virtual size: 15KB

.gc3
Size: 14.9MB - Virtual size: 14.9MB

.reloc
Size: 512B - Virtual size: 272B

.rsrc
Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 616KB

.rdata
Size: - Virtual size: 157KB

.data
Size: - Virtual size: 111KB

.pdata
Size: - Virtual size: 26KB

.5tN
Size: - Virtual size: 7.8MB

..Ae
Size: 5KB - Virtual size: 4KB

.m#&
Size: 13.2MB - Virtual size: 13.2MB

.reloc
Size: 512B - Virtual size: 272B

.rsrc
Size: 250KB - Virtual size: 250KB

.code
Size: 14KB - Virtual size: 14KB

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 252KB - Virtual size: 251KB