f7fb18cac55ce1503c65e2588d8ff468c7827f0f3d80701934ffbf29fd5f0e42

Sharing

Copy URL Twitter E-mail

General

Target

f7fb18cac55ce1503c65e2588d8ff468c7827f0f3d80701934ffbf29fd5f0e42
Size

10.3MB
MD5

1fb1dac52f2b645ae8b5edee53ad9974
SHA1

8d5e6be5d320f03f9a753c5889d09d305f363f6f
SHA256

f7fb18cac55ce1503c65e2588d8ff468c7827f0f3d80701934ffbf29fd5f0e42
SHA512

08e752c3baa9f80729907a7e5090c1e369c8a7acadb79a02e35dacf878157636858c92eba93aab2f86c40760748c4da654dc073fbbd3b34e37de300579985aa9
SSDEEP

49152:OeMj2oHlWFRZGiRzHAdwEouoazptBTuqGEG97xvsuiNI2b0Ns0GQpIsMGO/nlxHv:OFj2oViRsdZouoazprG9jdNeY0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7fb18cac55ce1503c65e2588d8ff468c7827f0f3d80701934ffbf29fd5f0e42

Files

f7fb18cac55ce1503c65e2588d8ff468c7827f0f3d80701934ffbf29fd5f0e42
.exe windows:5 windows x86 arch:x86

23f85d5c34ec7ddc497c367ac52ca9d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\code\box_client\wotbox\build\bin_cache\Release\WOTBox.pdb

Imports

kernel32

GetFileAttributesW
CompareFileTime
GetSystemInfo
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
RemoveDirectoryW
SetFileAttributesW
GetProcessTimes
SetProcessWorkingSetSize
OpenEventW
ResetEvent
OutputDebugStringW
GetCurrentThread
SetFilePointer
lstrlenA
GetTempFileNameW
GetFullPathNameW
GetCurrentDirectoryW
lstrcmpiA
GetExitCodeProcess
PeekNamedPipe
GetStartupInfoW
CreatePipe
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
InterlockedDecrement
InterlockedIncrement
MulDiv
lstrcmpW
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
SetLastError
lstrcmpiW
GetVersionExW
SetEndOfFile
SetEnvironmentVariableA
CompareStringA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
SetConsoleCtrlHandler
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeA
GetCurrentThreadId
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStartupInfoA
SetHandleCount
IsValidCodePage
GetOEMCP
FlushFileBuffers
GetConsoleCP
ExitProcess
FatalAppExitA
HeapCreate
GetModuleFileNameA
GetTempPathW
LCMapStringW
LCMapStringA
FindFirstFileA
GetDriveTypeA
GetPrivateProfileIntW
FileTimeToSystemTime
GetTimeZoneInformation
GetCPInfo
GetDateFormatA
GetTimeFormatA
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
ExpandEnvironmentStringsA
FormatMessageA
SleepEx
VirtualAlloc
SuspendThread
VirtualFree
GetThreadContext
SetThreadContext
ResumeThread
VirtualProtect
VirtualQuery
AllocConsole
GetStdHandle
GetFileType
GetConsoleMode
WriteConsoleW
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
InterlockedCompareExchange
GetLogicalDriveStringsW
GetDriveTypeW
OpenFileMappingW
OpenFileMappingA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
ReleaseMutex
CreateMutexW
CreateDirectoryA
ReadProcessMemory
GetModuleHandleA
OutputDebugStringA
lstrlenW
CompareStringW
CreateThread
CreateProcessW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
GlobalAlloc
GetCurrentProcess
FlushInstructionCache
GetFileSize
ReadFile
RaiseException
GetStringTypeW
LoadLibraryExW
InterlockedExchange
GetACP
WriteFile
CreateFileW
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
CloseHandle
GetLastError
FindResourceExW
FindResourceW
SetUnhandledExceptionFilter
GetCommandLineW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
GetSystemTime
CreateFileA
GetCurrentProcessId
GetVersion
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
CreateDirectoryW
FreeLibrary
GetPrivateProfileStringW
GetModuleHandleW
MoveFileExW
CreateEventW
SetEvent
WideCharToMultiByte
SetCurrentDirectoryW
CopyFileW
WritePrivateProfileStringW
lstrcpyW
lstrcatW
FindFirstFileW
FindNextFileW
FindClose
GlobalHandle
DeleteFileW
Sleep
MoveFileW
WaitForSingleObject
FileTimeToLocalFileTime
GetTickCount
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
IsValidLocale
InitializeCriticalSection

