WUDFHost.exe

First submission 2023-09-11 11:51:04

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	219.5 KB (224768 bytes)
Compile time:	2022-10-16 00:26:51
MD5:	43d6aa62427fda7e63d503d069c22f63
SHA1:	2cae45a0d2723b7cb3b9a9eb89f26bfe3776c034
SHA256:	74de565481e06f4dc68654c450bac83eb32a4c19dc28e9e3a47fb117c7887e60
Import Hash :	f815858bb8146375fb6d659cf6f7de7c
Sections 4	.text .data .rsrc .reloc
Directories 4	import resource debug relocation
Virus Total:	38/70 VT report date: 2023-09-11 09:41:01

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://103.250.79.174/220/WUDFHost.exe	103.250.79.174	2023-09-11 11:51:04

PE Sections 2 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x21368	136192	8690318bdc4826cbfa54f2e026821d40300be71d	f4db1966c458b2526cd82dc5bf3b9f91
.data	0x23000	0x201df04	10752	375f331ba2a1d21dfeaeedaa2273c072c572d348	313a60394749f1fc3c0513bbd85031c0
.rsrc	0x2041000	0xaca0	44544	f7805f339b0700343ef943c63b6a23cc19be8f1a	9407ed2a82d907f456faa11aa80d3d76
.reloc	0x204c000	0x7cbc	32256	15b0fee564da7eaabbe9241c656cc7389f3a38ab	5a42ae6039bdbd1a3f9c8281d9deed26

PE Resources 6

Name	Language	Sublanguage	Offset	Size	Data
RT_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x204a568	176
RT_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x2049f68	1128	PE Resource: RT_ICON - Data ( }~}\|~~z}\|{\|~}\|~\|~~\|zy}~y~~{}\|~z{{}}}z}~\|{{~}~z\|}~z\|{\|~~\|}\|~\|}z\|zy~~}~~~}\|~z\|{~{}}\|{~{z{~}~~\|z{~~}}~{{~z~\|~{{~{\|~~~\|\|~~~~{{\|{}~~{~\|{\|\|\|\|\|{\|\|\|}~}z{\|z~\|{}\|{\|~~~~~{\|{y\|{{{~~}\|zz{z\|\|~}{\|{\|\|\|}~z\|\|}{{{\|~~\|{\|~\|}}~z{\|}{z\|}z~z~{~{\|z\|\|\|\|}{\|\|~~~~}}~}}~}\|{}{y\|z\|\|yy\|{\|}y}\|}{z\|~}{{~}zz~~~{{\|z}{}\|~}}}}}~y{~z\|\|{}{{~~\|~}~~}\|~z}}~y\|}}z~~}{~}z{}\|}}\|}~{~y~\|~{~~{}}}~\|z~~~{}z~}}}~~}\|~\|\|{}\|~{{~{AAAAAAAAAAAAAAAA
RT_STRING	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x204b7d0	1230	PE Resource: RT_STRING - Data Hidiyi!Dorayegahin wuvoxerot nun fotozen2Dunakevuc rojime vapokiduta vulorineyuzewaw gupobu Gah wofejcSazotararuzalut vodaya bexuro lojelicemoc wurosiboz gikuki lirebo gariduyufah xayedopimuwe gudelawiHNajidabo poyedificazoy kupuy zeguzicovud soneg soyaxikuzavet junoyuyoriy3Vixaruwa mowohutoy kegoran rohigokapumi hazezopukohRNutix jegat didirocekujuwub xay gonecor gum vimuyolax yepibimezam fepovohidiz vutoFunafuli naxixuyerenecozVVuyisucogozan kojixidoripujah cedaduzo yod hedepujos cohepoyuvopewan xiga pad lofohetaJimTKenixikewavub locobekogeh sukagunimuwic kutevu vigak sugi xaci xewejikote wipuvu sog
RT_GROUP_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x204a618	34
RT_GROUP_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x2044568	48
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x204a640	620	PE Resource: RT_VERSION - Data l4VS_VERSION_INFO.aStringFileInfo042231F2: FileDescriptionSilvupleZLegalCopyrightCopyright (C) 2022, Uniqum@OriginalFilenamepetshop.exe>ProductsVersion9.50.11.692 ProductNameJunfsiolDProductionVersion82.67.62.16DVarFileInfo$Translation

Meta infos 7

LegalCopyright:	Copyright (C) 2022, Uniqum
ProductionVersion:	82.67.62.16
FileDescription:	Silvuple
Translation:	0x05bf 0x0ad4
ProductsVersion:	9.50.11.69
OriginalFilename:	petshop.exe
ProductName:	Junfsiol

