cd0eb71ea78d37160ed03bc6d32837de0b6689ec120f584d924852d66bb30a73

Sharing

Copy URL Twitter E-mail

General

Target

cd0eb71ea78d37160ed03bc6d32837de0b6689ec120f584d924852d66bb30a73
Size

807KB
MD5

e5f2574c11b2d5d2a66c52111798c9a8
SHA1

59f92cb9e34f86dc9eb03cfd699d95ff8b359fae
SHA256

cd0eb71ea78d37160ed03bc6d32837de0b6689ec120f584d924852d66bb30a73
SHA512

a7c655dd40694e48d06755b447ce5da83430e6648501d5c1b6b14d9dafe788f5e3664d1c970c3b11c401caa23d4ba2684bbfe7bd2e3bd5b474ef799eccfb987e
SSDEEP

24576:rrkRxCN0bHQtTY+s6joHt9D5PqK8Nep9cx7:2E0bn4oHt9D5iK8NQcx7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd0eb71ea78d37160ed03bc6d32837de0b6689ec120f584d924852d66bb30a73

Files

cd0eb71ea78d37160ed03bc6d32837de0b6689ec120f584d924852d66bb30a73
.dll windows:6 windows x86 arch:x86

6ab3599a35c1c355b5f3089925903f4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\code\clean_master\1\webwrap\webwrap\Release\webwrap.pdb

Imports

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImagePointRectI
GdipDrawImageRectRectI
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdiplusStartup

kernel32

CreateFileW
FlushFileBuffers
WriteFile
WaitForSingleObject
OpenProcess
lstrlenW
GetCurrentThreadId
LoadLibraryExW
lstrcmpW
SetLastError
SetEvent
CreateEventW
WaitForMultipleObjects
SetFileTime
RaiseException
DecodePointer
GetTickCount
CreateThread
Sleep
WideCharToMultiByte
MultiByteToWideChar
MoveFileW
CopyFileW
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
FindResourceExW
GetSystemDirectoryW
DeviceIoControl
FreeResource
GetVersionExW
GetSystemWindowsDirectoryW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetStdHandle
ExitProcess
GetTimeZoneInformation
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
CloseHandle
GetFileAttributesW
GetDriveTypeW
GetDiskFreeSpaceExW
FindNextFileW
ExitThread
InterlockedFlushSList
RtlUnwind
GetFileSize
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetProcessImageFileNameW
SetFilePointer
K32GetModuleFileNameExW
QueryDosDeviceW
GetLongPathNameW
GetLogicalDriveStringsW
WritePrivateProfileStringW
GetPrivateProfileStringW
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalFree
GlobalUnlock
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
SetFileAttributesW
lstrcmpA
GlobalLock
GlobalAlloc
GetTempPathW
ReadFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSizeEx
CreateMutexW
ReleaseMutex
GetCurrentProcessId
LocalFree
GetLocaleInfoW
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
GetCPInfo
FormatMessageW
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW

user32

IsWindow
GetMonitorInfoW
MonitorFromWindow
GetSystemMetrics
SetWindowPos
LoadCursorW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
DispatchMessageW
TranslateMessage
SystemParametersInfoW
GetClassNameW
EnumWindows
FindWindowExW
SetParent
GetParent
LoadImageW
LoadIconW
PostMessageW
SetWindowLongW
GetWindowLongW
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
SetForegroundWindow
GetForegroundWindow
KillTimer
SetTimer
ReleaseCapture
SetFocus
IsZoomed
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DestroyWindow
wsprintfW
UpdateLayeredWindow
BeginPaint
EndPaint
SetWindowRgn
EqualRect
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetDesktopWindow
EnumDisplaySettingsW
RegisterClassW
CallWindowProcW
PostQuitMessage
DefWindowProcW
AttachThreadInput
GetWindowThreadProcessId
GetShellWindow
ReleaseDC
GetDC
GetActiveWindow
GetWindowPlacement
ShowWindow
UnregisterClassW
PostThreadMessageW
PeekMessageW
GetMessageW
MonitorFromRect
FindWindowW
OffsetRect
CopyRect
SendMessageW
SetClassLongW
IsWindowVisible

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
SetViewportOrgEx
CreateCompatibleBitmap
CombineRgn
BitBlt
DeleteDC
GetDeviceCaps
SetBkColor
CreateRectRgn
ExtTextOutW

comdlg32

CommDlgExtendedError
GetSaveFileNameW

advapi32

RegEnumKeyExW
RegGetValueW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
GetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
MapGenericMask
GetFileSecurityW
DuplicateToken
AccessCheck
OpenProcessToken
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
SHGetPropertyStoreForWindow
SHChangeNotify
ord165
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoCreateGuid
CoInitialize
CoUninitialize
CoTaskMemAlloc
PropVariantClear
CoTaskMemFree
CoCreateInstance

oleaut32

VariantClear
SysFreeString
SysAllocString

shlwapi

PathIsDirectoryW
StrStrIW
PathIsRootW
StrStrIA
StrTrimA
PathRemoveFileSpecW
PathFileExistsW
PathCombineW
PathAppendW
SHGetValueW
SHSetValueW
AssocQueryStringW
StrCmpNIW
PathIsRelativeW
StrCmpIW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

iphlpapi

GetAdaptersInfo

Exports

Exports

GetWebWindowFactory
GetWebWindowFactoryEx
GetWebWindowFactoryV3

Sections

.text
Size: 622KB - Virtual size: 621KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ab3599a35c1c355b5f3089925903f4f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

version

wintrust

crypt32

iphlpapi

Exports

Exports

Sections

.text Size: 622KB - Virtual size: 621KB

.rdata Size: 135KB - Virtual size: 135KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 622KB - Virtual size: 621KB

.rdata
Size: 135KB - Virtual size: 135KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 29KB - Virtual size: 29KB