user32

MapDialogRect
SetWindowContextHelpId
SendDlgItemMessageW
LoadIconW
MessageBeep
MessageBoxA
ScreenToClient
InvalidateRect
ShowWindow
IsWindowVisible
SetTimer
SetLayeredWindowAttributes
GetDlgItemTextW
DestroyCursor
UnregisterClassA
MsgWaitForMultipleObjects
IsIconic
SwitchToThisWindow
GetForegroundWindow
AttachThreadInput
BringWindowToTop
KillTimer
IsWindowEnabled
EnableWindow
GetDlgItem
MessageBoxW
SetWindowPos
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
GetActiveWindow
GetKeyState
RegisterWindowMessageW
wsprintfW
CreateDialogIndirectParamW
RegisterWindowMessageA
GetAsyncKeyState
FindWindowW
GetWindowThreadProcessId
ChangeWindowMessageFilter
SetWindowsHookExW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
RegisterClassW
GetClassInfoW
SetWindowRgn
TrackPopupMenuEx
IsMenu
IsChild
GetLastInputInfo
InflateRect
GetWindowDC
CopyRect
TrackMouseEvent
PostQuitMessage
DrawTextW
LoadMenuW
MonitorFromPoint
ReleaseDC
GetDC
DestroyMenu
SetRectEmpty
TrackPopupMenu
LoadImageW
DefWindowProcW
CallWindowProcW
BeginPaint
EndPaint
GetSubMenu
OffsetRect
IsWindow
IsRectEmpty
GetWindowTextW
GetWindowTextLengthW
DrawIconEx
GetSystemMetrics
FillRect
IsDialogMessageW
EndDialog
UpdateLayeredWindow
GetCursorPos
SetForegroundWindow
PtInRect
GetDlgCtrlID
GetSysColor
CreateWindowExW
DestroyWindow
UpdateWindow
SetCapture
SetFocus
DrawFocusRect
SetCursor
CharNextW
ReleaseCapture
GetCapture
GetFocus
LoadCursorW
GetClassNameW
UnhookWindowsHookEx
CreateDialogParamW
DialogBoxParamW
ClientToScreen
InvalidateRgn
DrawEdge
SystemParametersInfoW
GetClientRect
SetDlgItemTextW
LoadBitmapW
FrameRect
GetDialogBaseUnits
WindowFromPoint
GetMenu
AdjustWindowRectEx
FindWindowExW
SendMessageTimeoutW
GetWindowRect
MoveWindow
SetWindowTextW
PostMessageW
SendMessageW
GetWindowLongW
SetWindowLongW
SetRect
CallNextHookEx
CreateAcceleratorTableW
RegisterClassExW
GetClassInfoExW
DestroyAcceleratorTable
RedrawWindow
GetDesktopWindow

gdi32

CreateFontW
GetTextExtentPoint32W
CreatePalette
RealizePalette
CreateDIBitmap
CreatePatternBrush
Rectangle
SetPixel
SetBkColor
ExtTextOutW
SetBrushOrgEx
GetTextMetricsW
CreateRoundRectRgn
GetDeviceCaps
CreatePen
LineTo
MoveToEx
CreateSolidBrush
SetViewportOrgEx
CreateDIBSection
GetStockObject
StretchBlt
CreateFontIndirectW
BitBlt
GetDIBColorTable
SetDIBColorTable
CreateCompatibleBitmap
SelectObject
DeleteDC
CreateCompatibleDC
GetObjectW
DeleteObject
SetTextColor
SetStretchBltMode
SetBkMode
CreatePolygonRgn

shell32

SHGetMalloc
ShellExecuteW
ord165
Shell_NotifyIconW
CommandLineToArgvW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetDesktopFolder
SHOpenFolderAndSelectItems

