76d077e9ca79f34564170a4700a718b30879c0b67087c60b9d067c8ec8aea846N

Sharing

Copy URL

Twitter E-mail

General

Target

76d077e9ca79f34564170a4700a718b30879c0b67087c60b9d067c8ec8aea846N
Size

2.1MB
MD5

7466402b1e8b94a6ed256ad339945f30
SHA1

2a93b0bc332d7a01b33398b983b66b24a854fb72
SHA256

76d077e9ca79f34564170a4700a718b30879c0b67087c60b9d067c8ec8aea846
SHA512

c6d42eba7a0a4c85e27b9dcf547c87a20deac3df0bf8af3b8314d39ec484f32dbc0e28521a03e5db7667f4332d38555523f6122e14578b41f83dca7aacfc1991
SSDEEP

49152:0WcnPqQUGpuphwC0DNLDpaRFXrLuWGMKpblat2r4PRSEk1ul:e0zuNIJt2sEE5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76d077e9ca79f34564170a4700a718b30879c0b67087c60b9d067c8ec8aea846N

Files

76d077e9ca79f34564170a4700a718b30879c0b67087c60b9d067c8ec8aea846N
.exe windows:10 windows x64 arch:x64

51cd629d057488a5b0a2c6dc8012308b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wbengine.pdb

Imports

advapi32

RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
TraceMessage
DuplicateTokenEx
RegQueryValueExW
GetUserNameW
EventSetInformation
EventRegister
EventUnregister
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
GetLengthSid
IsValidSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
MakeAbsoluteSD
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetAclInformation
IsValidSecurityDescriptor
RegEnumValueW
LookupAccountNameW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
OpenServiceW
ControlService
DeleteService
InitiateShutdownW
RegGetValueW
TraceEvent
RegUnLoadKeyW
RegLoadKeyW
EventWriteTransfer
TreeSetNamedSecurityInfoW
CheckTokenMembership
LsaNtStatusToWinError
GetSecurityDescriptorLength
EventWrite
EventEnabled
SetThreadToken
OpenThreadToken
EnableTrace
StartTraceW
ControlTraceW
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
SetFileSecurityW
LsaFreeMemory
EqualSid
GetWindowsAccountDomainSid
LogonUserExExW
ImpersonateLoggedOnUser
OpenProcessToken
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
QueryServiceStatus
EnumDependentServicesW

kernel32

GetTickCount
RemoveDirectoryW
HeapSetInformation
CreateWaitableTimerW
WaitForSingleObjectEx
GetCurrentThreadId
GetCommandLineW
CopyFileW
DeviceIoControl
GetDriveTypeW
GetSystemWindowsDirectoryW
CreateThread
GetFullPathNameW
TlsGetValue
OutputDebugStringW
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
SetErrorMode
CancelIoEx
GetFileAttributesExW
DeleteVolumeMountPointW
QueryDosDeviceW
SetVolumeMountPointW
SetWaitableTimer
GetLogicalDrives
GetFileSize
GetLongPathNameW
SetFileValidData
SetFilePointerEx
SetEndOfFile
RtlCompareMemory
SleepEx
GetOverlappedResult
GetCurrentThread
SetFilePointer
CancelIo
GetVolumeInformationW
CompareStringOrdinal
CopyFileExW
GetLocalTime
FormatMessageW
GetSystemDirectoryW
LocalAlloc
SetLastError
GetWindowsDirectoryW
GetUserGeoID
GetSystemInfo
GetComputerNameExW
GetVersionExW
GetTempPathW
GetProductInfo
ExpandEnvironmentStringsW
SetFileInformationByHandle
GetFileInformationByHandle
SetFileAttributesW
GetVolumeNameForVolumeMountPointW
FindNextFileW
FindFirstFileW
GetFileInformationByHandleEx
CreateDirectoryW
GetVolumePathNamesForVolumeNameW
GetDiskFreeSpaceExW
GetFileAttributesW
OutputDebugStringA
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetEnvironmentVariableW
HeapDestroy
GetProcessHeap
HeapAlloc
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetTimeZoneInformation
SetThreadExecutionState
FileTimeToLocalFileTime
Sleep
SetVolumeLabelW
FileTimeToSystemTime
CompareFileTime
FindClose
MoveFileW
ReadFile
MoveFileExW
FlushFileBuffers
WriteFile
DeleteFileW
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetSystemTime
LocalFree
GetFileSizeEx
CreateFileW
ResetEvent
WaitForSingleObject
SetEvent
CloseHandle
CreateEventW
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
LoadResource
FindResourceExW
RaiseException
GetLastError
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
SizeofResource
GetVolumePathNameW
HeapSize
HeapReAlloc
HeapFree

user32

CharUpperBuffW
CharNextW
LoadStringW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
CharUpperW
MessageBoxW
UnregisterClassA

msvcrt

swscanf_s
wcsncmp
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
memcpy
_vsnprintf
wcsstr
wcsrchr
wcscspn
towlower
_wgetenv
_wtol
wcscpy_s
_wcstoi64
wcstok_s
_wcsicmp
_vsnwprintf
memmove_s
memmove
calloc
_wcsnicmp
_exit
_cexit
wcscmp
__setusermatherr
_initterm
_wcmdln
_fmode
_commode
_errno
?terminate@@YAXXZ
realloc
wcscat_s
_scwprintf
wcschr
wcstoul
_callnewh
_resetstkoflw
_wtoi
_lock
_unlock
__dllonexit
memset
_onexit
??1type_info@@UEAA@XZ
wcsncpy_s
malloc
free
_purecall
memcpy_s
__C_specific_handler
__CxxFrameHandler3
memcmp
??_V@YAXPEAX@Z
_CxxThrowException
exit

