b173eb181a6519e387543cb96a543a0209b2e5481b8896b60f8206f9ba36db21N

Sharing

Copy URL

Twitter E-mail

General

Target

b173eb181a6519e387543cb96a543a0209b2e5481b8896b60f8206f9ba36db21N
Size

169KB
MD5

aea3a751294bda57649bf5a9c7af2dc0
SHA1

839f4a6986e5e58329e0cda97bd11a358dd1c499
SHA256

b173eb181a6519e387543cb96a543a0209b2e5481b8896b60f8206f9ba36db21
SHA512

6e04482a1ad0ced94c96cc08872501efd52b90eccb3b2736846698b2a31c41d99e4f27c2756524396cb1a732d4335b321d8a0a29da73981d5751e4b23cdc0409
SSDEEP

3072:yePzE4LS71hHsYH1OGkj4Ap3N2AQMsKHGAIkV5p2xrzyJN3PmBPwBJt+M0T:Q1qYV6RNsKj12xrzSN3sI9+M0T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wiashext.dll

Files

b173eb181a6519e387543cb96a543a0209b2e5481b8896b60f8206f9ba36db21N
.cab
wiashext.dll
.dll regsvr32 windows:5 windows x86 arch:x86

96a8a8d037b0cda98de3a67ef3988200

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wiashext.pdb

Imports

msvcrt

_itow
memmove
wcschr
wcsrchr
wcsstr
qsort
wcsncmp
wcscpy
_wcsicmp
wcslen
_vsnwprintf
_except_handler3
malloc
_onexit
__dllonexit
_adjust_fdiv
_initterm
free
wcstol
wcscmp

advapi32

RegQueryInfoKeyW
RegEnumValueW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ControlService
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
PrivilegeCheck
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW

gdi32

GetTextExtentPoint32W
GetBkMode
SetBkColor
SetTextColor
SetStretchBltMode
StretchBlt
CreateHalftonePalette
SelectPalette
RealizePalette
GetDIBits
GetDeviceCaps
DeleteObject
DeleteDC
GetObjectW
SelectObject
SetBrushOrgEx
CreateCompatibleDC
CreateDIBSection
SetBkMode
ExtTextOutW

gdiplus

GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateHBITMAPFromBitmap
GdipFree
GdipAlloc
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipDisposeImage

kernel32

InterlockedExchangeAdd
GetModuleFileNameW
GetWindowsDirectoryW
CreateMutexW
OpenFileMappingW
MapViewOfFile
ReleaseMutex
CreateFileMappingW
LocalAlloc
LocalFree
lstrcpynW
InterlockedDecrement
InterlockedIncrement
CloseHandle
CreateThread
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GlobalFree
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalSize
GetModuleHandleW
WideCharToMultiByte
lstrcpynA
MoveFileW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
ReadFile
GetFileSize
CreateFileW
GetTempPathW
GetTempFileNameW
WaitForSingleObject
FileTimeToSystemTime
CompareStringW
lstrcmpiW
LocalFileTimeToFileTime
SystemTimeToFileTime
FreeLibrary
GetProcAddress
LoadLibraryW
ExitThread
SetEvent
InterlockedExchange
CreateEventW
Sleep
UnmapViewOfFile
GetTimeFormatW
GetDateFormatW
GetVersionExW
GetCurrentProcess
lstrlenW
FreeLibraryAndExitThread
GetLastError
WriteFile
CreateProcessW
lstrcpyW
lstrcmpW
GetSystemDirectoryW
GetLocalTime
TlsAlloc
InitializeSListHead
TlsGetValue
InterlockedFlushSList
InterlockedPushEntrySList
TlsSetValue
TlsFree
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DelayLoadFailureHook

ole32

CoCreateInstance
ReleaseStgMedium
CreateStreamOnHGlobal
CoMarshalInterThreadInterfaceInStream
CoInitialize
CoTaskMemAlloc
FreePropVariantArray
PropVariantClear
CLSIDFromString
CoUninitialize
CoAllowSetForegroundWindow

oleaut32

SysAllocStringLen
VariantClear
SystemTimeToVariantTime
VariantInit
SafeArrayCreateVector
SysStringLen
SysFreeString
SysAllocString

shell32

ShellExecuteW
ord80
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ord6
ord745
ord744
ord237
SHGetSpecialFolderLocation
ord73
ord155
SHChangeNotify
SHGetDesktopFolder
ord16
ShellExecuteExW
ord152
ord18
SHGetFileInfoW
ord67
ord25
SHGetMalloc
ord153
SHGetFolderLocation
ord701
ord256
ord196

shlwapi

ord186
ord199
ord437
ord540
AssocQueryStringW
StrCatBuffW
PathFindExtensionW
StrFormatByteSizeW
StrRetToBufW
PathCompactPathExW
PathAddExtensionW
PathRemoveExtensionW
PathRemoveArgsW
wnsprintfW

user32

MessageBoxIndirectW
LoadStringW
RegisterClipboardFormatW
ReleaseDC
GetDC
DestroyMenu
GetSubMenu
LoadMenuW
LoadStringA
InsertMenuItemW
RemoveMenu
SetMenuDefaultItem
DestroyIcon
DrawIconEx
GetSystemMetrics
LoadIconW
GetDesktopWindow
wsprintfW
EnableWindow
IsWindow
PostMessageW
DestroyWindow
SetForegroundWindow
GetWindowLongW
SetCursor
LoadCursorW
SetWindowTextW
EndDialog
GetDlgItem
MessageBoxW
WinHelpW
LoadImageW
SendMessageW
CallWindowProcW
GetParent
DrawFocusRect
GetSysColor
GetWindowTextW
GetWindowTextLengthW
CheckDlgButton
SendDlgItemMessageW
GetDlgItemTextW
InvalidateRect
IsDlgButtonChecked
SetDlgItemTextW
DefWindowProcW
RemovePropW
GetClassInfoW
GetPropW
SetDlgItemInt
SetPropW
FindWindowExW
IsWindowVisible
ShowWindow
CheckRadioButton
GetLastActivePopup
SetWindowLongW
CreateDialogParamW
DialogBoxParamW
GetSysColorBrush
FillRect
PeekMessageW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects

wininet

CreateUrlCacheEntryW
CommitUrlCacheEntryW

Exports

Exports

AddDeviceWasChosen
AddDeviceWasChosenA
AddDeviceWasChosenW
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DoDeleteAllItems
MakeFullPidlForDevice

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 399KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96a8a8d037b0cda98de3a67ef3988200

Headers

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

gdi32

gdiplus

kernel32

ole32

oleaut32

shell32

shlwapi

user32

wininet

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 127KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 399KB - Virtual size: 398KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 128KB - Virtual size: 127KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 399KB - Virtual size: 398KB

.reloc
Size: 6KB - Virtual size: 6KB