dd00911034c9e65bd3e776e3b833999d9c8a03b9ce123d55f3b578d648757eb8N

Sharing

Copy URL

Twitter E-mail

General

Target

dd00911034c9e65bd3e776e3b833999d9c8a03b9ce123d55f3b578d648757eb8N
Size

52KB
MD5

9a4480f8f0325f55cdb10ac4c80f0f70
SHA1

1d3bf6651d6abbc9714d2d4073921667611d6b9a
SHA256

dd00911034c9e65bd3e776e3b833999d9c8a03b9ce123d55f3b578d648757eb8
SHA512

74d8a74af681e0cadf24f733b15945cefea1f4c98e1a4c1eb36851ea034d437a6c12fccdc6110c3218dadae31cb242303592c2c80e87e75c5d73d828a886d2d2
SSDEEP

768:x3wo/bTdSjtgMJl0P5RpXJT0Yb23AUWKwBgmbgMLuSPpiGgqSOBtcrT7Pqzv6rGS:x3HSplwdeYbmabLukRI86rT7Ojw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wizchain.dll

Files

dd00911034c9e65bd3e776e3b833999d9c8a03b9ce123d55f3b578d648757eb8N
.cab
wizchain.dll
.dll regsvr32 windows:5 windows x86 arch:x86

02d2b1658cf668095b6ece8ff956b361

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WizChain.pdb

Imports

msvcrt

wcscat
wcscpy
??2@YAPAXI@Z
wcslen
wcsncpy
free
malloc
_wcsdup
memmove
_except_handler3
__CxxFrameHandler
_wcsicmp
wcsstr
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_adjust_fdiv
_initterm
_purecall
realloc
??3@YAXPAX@Z

msvcp60

??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

kernel32

GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
FlushInstructionCache
GetCurrentProcess
CloseHandle
LocalFree
CreateFileW
LocalAlloc
GetCurrentThread
DeleteFileW
GetTempFileNameW
GetTempPathW
GetLastError
SetLastError
LockResource
LoadResource
FindResourceW
IsBadStringPtrW
LoadLibraryW
lstrlenW
InterlockedDecrement
GetModuleFileNameW
OutputDebugStringA
GlobalAlloc
InterlockedIncrement
GetSystemDirectoryW
GlobalFree
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetVersionExW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
MultiByteToWideChar
lstrcpyW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
HeapDestroy
lstrcpynW
DisableThreadLibraryCalls
GlobalUnlock
GlobalLock
LoadLibraryExW
lstrcatW
lstrlenA
SizeofResource
lstrcmpW
GetCurrentThreadId
RaiseException
CreateEventW
WaitForSingleObject
MulDiv
CreateThread
SetEvent
InterlockedExchangeAdd
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
HeapFree
GetProcessHeap
HeapAlloc
VirtualFree
LoadLibraryA
WriteFile

user32

SetPropW
ReleaseDC
GetDC
DefWindowProcW
PtInRect
DrawFocusRect
HideCaret
SystemParametersInfoW
LoadImageW
CharNextW
RegisterClassExW
GetClassInfoExW
GetWindow
GetWindowTextW
GetWindowTextLengthW
LoadCursorW
RegisterWindowMessageW
CharPrevW
GetSysColor
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
SetFocus
GetPropW
EndPaint
FillRect
BeginPaint
RedrawWindow
GetClassNameW
CreateAcceleratorTableW
wsprintfW
EndDialog
ScreenToClient
UpdateWindow
ShowWindow
IsWindowVisible
SetTimer
KillTimer
SendDlgItemMessageW
DialogBoxParamW
GetSystemMetrics
DrawTextW
EnableWindow
IsWindowEnabled
SetDlgItemTextW
SetWindowPos
LoadStringW
CallWindowProcW
MessageBoxW
GetFocus
GetDlgCtrlID
ShowScrollBar
GetScrollInfo
GetParent
GetWindowRect
MoveWindow
GetDlgItem
GetClientRect
MapWindowPoints
SetWindowTextW
PostMessageW
IsWindow
SendMessageW
GetDesktopWindow
DestroyWindow
CreateDialogIndirectParamW
CreateWindowExW
GetWindowLongW
IsChild
SetWindowLongW

gdi32

SelectObject
SelectPalette
RealizePalette
GetDeviceCaps
GetObjectType
GetObjectW
CreateCompatibleDC
GetTextMetricsW
GetStockObject
DeleteDC
BitBlt
CreateSolidBrush
SetTextColor
CreateCompatibleBitmap
CreateFontIndirectW
DeleteObject

advapi32

RegDeleteKeyW
OpenThreadToken
OpenProcessToken
GetTokenInformation
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW

ole32

OleLockRunning
StringFromCLSID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
StringFromGUID2
CLSIDFromString
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

shell32

ShellExecuteW
SHCreateDirectoryExW

oleaut32

SysStringLen
SysAllocStringLen
VariantCopy
SysFreeString
VariantInit
VariantClear
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
OleLoadPicturePath
LoadRegTypeLi
SysAllocString

rpcrt4

UuidFromStringW

shlwapi

PathRemoveFileSpecW
PathRenameExtensionW
PathIsRootW
PathAppendW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02d2b1658cf668095b6ece8ff956b361

Headers

File Characteristics

PDB Paths

Imports

msvcrt

msvcp60

kernel32

user32

gdi32

advapi32

ole32

shell32

oleaut32

rpcrt4

shlwapi

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 88KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 88KB - Virtual size: 88KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 6KB - Virtual size: 6KB