winws[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

winws.exe
Size

234KB
MD5

8c624e64742bc19447d52f61edec52db
SHA1

1e700e2dd61b5d566a651433dc86bd95a6d54449
SHA256

13fd7a9c6f7c98239a61a212f69211a0f19159b2e8cdae8b1efc57d35cdcd5ad
SHA512

f676f7aa863fd13494186d4be597c19e49dc8245f6a98a2e9e2f1d09aa9e4cbf7a87c552e49359347b24b46cd1eddfb6edcfcbd6f4ff4d24888831ff182c952a
SSDEEP

3072:v8eKEoQ4poZkFUIIggeAtqCijmtvzb20QTE7Eh2mS89QB+5Us6V:vtp5GoZ7+VAtqw7S0R7E9Ou8V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
winws.exe

Files

winws.exe
.exe windows:4 windows x64 arch:x64

255c40683a25f28abd8a51314c080715

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

PDB Paths

Imports

cygwin1

__cxa_atexit
__errno
__getreent
__locale_ctype_ptr
__main
__stack_chk_fail
__stack_chk_guard
_dll_crt0
_impure_ptr
atoi
calloc
chdir
close
cygwin_detach_dll
cygwin_internal
dirname
dll_dllcrt0
dup
exit
fclose
fflush
fgets
fopen
fork
fprintf
fputc
fread
free
fseek
fwrite
getopt_long_only
getpid
getsockopt
inet_ntop
inet_pton
localtime_r
malloc
memcmp
memcpy
memmem
memmove
memset
open
openlog
optarg
posix_memalign
printf
putchar
puts
random
realloc
setsid
setsockopt
signal
snprintf
srandom
sscanf
stat
strcasecmp
strchr
strcmp
strdup
strerror
strlen
strncasecmp
strncat
strncpy
syslog
time
tolower
toupper
usleep
vfprintf
vsnprintf

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

kernel32

CancelIoEx
CloseHandle
CreateEventW
CreateMutexA
FormatMessageA
GetLastError
GetModuleHandleA
GetOverlappedResult
GetTickCount
LocalFree
ReleaseMutex
SetLastError
WaitForSingleObject
WideCharToMultiByte

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString

wlanapi

WlanCloseHandle
WlanEnumInterfaces
WlanFreeMemory
WlanOpenHandle
WlanQueryInterface

windivert

WinDivertClose
WinDivertOpen
WinDivertRecvEx
WinDivertSend

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

255c40683a25f28abd8a51314c080715

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cygwin1

advapi32

kernel32

ole32

oleaut32

wlanapi

windivert

Sections

.text Size: 125KB - Virtual size: 124KB

.data Size: 2KB - Virtual size: 2KB

.rdata Size: 85KB - Virtual size: 84KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 4KB - Virtual size: 3KB

.xdata Size: 4KB - Virtual size: 3KB

.bss Size: - Virtual size: 23KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 268B

.text
Size: 125KB - Virtual size: 124KB

.data
Size: 2KB - Virtual size: 2KB

.rdata
Size: 85KB - Virtual size: 84KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 4KB - Virtual size: 3KB

.xdata
Size: 4KB - Virtual size: 3KB

.bss
Size: - Virtual size: 23KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 268B