wmlaunch.exe

First submission 2024-02-09 05:22:11

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 1396.0 KB (1429504 bytes)
Compile time: 2018-12-11 06:24:30
MD5: 87455f08f37b75119d9422c735ff862c
SHA1: b77a00e51c3b789322497792e723a8ccb0c2672c
SHA256: b1f831de2136baab443c69f1a81b548d48573cfa2889ee800f026646db57eca4
Import Hash : 8f741d7795ebb406c53fa3b806da6861
Sections 6 .text .sedata .idata .rsrc .sedata .code
Directories 2 import resource
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://117.72.47.127/%CF%C2%B7%A2%CE%C4%BC%FE/wmlaunch.exe VirusTotal Report 117.72.47.127 VirusTotal Report 2024-02-09 05:22:11

PE Sections 5 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xc5000 348160 e10f1229a31d46e8d1faa7aa9f8159217915d615 4d7162164a1c7227c943919df13a8dcc
.sedata 0xc6000 0x103000 1060864 16743b30e643137998c462653ccc6ae38b46ef70 2438b48e52ccffbb5fb32f6319fe2522
.idata 0x1c9000 0x1000 4096 dca7704f5104f7d5a97c02ec1781e569b90c0532 640877f36e857fb5d56ca8e901ed15f1
.rsrc 0x1ca000 0x1000 4096 076618c98ac6fbd907962f136ca790ccda7a58aa df9b5c50dfa2115951dfdfa1f895b0bc
.sedata 0x1cb000 0x1000 4096 208460f2adca1518ec7721879d37e3440b32abfa 475ac1b9a3541c3e66d47e4b574a77f1
.code 0x1cc000 0x1000 4096 8a4fad525cb0bd86043c8120da03fa55522286ec 7d6d32543280530c9768cefd2c79fba8

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_VERSION LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x1ca058 824

Meta infos 13

LegalCopyright: \x7248\x6743\x6240\x6709 (C) 2003
InternalName: miniSQL
FileVersion: 1, 0, 0, 1
FileDescription: miniSQL Microsoft \x57fa\x7840\x7c7b\x5e94\x7528\x7a0b\x5e8f
SpecialBuild:
CompanyName:
LegalTrademarks:
Comments:
ProductName: miniSQL \x5e94\x7528\x7a0b\x5e8f
ProductVersion: 1, 0, 0, 1
PrivateBuild:
Translation: 0x0804 0x04b0
OriginalFilename: miniSQL.EXE

Packers detected 2

Microsoft Visual C++ 5.0
Microsoft Visual C++

Strings analysis - File found

Library
ADVAPI32.dll
MSVCRT.dll
WSOCK32.dll
OLEAUT32.dll
oledlg.dll
COMCTL32.dll
ole32.dll
USER32.dll
SHELL32.dll
GDI32.dll
KERNEL32.dll
OLEPRO32.DLL
IPHLPAPI.DLL
PSAPI.DLL
COMDLG32.dll

Import functions