wearedevs-net[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

wearedevs-net.exe
Size

19.1MB
MD5

6732e52ef0966ed07b5b504a7e0174dc
SHA1

fe7a753fddd5a00cfbd7ccaf0e3cb15a52aed7c1
SHA256

8c6fc8030efcd6684d587a8c14128a18041293c47c92c8ed0fa168c0ff1d6cb7
SHA512

977343f177e33f92807787a67845e4666cce26d22420bec74dbacc070cb59e3b4c1af3796175363c26ead0ff46d625569fbfddb9cd1c4dd028e598b8b8ee4cbb
SSDEEP

98304:Ck5F+aBT9Tdmo0tb6FAdczmg8YYWQZY9wXtl15oU+mGs0ITIECCa99bUHpLR+I8V:FTlFAdkUXLHGGQ9bUv3804

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
wearedevs-net.exe

Files

wearedevs-net.exe
.exe windows:6 windows x64 arch:x64

ab0c95625d206852a7a3940ea43e0734

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wearedevs_net.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WakeByAddressAll
WaitOnAddress

shell32

ShellExecuteExW
DragFinish
DragQueryFileW
SHGetKnownFolderPath
CommandLineToArgvW
SHCreateItemFromParsingName
SHAppBarMessage
ShellExecuteW

kernel32

GetProcessTimes
GetSystemTimes
GetProcessIoCounters
GetExitCodeProcess
VirtualQueryEx
ReadProcessMemory
GetProcessHeap
MoveFileExW
CreatePipe
WaitForSingleObject
GetModuleHandleW
HeapAlloc
AcquireSRWLockExclusive
WakeAllConditionVariable
GetTickCount64
GlobalMemoryStatusEx
SleepConditionVariableSRW
GetLogicalDrives
GetDiskFreeSpaceExW
GetSystemTimeAsFileTime
GetCurrentProcessId
CreateFileW
HeapFree
RtlVirtualUnwind
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
OpenProcess
InitializeSListHead
ReleaseSRWLockExclusive
LocalFree
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrlenW
LoadLibraryA
FreeLibrary
CreateMutexA
RtlUnwindEx
WaitForSingleObjectEx
GetTempPathW
RtlPcToFileHeader
CreateThread
WideCharToMultiByte
RaiseException
WriteConsoleW
GetCurrentThreadId
MultiByteToWideChar
EncodePointer
GetUserDefaultUILanguage
LCIDToLocaleName
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
GetFullPathNameW
LoadLibraryW
WaitForMultipleObjects
ReadFileEx
CreateNamedPipeW
ExitProcess
SetEnvironmentVariableW
CancelIo
CopyFileExW
GetFinalPathNameByHandleW
CreateSymbolicLinkW
RemoveDirectoryW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
FindClose
FindNextFileW
ReleaseMutex
HeapReAlloc
GetSystemTimePreciseAsFileTime
QueryPerformanceFrequency
GetProcessId
TerminateProcess
SleepEx
WriteFileEx
GetStdHandle
SetFilePointerEx
GetModuleFileNameW
IsProcessorFeaturePresent
SetThreadErrorMode
SetFileInformationByHandle
GetCommandLineW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
TlsFree
GetFileAttributesW
OutputDebugStringA
OutputDebugStringW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetLastError
GetEnvironmentVariableW
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
GetModuleHandleA
Sleep
GetConsoleMode
GetFileInformationByHandle
LoadLibraryExW
TlsAlloc
FormatMessageW
TlsGetValue
TlsSetValue
CloseHandle
GetSystemInfo
GetCurrentProcess
DuplicateHandle
CreateEventW
LoadLibraryExA
SetFileCompletionNotificationModes
GetOverlappedResult
ReadFile
PostQueuedCompletionStatus
SetHandleInformation
GetQueuedCompletionStatusEx
CreateIoCompletionPort

user32

MonitorFromPoint
EnumDisplayMonitors
CreateWindowExW
SetPropW
SystemParametersInfoA
DestroyIcon
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
GetKeyboardState
SetWindowDisplayAffinity
ClipCursor
GetClipCursor
GetWindowTextLengthW
SetWindowLongW
EnableMenuItem
GetSystemMenu
FlashWindowEx
GetWindowTextW
SystemParametersInfoW
IsWindow
ReleaseCapture
SetCapture
SetWindowLongPtrW
RegisterRawInputDevices
IsProcessDPIAware
SetParent
MapWindowPoints
RegisterWindowMessageA
ShowWindow
GetRawInputData
EnumChildWindows
ReleaseDC
GetDC
GetWindowLongPtrW
GetParent
DispatchMessageA
RegisterClassExW
GetSystemMetrics
RegisterTouchWindow
FindWindowExW
IsWindowEnabled
SetForegroundWindow
SendInput
EnableWindow
GetKeyboardLayout
GetMenu
GetActiveWindow
AdjustWindowRectEx
IsWindowVisible
MsgWaitForMultipleObjectsEx
CreateIcon
ToUnicodeEx
GetMessageA
SetMenu
DrawMenuBar
DrawIconEx
GetMenuItemInfoW
RemoveMenu
DestroyMenu
SetWindowTextW
CreateMenu
CreatePopupMenu
DestroyAcceleratorTable
CreateAcceleratorTableW
GetForegroundWindow
InsertMenuW
AppendMenuW
SetMenuItemInfoW
CheckMenuItem
TrackPopupMenu
PostQuitMessage
GetMenuBarInfo
OffsetRect
GetWindowDC
FillRect
DrawTextW
SetCursorPos
SetCursor
LoadCursorW
InvalidateRgn
SetWindowPos
GetWindowPlacement
SetWindowPlacement
PeekMessageW
ChangeDisplaySettingsExW
ClientToScreen
DefWindowProcW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
MapVirtualKeyW
IsIconic
GetClientRect
RedrawWindow
AdjustWindowRect
TranslateAcceleratorW
PostMessageW
DestroyWindow
ShowCursor
SetWindowRgn
GetWindowRect
SendMessageW
GetUpdateRect
ValidateRect
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
CloseTouchInputHandle
GetTouchInputInfo
TrackMouseEvent
MonitorFromRect
GetWindowLongW
ScreenToClient

