WTSAPI32[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

WTSAPI32.dll
Size

13.2MB
MD5

cf238b40ed9bd70b3f03f7fa5b6734b9
SHA1

14ccfd52b454754825bd3774af5a84479235d672
SHA256

09cdb8748d066f1f644b8c3183a2aabcf4b49445c9cb00d99fe9074f335bcb11
SHA512

7bc50a62e6d5e82586568e32a7d2a932ddb40b4fa64cb3e342c9d9f22137b1d42a8f63d5b22fd10a139497d2cf73d3603965bfdd1a71149961fac1bad70ceb80
SSDEEP

98304:2Z+vUeP6rrtwnIfySdChL+3SUguHsiycpUtrSiO8+oY2uZeXwX4vQ9:WLeP6/twn2ySghUVlM2ScisuulZ9

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WTSAPI32.dll

Files

WTSAPI32.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

WTSCloseServer
WTSConnectSessionA
WTSConnectSessionW
WTSCreateListenerA
WTSCreateListenerW
WTSDisconnectSession
WTSEnableChildSessions
WTSEnumerateListenersA
WTSEnumerateListenersW
WTSEnumerateProcessesA
WTSEnumerateProcessesExA
WTSEnumerateProcessesExW
WTSEnumerateProcessesW
WTSEnumerateServersA
WTSEnumerateServersW
WTSEnumerateSessionsA
WTSEnumerateSessionsExA
WTSEnumerateSessionsExW
WTSEnumerateSessionsW
WTSFreeMemory
WTSFreeMemoryExA
WTSFreeMemoryExW
WTSGetChildSessionId
WTSGetListenerSecurityA
WTSGetListenerSecurityW
WTSIsChildSessionsEnabled
WTSLogoffSession
WTSOpenServerA
WTSOpenServerExA
WTSOpenServerExW
WTSOpenServerW
WTSQueryListenerConfigA
WTSQueryListenerConfigW
WTSQuerySessionInformationA
WTSQuerySessionInformationW
WTSQueryUserConfigA
WTSQueryUserConfigW
WTSQueryUserToken
WTSRegisterSessionNotification
WTSRegisterSessionNotificationEx
WTSSendMessageA
WTSSendMessageW
WTSSetListenerSecurityA
WTSSetListenerSecurityW
WTSSetRenderHint
WTSSetUserConfigA
WTSSetUserConfigW
WTSShutdownSystem
WTSStartRemoteControlSessionA
WTSStartRemoteControlSessionW
WTSStopRemoteControlSession
WTSTerminateProcess
WTSUnRegisterSessionNotification
WTSUnRegisterSessionNotificationEx
WTSVirtualChannelClose
WTSVirtualChannelOpen
WTSVirtualChannelOpenEx
WTSVirtualChannelPurgeInput
WTSVirtualChannelPurgeOutput
WTSVirtualChannelQuery
WTSVirtualChannelRead
WTSVirtualChannelWrite
WTSWaitSystemEvent

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 4.9MB - Virtual size: 4.9MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 23KB - Virtual size: 62KB

.pdata Size: 201KB - Virtual size: 200KB

.idata Size: 21KB - Virtual size: 21KB

.tls Size: 7KB - Virtual size: 6KB

.00cfg Size: 512B - Virtual size: 373B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 56KB - Virtual size: 55KB

.edata Size: 2KB - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 7KB - Virtual size: 8KB

.themida Size: 6.8MB - Virtual size: 6.8MB

.reloc Size: 16B - Virtual size: 4KB

.text
Size: 4.9MB - Virtual size: 4.9MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 23KB - Virtual size: 62KB

.pdata
Size: 201KB - Virtual size: 200KB

.idata
Size: 21KB - Virtual size: 21KB

.tls
Size: 7KB - Virtual size: 6KB

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 56KB - Virtual size: 55KB

.edata
Size: 2KB - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 7KB - Virtual size: 8KB

.themida
Size: 6.8MB - Virtual size: 6.8MB

.reloc
Size: 16B - Virtual size: 4KB