wnpcli-3[.]0[.]0-alpha[.]1_win64[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

wnpcli-3.0.0-alpha.1_win64.zip
Size

254KB
MD5

c9b3721d835ab05e4fc48f17899bcf13
SHA1

fc60f451eed750bb92d8b27b3e93388198891a95
SHA256

dc0608828c42959451213d9ce98c06c590664565706822c14aaa72da330277d8
SHA512

589a525769600c88d59d0d40a752382becab1c3000fbf9b387ee4f130eb178a8a9e90da44bb25033e95be9306ea7e1190b475ff6bc8f4e1ada848d0c39a586d0
SSDEEP

6144:XX9Ox3kArRRk7OCHs6fbU08s52dAbdaJXkqbRs9JYWEwrw:XXJAPkqJq38MOkqm99E7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wnpcli.exe

Files

wnpcli-3.0.0-alpha.1_win64.zip
.zip
CHANGELOG.md
LICENSE
README.md
VERSION
wnpcli.exe
.exe windows:6 windows x64 arch:x64

0ff3035578c30d1a1c657f5c1b2cc183

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

recv
socket
send
WSAStartup
WSACleanup
accept
bind
listen
closesocket
shutdown
setsockopt
htons
htonl
connect

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

gdiplus

GdiplusStartup
GdiplusShutdown
GdipDisposeImage
GdipSaveImageToFile
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0

kernel32

SetEndOfFile
HeapSize
ReadConsoleW
ReadFile
FlushFileBuffers
GetTimeZoneInformation
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryW
FormatMessageW
GetSystemTimePreciseAsFileTime
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
SetFilePointerEx
GetFileSizeEx
OutputDebugStringW
DeleteFileW
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
Sleep
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateThread
GetCurrentThreadId
ExitThread
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
LocalFree
FormatMessageA
GetLocaleInfoEx
QueryPerformanceFrequency
WaitForSingleObjectEx
ReleaseSRWLockShared
AcquireSRWLockShared
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
CreateEventW
AreFileApisANSI
GetProcAddress
SetLastError
LoadLibraryExW
InitializeCriticalSectionEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
CompareStringEx
GetCPInfo
GetDateFormatW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedPushEntrySList
FreeLibrary
ExitProcess
GetModuleHandleExW
SetConsoleCtrlHandler
GetStdHandle
GetFileType
GetModuleFileNameW
WriteConsoleW
FreeLibraryAndExitThread
WriteFile
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree

oleaut32

GetErrorInfo
SysAllocString
SysFreeString
SysStringLen
SetErrorInfo

ole32

CoInitializeEx
CoUninitialize
CoCreateFreeThreadedMarshaler

Sections

.text
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ff3035578c30d1a1c657f5c1b2cc183

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

gdiplus

kernel32

oleaut32

ole32

Sections

.text Size: 438KB - Virtual size: 438KB

.rdata Size: 104KB - Virtual size: 104KB

.data Size: 21KB - Virtual size: 234KB

.pdata Size: 18KB - Virtual size: 17KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 438KB - Virtual size: 438KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 21KB - Virtual size: 234KB

.pdata
Size: 18KB - Virtual size: 17KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 4KB - Virtual size: 3KB