comctl32

RemoveWindowSubclass
DefSubclassProc
SetWindowSubclass
TaskDialogIndirect

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoTaskMemFree
CoUninitialize
CoInitializeEx
RegisterDragDrop
OleInitialize
CoTaskMemAlloc
RevokeDragDrop
CoCreateInstance

gdi32

SetTextColor
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
GetDeviceCaps
BitBlt
CreateSolidBrush
SetBkMode
CombineRgn
CreateRectRgn

dwmapi

DwmGetWindowAttribute
DwmEnableBlurBehindWindow
DwmSetWindowAttribute

advapi32

LookupAccountSidW
RegQueryValueExW
CopySid
GetLengthSid
IsValidSid
SystemFunction036
RegGetValueW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RegOpenKeyExW
GetTokenInformation
RegCloseKey
OpenProcessToken

ws2_32

WSACleanup
WSAStartup
getaddrinfo
freeaddrinfo
closesocket
getpeername
getsockname
WSASocketW
bind
connect
ioctlsocket
WSAGetLastError
getsockopt
shutdown
WSAIoctl
setsockopt
WSASend
send
recv

secur32

DeleteSecurityContext
QueryContextAttributesW
AcquireCredentialsHandleA
DecryptMessage
LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData
FreeCredentialsHandle
InitializeSecurityContextW
FreeContextBuffer
AcceptSecurityContext
ApplyControlToken
EncryptMessage

crypt32

CertDuplicateStore
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertGetCertificateChain
CertDuplicateCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext

oleaut32

VariantClear
SysAllocString
SysStringLen
SysFreeString
GetErrorInfo
SetErrorInfo

ntdll

NtQueryInformationProcess
NtCreateFile
NtWriteFile
NtCancelIoFileEx
RtlNtStatusToDosError
NtQuerySystemInformation
NtDeviceIoControlFile
RtlGetVersion
NtReadFile

psapi

GetModuleFileNameExW
GetPerformanceInfo

pdh

PdhCloseQuery
PdhOpenQueryA
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhCollectQueryData

powrprof

CallNtPowerInformation

iphlpapi

GetIfEntry2
FreeMibTable
GetIfTable2
GetAdaptersAddresses

netapi32

NetUserGetInfo
NetUserGetLocalGroups
NetApiBufferFree
NetUserEnum

shlwapi

SHCreateMemStream

bcrypt

BCryptGenRandom

api-ms-win-crt-string-l1-1-0

wcscmp
_wcsicmp
wcsncmp
strcpy_s
wcslen
strlen

api-ms-win-crt-math-l1-1-0

round
trunc
floor
pow
__setusermatherr

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
calloc
malloc

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol
_wtoi

api-ms-win-crt-runtime-l1-1-0

__p___argv
_seh_filter_exe
abort
_set_app_type
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv
_exit
_initterm
_initialize_narrow_environment
exit
_cexit
__p___argc
_c_exit
_get_initial_narrow_environment
_initterm_e
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 11.9MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 657KB - Virtual size: 657KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab0c95625d206852a7a3940ea43e0734

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

shell32

kernel32

user32

comctl32

ole32

gdi32

dwmapi

advapi32

ws2_32

secur32

crypt32

oleaut32

ntdll

psapi

pdh

powrprof

iphlpapi

netapi32

shlwapi

bcrypt

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 11.9MB - Virtual size: 11.9MB

.rdata Size: 6.4MB - Virtual size: 6.4MB

.data Size: 14KB - Virtual size: 26KB

.pdata Size: 657KB - Virtual size: 657KB

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 65KB - Virtual size: 64KB

.text
Size: 11.9MB - Virtual size: 11.9MB

.rdata
Size: 6.4MB - Virtual size: 6.4MB

.data
Size: 14KB - Virtual size: 26KB

.pdata
Size: 657KB - Virtual size: 657KB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 65KB - Virtual size: 64KB