5cc86434da40d334c6001138e8e56eb04d08030ef2864afe0ce59fd17e4ffd4f

Sharing

Copy URL

Twitter E-mail

General

Target

5cc86434da40d334c6001138e8e56eb04d08030ef2864afe0ce59fd17e4ffd4f
Size

485KB
MD5

d1c768035765043769c52454e81e13b0
SHA1

682172bcb20654a8fcbfebaf69a810cff73a844b
SHA256

5cc86434da40d334c6001138e8e56eb04d08030ef2864afe0ce59fd17e4ffd4f
SHA512

64b20c6f5f0eab47ed9960f1253d0f8fca2e8e1d9a1838ad37712a980d0b213f34f0c0d382cfb9e7248e949c77b7264f9ebe21172083c5d3629fb9057f79a0ea
SSDEEP

12288:VCsxHlRclEfd6FjFBK1lmDPcYGi4EVi2f0Ckeo6P:Vztcl7DEYGiy2eF6P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5cc86434da40d334c6001138e8e56eb04d08030ef2864afe0ce59fd17e4ffd4f

Files

5cc86434da40d334c6001138e8e56eb04d08030ef2864afe0ce59fd17e4ffd4f
.exe windows:6 windows x86 arch:x86

bc7b2ec4ae602ff608b31f81c0b282ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\actions-runner\_work\WFBSS_AGENT_WIN\WFBSS_AGENT_WIN\main\output\debug_symbol\release\WillExecutor.pdb

Imports

kernel32

Process32FirstW
WaitForSingleObjectEx
FileTimeToSystemTime
SetEvent
Process32NextW
GetLastError
LoadLibraryW
GetCurrentDirectoryW
GetWindowsDirectoryW
GetProcAddress
GetCurrentProcessId
CloseHandle
InitOnceExecuteOnce
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
LCMapStringEx
EncodePointer
DecodePointer
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
GetModuleHandleW
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
RtlUnwind
InterlockedPushEntrySList
RaiseException
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateEventW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
FreeLibrary
EnumSystemLocalesW
GetFileType
GetConsoleCP
GetConsoleMode
HeapReAlloc
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
FlushFileBuffers
CreateFileW
SetFilePointerEx
HeapSize
SetEndOfFile
ReadFile
ReadConsoleW
WriteConsoleW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetNamedPipeHandleState
WaitNamedPipeW
CreateToolhelp32Snapshot
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
FindClose
CreateMutexW
GetTempPathW
WaitForMultipleObjects
GetModuleFileNameW
CopyFileW
WideCharToMultiByte
GetTempFileNameW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
GetProcessHeap
GetLocalTime
GetVersionExA
LocalAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSection
LocalFree
lstrlenA
GetUserDefaultLCID
MultiByteToWideChar
FindNextFileW
FindFirstFileW
QueryPerformanceFrequency
CreateDirectoryW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptImportKey
CryptGetHashParam
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
RegCreateKeyExW
RegSetValueExW
StartServiceW
RegDeleteValueW
OpenServiceW
RegQueryValueExW

shell32

SHGetFolderPathW

shlwapi

PathRemoveFileSpecW
PathCanonicalizeW
PathAppendW
PathRemoveBackslashW
PathFileExistsW

crypt32

CryptUnprotectData

Sections

.text
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc7b2ec4ae602ff608b31f81c0b282ca

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

shlwapi

crypt32

Sections

.text Size: 362KB - Virtual size: 362KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 362KB - Virtual size: 362KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 24KB - Virtual size: 24KB