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 5

GetLastError
IsDebuggerPresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
mscoree.dll
USER32.dll
MSIMG32.dll
GDI32.dll

Strings analysis - Possible IPs found 2

82.67.62.16
9.50.11.69

Import functions

KERNEL32.dll 95 GDI32.dll 1 USER32.dll 7

Function	Address	Souspicious	Anti Debug
CreateFileA	0x401008
SetThreadContext	0x40100c
FindFirstChangeNotificationW	0x401010
PeekNamedPipe	0x401014
SetEndOfFile	0x401018
FreeEnvironmentStringsA	0x40101c
GetTickCount	0x401020
GetConsoleAliasesLengthA	0x401024
GetDateFormatA	0x401028
ReadConsoleInputA	0x40102c
SizeofResource	0x401030
GetFileAttributesW	0x401034
FileTimeToSystemTime	0x401038
GlobalUnlock	0x40103c
GetShortPathNameA	0x401040
FindFirstFileA	0x401044
GetLogicalDriveStringsA	0x401048
GetLastError	0x40104c
SetLastError	0x401050
GetProcAddress	0x401054
GetTempFileNameW	0x401058
BackupWrite	0x40105c
LoadLibraryA	0x401060
CreateHardLinkW	0x401064
SetConsoleCtrlHandler	0x401068
SetFileApisToANSI	0x40106c
BeginUpdateResourceA	0x401070
OpenJobObjectW	0x401074
FoldStringA	0x401078
GetModuleHandleA	0x40107c
SetCalendarInfoA	0x401080
FindFirstVolumeW	0x401084
ReadConsoleOutputCharacterW	0x401088
WriteConsoleW	0x40108c
GetConsoleOutputCP	0x401090
WriteConsoleA	0x401094
CloseHandle	0x401098
VirtualAlloc	0x40109c
HeapFree	0x4010a0
TerminateProcess	0x4010a4
GetCurrentProcess	0x4010a8
UnhandledExceptionFilter	0x4010ac
SetUnhandledExceptionFilter	0x4010b0
IsDebuggerPresent	0x4010b4
GetStartupInfoW	0x4010b8
HeapAlloc	0x4010bc
HeapCreate	0x4010c0
VirtualFree	0x4010c4
DeleteCriticalSection	0x4010c8
LeaveCriticalSection	0x4010cc
EnterCriticalSection	0x4010d0
HeapReAlloc	0x4010d4
GetModuleHandleW	0x4010d8
TlsGetValue	0x4010dc
TlsAlloc	0x4010e0
TlsSetValue	0x4010e4
TlsFree	0x4010e8
InterlockedIncrement	0x4010ec
GetCurrentThreadId	0x4010f0
InterlockedDecrement	0x4010f4
SetHandleCount	0x4010f8
GetStdHandle	0x4010fc
GetFileType	0x401100
GetStartupInfoA	0x401104
SetFilePointer	0x401108
RaiseException	0x40110c
Sleep	0x401110
ExitProcess	0x401114
WriteFile	0x401118
GetModuleFileNameA	0x40111c
GetModuleFileNameW	0x401120
FreeEnvironmentStringsW	0x401124
GetEnvironmentStringsW	0x401128
GetCommandLineW	0x40112c
QueryPerformanceCounter	0x401130
GetCurrentProcessId	0x401134
GetSystemTimeAsFileTime	0x401138
InitializeCriticalSectionAndSpinCount	0x40113c
RtlUnwind	0x401140
GetCPInfo	0x401144
GetACP	0x401148
GetOEMCP	0x40114c
IsValidCodePage	0x401150
SetStdHandle	0x401154
HeapSize	0x401158
LCMapStringA	0x40115c
WideCharToMultiByte	0x401160
MultiByteToWideChar	0x401164
LCMapStringW	0x401168
GetStringTypeA	0x40116c
GetStringTypeW	0x401170
GetLocaleInfoA	0x401174
GetConsoleCP	0x401178
GetConsoleMode	0x40117c
FlushFileBuffers	0x401180

Function	Address	Souspicious	Anti Debug
CreateDCA	0x401000

Function	Address	Souspicious	Anti Debug
GetMessageExtraInfo	0x401188
LoadMenuA	0x40118c
DdeQueryStringW	0x401190
GetClassInfoExW	0x401194
GetKeyNameTextW	0x401198
CharToOemBuffW	0x40119c
SetClipboardViewer	0x4011a0