318a4a8d8c5059d19d912b107649928eea29bc80384f06e5328942fd1baa3630

Sharing

Copy URL

Twitter E-mail

General

Target

318a4a8d8c5059d19d912b107649928eea29bc80384f06e5328942fd1baa3630
Size

861KB
MD5

4ffa885c137584b7c3a925fafcdfeae5
SHA1

9db08de6e9bfd9f350c567bff76366e8c2790c3c
SHA256

318a4a8d8c5059d19d912b107649928eea29bc80384f06e5328942fd1baa3630
SHA512

7298dc8bd27125d3731d895d5c39823e731182531802bf6f7530c86f0d250b9707da8c572a1f0cbb81cc5ffb86391ccf30a8ded8a87a4b48433428aeba83a6ed
SSDEEP

24576:Bnw1ShDIUuGzFfb91CMG+7NUD6RIS5Z+x:7hDf191CM3BUDpSX+x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
318a4a8d8c5059d19d912b107649928eea29bc80384f06e5328942fd1baa3630

Files

318a4a8d8c5059d19d912b107649928eea29bc80384f06e5328942fd1baa3630
.dll windows:6 windows x86 arch:x86

b7f5bf55fbdac81ece3b64bcba1ca1b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\code\clean_master\webwrap\webwrap\Release\webwrap.pdb

Imports

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImagePointRectI
GdipDrawImageRectRectI
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdiplusStartup

kernel32

lstrcmpW
SetLastError
SetEvent
CreateEventW
WaitForMultipleObjects
CreateFileMappingW
SetFileAttributesW
GetFileSizeEx
SetFileTime
LoadLibraryExW
GetCurrentThreadId
lstrlenW
OpenProcess
WaitForSingleObject
WriteFile
FlushFileBuffers
CreateFileW
RaiseException
DecodePointer
GetTickCount
CreateThread
Sleep
WideCharToMultiByte
MoveFileW
CopyFileW
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
lstrcmpA
DeviceIoControl
FreeResource
GetVersionExW
GetSystemWindowsDirectoryW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetStdHandle
FreeLibrary
FindResourceExW
GetSystemDirectoryW
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
CloseHandle
GetFileAttributesW
GetDriveTypeW
GetDiskFreeSpaceExW
FindNextFileW
ExitProcess
GetTimeZoneInformation
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetFileType
CreateMutexW
GetModuleHandleExW
SetFilePointer
ReleaseMutex
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
RtlUnwind
GetFileSize
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetProcessImageFileNameW
K32GetModuleFileNameExW
QueryDosDeviceW
GetLongPathNameW
GetLogicalDriveStringsW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
MultiByteToWideChar
MapViewOfFile
WritePrivateProfileStringW
GetCurrentProcessId
GetPrivateProfileStringW
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetTempPathW
ReadFile
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
FormatMessageW
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
LocalFree
UnmapViewOfFile

user32

FindWindowW
OffsetRect
IsWindowVisible
SetWindowPos
IsWindow
GetMonitorInfoW
MonitorFromWindow
GetSystemMetrics
PostMessageW
SendMessageW
CopyRect
LoadCursorW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
DispatchMessageW
TranslateMessage
SystemParametersInfoW
GetClassNameW
EnumWindows
FindWindowExW
SetParent
GetParent
LoadImageW
LoadIconW
SetClassLongW
SetWindowLongW
GetWindowLongW
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
SetForegroundWindow
GetForegroundWindow
KillTimer
wsprintfW
MonitorFromRect
BeginPaint
EndPaint
SetWindowRgn
EqualRect
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetDesktopWindow
EnumDisplaySettingsW
RegisterClassW
SetTimer
ReleaseCapture
SetFocus
IsZoomed
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DestroyWindow
CallWindowProcW
PostQuitMessage
DefWindowProcW
AttachThreadInput
GetWindowThreadProcessId
GetShellWindow
ReleaseDC
GetDC
GetActiveWindow
GetWindowPlacement
ShowWindow
UnregisterClassW
PostThreadMessageW
PeekMessageW
GetMessageW
UpdateLayeredWindow

gdi32

SetBkColor
GetDeviceCaps
SetViewportOrgEx
SelectObject
DeleteDC
CreateRectRgn
CreateCompatibleDC
CreateCompatibleBitmap
CombineRgn
BitBlt
ExtTextOutW
DeleteObject

comdlg32

GetSaveFileNameW
CommDlgExtendedError

advapi32

RegEnumKeyExW
RegCreateKeyExW
LookupPrivilegeValueW
GetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
MapGenericMask
GetFileSecurityW
DuplicateToken
AccessCheck
OpenProcessToken
RegSetValueExW
RegGetValueW

shell32

SHGetSpecialFolderPathW
SHBrowseForFolderW
ShellExecuteW
SHFileOperationW
SHGetPropertyStoreForWindow
SHGetPathFromIDListW
SHCreateDirectoryExW
ord165
SHChangeNotify

ole32

CoTaskMemFree
CoCreateInstance
CoCreateGuid
CreateStreamOnHGlobal
PropVariantClear
CoInitialize
CoUninitialize
CoTaskMemAlloc

oleaut32

SysAllocString
VariantClear
SysFreeString

shlwapi

StrStrIA
AssocQueryStringW
SHSetValueW
SHGetValueW
StrCmpIW
PathIsRootW
PathIsRelativeW
PathIsDirectoryW
StrTrimA
PathAppendW
StrCmpNIW
PathCombineW
StrStrIW
PathRemoveFileSpecW
PathFileExistsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

Exports

Exports

GetWebWindowFactory
GetWebWindowFactoryEx
GetWebWindowFactoryV3

Sections

.text
Size: 662KB - Virtual size: 662KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7f5bf55fbdac81ece3b64bcba1ca1b6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

version

wintrust

crypt32

wininet

iphlpapi

urlmon

Exports

Exports

Sections

.text Size: 662KB - Virtual size: 662KB

.rdata Size: 147KB - Virtual size: 146KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 662KB - Virtual size: 662KB

.rdata
Size: 147KB - Virtual size: 146KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 32KB - Virtual size: 31KB