ntdll

NtQueryValueKey
NtOpenKey
RtlUnlockBootStatusData
RtlGetSetBootStatusData
RtlCreateSystemVolumeInformationFolder
WinSqmAddToStreamEx
RtlFreeUnicodeString
NtCreateFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
RtlClearAllBits
RtlSetBits
RtlNumberOfSetBits
RtlInitializeBitMap
RtlFindNextForwardRunClear
RtlClearBits
RtlAreBitsSet
RtlAreBitsClear
EtwTraceMessage
RtlNumberOfClearBits
RtlSetAllBits
NtQueryVolumeInformationFile
NtClose
RtlFormatCurrentUserKeyPath
NtSetInformationKey
NtQueryKey
NtQuerySystemInformation
NtQueryInformationFile
RtlGetLastNtStatus
RtlSetBit
RtlNtStatusToDosError
WinSqmAddToStream
RtlInitUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoSuspendClassObjects
CreateClassMoniker
CreateStreamOnHGlobal
CoCreateGuid
CLSIDFromString
CoImpersonateClient
CoRevertToSelf
CoDisconnectObject
GetRunningObjectTable

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantCopy
SysAllocString
VarBstrCmp
RegisterTypeLi
SysFreeString
VarUI4FromStr
SystemTimeToVariantTime
VariantInit
SysStringLen
LoadTypeLi
UnRegisterTypeLi
SysAllocStringLen
VarBstrCat

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate
UuidFromStringW

vssapi

CreateVssBackupComponentsInternal
CreateVssExamineWriterMetadataInternal
VssFreeSnapshotPropertiesInternal

virtdisk

CreateVirtualDisk
DetachVirtualDisk
SetVirtualDiskInformation
GetVirtualDiskPhysicalPath
OpenVirtualDisk
GetStorageDependencyInformation
AttachVirtualDisk
GetVirtualDiskInformation
GetVirtualDiskOperationProgress
CompactVirtualDisk

bcd

BcdCloseStore
BcdImportStoreWithFlags
BcdForciblyUnloadStore
BcdSetSystemStoreDevice
BcdOpenSystemStore

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupGetInfDriverStoreLocationW
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupEnumPublishedInfW
SetupDiGetDeviceRegistryPropertyW

spp

SppFreeBadWritersArray

netapi32

NetShareAdd
NetShareDel
NetShareGetInfo
NetApiBufferFree

xmllite

CreateXmlReaderInputWithEncodingName
CreateXmlReader

bcrypt

BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty

clusapi

GetNodeClusterState

wer

WerReportSubmit
WerReportCreate
WerReportSetParameter
WerReportCloseHandle
WerReportAddFile

Exports

Exports

??0CTraceFailureHelper@@QEAA@AEAVCTraceProvider@@JPEBGKPEBX@Z
??0CTraceFunction@@QEAA@AEAVCTraceProvider@@PEBGH1PEBX@Z
??0CTraceHelper@@QEAA@AEAVCTraceProvider@@PEBGKPEBX@Z
??0CTraceProvider@@QEAA@W4COMPONENT_CODE@@@Z
??1CTraceFunction@@QEAA@XZ
??1CTraceProvider@@QEAA@XZ
??4CTraceProvider@@QEAAAEAV0@AEBV0@@Z
?EtwEnabled@CTraceProvider@@QEAA_NW4TRACE_FLAG@@@Z
?EtwTrace@CTraceProvider@@QEAAXAEBUDLS_TRACE_EVENT@@@Z
?OdsEnabled@CTraceProvider@@QEAA_NW4TRACE_FLAG@@@Z
?OdsTrace@CTraceProvider@@QEAAXAEBUDLS_TRACE_EVENT@@@Z
?QueryTaskId@CTraceProvider@@SA?AU_GUID@@XZ
?SetTraceControlInfo@CTraceProvider@@QEAAX_N_KK@Z
?Trace@CTraceProvider@@QEAAXW4TRACE_FLAG@@PEBGKPEBX1PEAD@Z
?TraceMessage@CTraceFailureHelper@@QEAAXPEBGZZ
?TraceMessage@CTraceHelper@@QEAAXW4TRACE_FLAG@@PEBGZZ
?m_dwTraceCurrSize@CTraceProvider@@0KA
?m_dwTraceLevel@CTraceProvider@@0KA
?m_dwTraceMaxNum@CTraceProvider@@0KA
?m_dwTraceMaxSize@CTraceProvider@@0KA
?m_dwTraceNextNum@CTraceProvider@@0KA
?m_errLogCriticalSection@CTraceProvider@@0U_RTL_CRITICAL_SECTION@@A
?m_errorFile@CTraceProvider@@0PEAU_iobuf@@EA
?m_errorTracingInBadState@CTraceProvider@@0_NA
?m_isCriticalSectionIntialized@CTraceProvider@@0_NA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

51cd629d057488a5b0a2c6dc8012308b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ntdll

ole32

oleaut32

rpcrt4

vssapi

virtdisk

bcd

setupapi

spp

netapi32

xmllite

bcrypt

clusapi

wer

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 171KB - Virtual size: 171KB

.data Size: 3KB - Virtual size: 9KB

.pdata Size: 30KB - Virtual size: 29KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 171KB - Virtual size: 171KB

.data
Size: 3KB - Virtual size: 9KB

.pdata
Size: 30KB - Virtual size: 29KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 568KB - Virtual size: 572KB