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CoGetClassObject
OleLockRunning
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromProgID

oleaut32

VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueW
RegCreateKeyW
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
ReportEventW
CryptGetHashParam
RegisterEventSourceW
DeregisterEventSource
GetTokenInformation
RegCloseKey
GetLengthSid
CopySid
RegOpenKeyExA
RegQueryValueExA

python27

PyDict_New
PyDict_SetItemString
PyModule_New
PyModule_AddStringConstant
PyModule_GetDict
PyRun_StringFlags
PyObject_GetAttrString
Py_BuildValue
PyEval_CallObjectWithKeywords
PyArg_Parse
Py_Finalize
Py_Initialize
PyCallable_Check
Py_IsInitialized
PyImport_ImportModule

sqlite3

sqlite3_exec
sqlite3_close
sqlite3_open
sqlite3_finalize
sqlite3_step
sqlite3_bind_blob
sqlite3_prepare_v2
sqlite3_column_blob
sqlite3_column_bytes

ws2_32

gethostname
ntohs
setsockopt
htonl
WSASetLastError
ntohl
gethostbyname
select
socket
ioctlsocket
bind
closesocket
accept
WSAAsyncSelect
listen
recvfrom
recv
sendto
send
htons
inet_addr
connect
WSAGetLastError
WSAStartup
WSACleanup
getsockname
getsockopt
getpeername
freeaddrinfo
getaddrinfo
__WSAFDIsSet

gdiplus

GdipImageGetFrameDimensionsCount
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipCreateBitmapFromResource
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreateFont
GdipDrawString
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImageRectRect
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToStream
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipReleaseDC
GdipCloneBrush
GdipFillRectangleI
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneImage
GdipDrawImageRectI
GdipDrawImageI
GdipDrawLineI
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipDeletePen
GdipCreatePen1
GdipAlloc
GdipFree

iphlpapi

GetAdaptersInfo

psapi

GetProcessMemoryInfo

wininet

InternetGetCookieW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetSetCookieW
InternetReadFile
InternetCloseHandle
InternetOpenW
InternetCrackUrlW
InternetSetCookieA
InternetGetCookieA
InternetQueryDataAvailable

shlwapi

PathMatchSpecW
PathCombineW
StrCpyW
PathAddBackslashW
PathRemoveExtensionW
PathFileExistsW
PathAppendW
StrFormatByteSizeW
StrStrIA
PathIsDirectoryW
PathFindFileNameW
PathStripPathW
PathRemoveBackslashW
PathRemoveFileSpecW

comctl32

ImageList_GetImageInfo
_TrackMouseEvent
InitCommonControlsEx
ImageList_GetIconSize
ImageList_AddMasked
ImageList_Create
ImageList_LoadImageW
ImageList_Draw
ImageList_Destroy

msimg32

TransparentBlt
AlphaBlend

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

dbghelp

MiniDumpWriteDump

wotboxmodule

HelloWot

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23f85d5c34ec7ddc497c367ac52ca9d8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

comdlg32

advapi32

python27

sqlite3

ws2_32

gdiplus

iphlpapi

psapi

wininet

shlwapi

comctl32

msimg32

version

dbghelp

wotboxmodule

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 335KB - Virtual size: 335KB

.data Size: 34KB - Virtual size: 45KB

.rsrc Size: 7.8MB - Virtual size: 7.8MB

.reloc Size: 121KB - Virtual size: 120KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 335KB - Virtual size: 335KB

.data
Size: 34KB - Virtual size: 45KB

.rsrc
Size: 7.8MB - Virtual size: 7.8MB

.reloc
Size: 121KB - Virtual size: 120KB