21969b5c38a5646a61a31ac0a4f9c4d162acc423bb17a6b297400f6cbe74ab29N

Sharing

Copy URL Twitter E-mail

General

Target

21969b5c38a5646a61a31ac0a4f9c4d162acc423bb17a6b297400f6cbe74ab29N
Size

12KB
MD5

8c7bf63e08cb2c24d3187035db13a570
SHA1

f260661737c29ddd5aa4d25b2c3fcb62495b9319
SHA256

21969b5c38a5646a61a31ac0a4f9c4d162acc423bb17a6b297400f6cbe74ab29
SHA512

2128c6f4ab2b28f26c57f62ebd8bccac1e6ade12194ead3919a6477170b034455238687a69df8febc9d74246530152be1015be7e328a1d2b02c99aaae0872251
SSDEEP

384:ouTQYnOHrZcCs4BFHOPjIy4Q4dP1tNNAK1I9JD:oukYOHiC8IbQCq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wlstore.dll

Files

21969b5c38a5646a61a31ac0a4f9c4d162acc423bb17a6b297400f6cbe74ab29N
.cab
wlstore.dll
.dll regsvr32 windows:5 windows x86 arch:x86

397c017e3cef1eef29121d3eaf61b2a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wlstore.pdb

Imports

msvcrt

_adjust_fdiv
_initterm
wcslen
_itow
wcscat
wcsncpy
wcsstr
wcscpy
wcsncat
free
_wtol
malloc

kernel32

TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalAlloc
LocalFree
GetLastError
DisableThreadLibraryCalls
lstrlenW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentProcess
Sleep

rpcrt4

UuidToStringW
RpcStringFreeW

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayPutElement
SafeArrayGetElement
VariantClear
SysFreeString
SysAllocString
VariantInit
SafeArrayGetUBound
SafeArrayCreate

netapi32

NetApiBufferFree
DsGetDcNameW

wldap32

ord142
ord77
ord140
ord27
ord26
ord97
ord16
ord208
ord73
ord41
ord36
ord224
ord79
ord69
ord157
ord113
ord165
ord13
ord88
ord14
ord145
ord210

ole32

CoCreateInstance

Exports

Exports

DllRegisterServer
DllUnregisterServer
UpdateWirelessPSData
WirelessAddPSToPolicy
WirelessAllocPolMem
WirelessAllocPolStr
WirelessClearWMIStore
WirelessClosePolicyStore
WirelessCopyPolicyData
WirelessCreatePolicyData
WirelessDeletePolicyData
WirelessEnumPolicyData
WirelessFreeMulPolicyData
WirelessFreePolMem
WirelessFreePolStr
WirelessFreePolicyData
WirelessGPOOpenPolicyStore
WirelessPolicyPSId
WirelessReallocatePolMem
WirelessReallocatePolStr
WirelessRemovePSFromPolicy
WirelessRemovePSFromPolicyId
WirelessSetPSDataInPolicy
WirelessSetPolicyData
WirelessWriteDirectoryPolicyToWMI

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

397c017e3cef1eef29121d3eaf61b2a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

rpcrt4

oleaut32

netapi32

wldap32

ole32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 876B

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 876B

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 1KB - Virtual size: 1KB