nanocore | wxipp[.]exe | Triage

Sharing

General

Target

wxipp.exe
Size

182KB
MD5

7d8f1fc0c5e1d7ca23385a823024c959
SHA1

fb50e723d2cfe73c7ec55ee24cd5d1dffa2a5245
SHA256

b89a70f1b581bb4807cb6a7c40146f0b28e2f1469c83bd019c1a37819da85a79
SHA512

5e060910f9df45be168b1c6a6423f029ed360667d270aab317efc00cd3ef60e9bfd09c572b15b1ebd3d40b1b01a36e3fdb925713c0a006e76e08360f0cbc2b29
SSDEEP

3072:M9ocHuUrOkFV1qGjTHfVMMQfrwHn0/Mp+Z3zDBmLjqZ9NRbqzJxlNszz1:MKcHuydHNMbfrwH0/dZRmLjqZ9NRbqF0

Score

10^/10

Malware Config

Signatures

Nanocore family
nanocore
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

wxipp.exe

Files

wxipp.exe
.exe windows:4 windows x86 arch:x86

Password: infectedsir

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