Static task
static1
General
-
Target
wscript.exe
-
Size
166KB
-
MD5
a47cbe969ea935bdd3ab568bb126bc80
-
SHA1
15f2facfd05daf46d2c63912916bf2887cebd98a
-
SHA256
34008e2057df8842df210246995385a0441dc1e081d60ad15bd481e062e7f100
-
SHA512
f5c81e6dc4d916944304fc85136e1ff6dee29a21e50a54fe6280a475343eccbfe094171d62475db5f38e07898c061126158c34d48b9d8f4f57f76d49e564e3fc
-
SSDEEP
3072:msNqucZTg4mNLGoo0uTQNA7VjU25B+WUZxtt:mssucZTtGjfuTQqhLB+nZh
Malware Config
Signatures
Files
-
wscript.exe.exe windows x64
e01813c5c2502009fb8afaddc70ac8bc
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
msvcrt
_swab
swprintf_s
strcpy_s
wcsrchr
_itow
_itow_s
memset
free
wcscat_s
_vsnwprintf
_wcsicmp
_wcsnicmp
wcsncmp
bsearch
_callnewh
malloc
sprintf_s
wcscpy_s
_vsnprintf
_beginthread
_endthread
__C_specific_handler
memcmp
memcpy
memmove
strcmp
oleaut32
VariantCopy
CreateErrorInfo
VariantInit
SafeArrayCreate
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayDestroy
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
SysAllocString
LoadRegTypeLi
SysFreeString
SysStringLen
SysAllocStringLen
VariantChangeType
SafeArrayCopy
VariantClear
SafeArrayGetLBound
SafeArrayGetElement
SysAllocStringByteLen
SetErrorInfo
kernel32
DeleteCriticalSection
GetCurrentThreadId
InitializeCriticalSection
GetPrivateProfileIntW
GetModuleHandleA
GetStartupInfoA
ExitProcess
LeaveCriticalSection
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetLocaleInfoW
GetCommandLineW
GetProcessHeap
HeapAlloc
GetCommandLineA
MultiByteToWideChar
EnterCriticalSection
GetPrivateProfileIntA
GetPrivateProfileStringA
WideCharToMultiByte
CreateFileW
HeapReAlloc
HeapFree
UnmapViewOfFile
CreateFileMappingA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetFullPathNameW
GetCPInfo
GetFileAttributesA
GetPrivateProfileStringW
GetACP
GetFileAttributesW
FindClose
FindFirstFileA
FindFirstFileW
GetConsoleMode
GetStdHandle
CreateEventA
CreateThread
SetEvent
GetUserDefaultLCID
FlushFileBuffers
GetTempFileNameA
GetSystemDirectoryA
CreateFileA
GetTempPathA
GetFileSize
LoadLibraryExA
WriteFile
MapViewOfFile
SearchPathW
GetVersionExA
CloseHandle
SetLastError
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetModuleFileNameW
GetVersionExW
FindResourceExW
LoadResource
GetFullPathNameA
FormatMessageA
LocalFree
FormatMessageW
GetProcAddress
CreateFileMappingW
FreeLibrary
LocalAlloc
LoadLibraryExW
user32
LoadStringW
IsWindowVisible
PostMessageA
MsgWaitForMultipleObjectsEx
GetClassNameA
SetTimer
RegisterClassA
DefWindowProcA
CreateWindowExA
TranslateMessage
GetClassInfoA
SendMessageA
EnumThreadWindows
PeekMessageA
PostThreadMessageA
GetWindowLongPtrA
GetMessageA
MsgWaitForMultipleObjects
LoadStringA
DispatchMessageA
KillTimer
PostQuitMessage
GetParent
SetWindowLongPtrA
MessageBoxW
GetActiveWindow
CharNextA
ole32
CoGetTreatAsClass
CreateFileMoniker
CoInitialize
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoCreateInstance
CreateBindCtx
CoInitializeSecurity
CLSIDFromProgID
CoRegisterMessageFilter
CLSIDFromString
CoRevokeClassObject
CoGetMalloc
CoRegisterClassObject
StringFromCLSID
MkParseDisplayName
CoGetClassObject
advapi32
RegQueryValueExA
LookupAccountNameW
RegOpenKeyExA
ReportEventW
RegisterEventSourceW
RegEnumKeyExA
IsTextUnicode
GetUserNameW
DeregisterEventSource
ImpersonateLoggedOnUser
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyA
RegSetValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyExW
RegQueryValueA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
version
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeW
Sections
.text Size: 83KB - Virtual size: 82KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