5a41d543cb0977ef823719ed2b138f4fadea02cfb199ef8bb79ed962dbca7ca3

Sharing

Copy URL Twitter E-mail

General

Target

5a41d543cb0977ef823719ed2b138f4fadea02cfb199ef8bb79ed962dbca7ca3
Size

727KB
MD5

2b051693bd211eddd6866ddb843d0ff8
SHA1

7e39928b7f76dac87ee1885a9b50cb2eb8d3e7c8
SHA256

5a41d543cb0977ef823719ed2b138f4fadea02cfb199ef8bb79ed962dbca7ca3
SHA512

ccd6686f2991173bbc6107875acb252acc4401cf82888c30c6e1bf53834f8bd94546e2a876d15483a04344f809a39c5b74a235b8b651fdb85204c0ca82ef37ce
SSDEEP

12288:zw/87xyNGEtzYd1gyAkDPcZUpnfgpFyG73ozpvNjUk63E+xtk4I1f8:y9zYdKdkCqYpF973IpvNjhZ+Y4Ef

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a41d543cb0977ef823719ed2b138f4fadea02cfb199ef8bb79ed962dbca7ca3

Files

5a41d543cb0977ef823719ed2b138f4fadea02cfb199ef8bb79ed962dbca7ca3
.dll windows:6 windows x86 arch:x86

37242f2b5797e53a46576a9faf397cc1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\code\clean_master\webwrap\webwrap\Release\webwrap.pdb

Imports

kernel32

GetProcAddress
LoadLibraryW
CopyFileW
MoveFileW
Sleep
CreateThread
GetTickCount
CreateFileW
FlushFileBuffers
WriteFile
RaiseException
WaitForSingleObject
OpenProcess
lstrlenW
DecodePointer
EnumSystemLocalesW
SetFilePointer
SetFileTime
SetFileAttributesW
GetModuleHandleW
GetUserDefaultLCID
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
GetFileAttributesW
GetDriveTypeW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
lstrcmpA
IsValidLocale
DeviceIoControl
FreeResource
GetVersionExW
GetSystemWindowsDirectoryW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
SetStdHandle
FindFirstFileExW
ReadConsoleW
LCMapStringW
IsDebuggerPresent
OutputDebugStringW
GetStringTypeW
EncodePointer
GetCPInfo
FormatMessageW
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
GetLocaleInfoW
LocalFree
GetCurrentProcessId
GetCurrentThreadId
ReleaseMutex
CreateMutexW
GetFileSizeEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ReadFile
GetTempPathW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAlloc
GlobalLock
GlobalUnlock
GetLogicalDriveStringsW
GetLongPathNameW
QueryDosDeviceW
K32GetModuleFileNameExW
K32GetProcessImageFileNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFileSize
RtlUnwind
InterlockedFlushSList
LoadLibraryExW
GetFileType
SetFilePointerEx
GetConsoleOutputCP
GetConsoleMode
GetTimeZoneInformation
ExitProcess
GetModuleHandleExW
ExitThread
FreeLibraryAndExitThread
GetStdHandle
SetEndOfFile

user32

CreateWindowExW
SetWindowTextW
GetMonitorInfoW
RegisterClassW
DefWindowProcW
ShowWindow
GetWindowPlacement
GetSystemMetrics
SendMessageW
GetActiveWindow
PeekMessageW
GetDC
IsWindow
IsWindowVisible
GetWindowThreadProcessId
PostMessageW
SystemParametersInfoW
EnumDisplaySettingsW
GetDesktopWindow
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
wsprintfW
MonitorFromWindow
PostThreadMessageW
FindWindowW
MonitorFromRect
GetMessageW
GetShellWindow
ReleaseDC

gdi32

GetDeviceCaps

comdlg32

CommDlgExtendedError
GetSaveFileNameW

advapi32

DuplicateTokenEx
OpenProcessToken
AccessCheck
DuplicateToken
GetFileSecurityW
MapGenericMask
RegCloseKey
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
LookupPrivilegeValueW
GetTokenInformation
RegEnumKeyExW
AdjustTokenPrivileges
RegQueryValueExW

shell32

SHCreateDirectoryExW
SHGetPathFromIDListW
ord165
SHGetSpecialFolderPathW
SHBrowseForFolderW
ShellExecuteW
SHFileOperationW
SHChangeNotify

ole32

CoCreateGuid
CoTaskMemFree
CoCreateInstance

oleaut32

SysAllocString
VariantClear
SysFreeString

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathCombineW
PathAppendW
StrStrIA
StrTrimA
StrCmpNIW
AssocQueryStringW
SHSetValueW
SHGetValueW
PathIsRootW
PathIsRelativeW
PathIsDirectoryW
StrStrIW
StrCmpIW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

Sections

.text
Size: 562KB - Virtual size: 562KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37242f2b5797e53a46576a9faf397cc1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

version

wintrust

crypt32

wininet

iphlpapi

urlmon

Sections

.text Size: 562KB - Virtual size: 562KB

.rdata Size: 123KB - Virtual size: 123KB

.data Size: 14KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 562KB - Virtual size: 562KB

.rdata
Size: 123KB - Virtual size: 123KB

.data
Size: 14KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 26KB - Virtual size: 25KB