Trojan-Spy[.]Win32[.]BitWall[.]wk-43fbc1ee5c4ef4a5bfdbbd67407c4364e6cf205475250f97138f55db4c77002c[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Trojan-Spy.Win32.BitWall.wk-43fbc1ee5c4ef4a5bfdbbd67407c4364e6cf205475250f97138f55db4c77002c.exe
Size

96KB
MD5

df80cbaadb754de14c97dc05995fdc4a
SHA1

6f9369c9d2f174b4abd642d4fb43cff690f364df
SHA256

43fbc1ee5c4ef4a5bfdbbd67407c4364e6cf205475250f97138f55db4c77002c
SHA512

cccf010d4344bd574dea5a254800207b8603b1ff2dcae8d4b341c4368976544ebee9fc68632701be3ab41098ab0c6b64f2b61f27063a068777e3bc440bac01d7
SSDEEP

1536:umsz2jF1PzSg1dPVHT4MVyU3NJZfA1111111bilpPXvlMq12Kpuyjg1kFa:hdPV8uyU3zJA1111111bilpPX6q2y8kc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Trojan-Spy.Win32.BitWall.wk-43fbc1ee5c4ef4a5bfdbbd67407c4364e6cf205475250f97138f55db4c77002c.exe

Files

Trojan-Spy.Win32.BitWall.wk-43fbc1ee5c4ef4a5bfdbbd67407c4364e6cf205475250f97138f55db4c77002c.exe
.exe windows x86

7638178220a198ac0c8dde08f7814d51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
GetFileType
GetComputerNameA
GetConsoleOutputCP
GetEnvironmentVariableA
GetCommandLineA
HeapReAlloc
GetModuleFileNameA
lstrcpyA
CompareStringW
GetVersion
CreateEventA
HeapAlloc
FileTimeToSystemTime
GetProfileStringW
GlobalCompact
VirtualFree
CreateMutexA
CompareStringA
lstrcpyW
FoldStringW
LockResource
QueueUserAPC
GlobalSize
InitializeCriticalSection
CreateThread
LCMapStringA
DeleteFileA
GetEnvironmentStringsW
GetConsoleMode
SystemTimeToFileTime
SleepEx
ExitProcess
HeapDestroy
CreateFileMappingW
DosDateTimeToFileTime
LoadResource
GetLocaleInfoW
GlobalFree
WaitForMultipleObjects
GetStringTypeW
MoveFileExA
GetStringTypeA
LCMapStringW
MultiByteToWideChar
GetLocaleInfoA
HeapSize
RtlUnwind
IsValidCodePage
GetOEMCP
GetCPInfo
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapFree
HeapCreate
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
DeleteCriticalSection
SearchPathA
ReadFile
GetModuleHandleW
GetHandleInformation
DebugSetProcessKillOnExit
GetACP
lstrcmpiW
GetModuleHandleA
QueryDosDeviceW
GetSystemTime
FindResourceA
SetHandleCount
WideCharToMultiByte
FreeEnvironmentStringsW
LoadLibraryA
GlobalAddAtomW
OpenJobObjectW
DefineDosDeviceW
LoadLibraryW
VirtualAlloc
LoadLibraryExA
GetProcAddress
GetLastError
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
WriteFile
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep

user32

CallWindowProcA
EndDialog
ReleaseDC
GetDlgItemTextW
GetWindowTextW
LoadCursorW
SetCapture
HideCaret
RegisterWindowMessageW
CharNextW
CheckMenuItem
ChildWindowFromPoint
FindWindowA
DeleteMenu
GetClientRect
TranslateAcceleratorA
EnableWindow
TrackPopupMenuEx
GetDesktopWindow
DefWindowProcA
GetDlgItem
CallWindowProcW
GetSubMenu
EndPaint
GetMenuItemCount
IsChild
SetMenu
GetDialogBaseUnits
KillTimer
OpenClipboard
IsIconic
GetProcessDefaultLayout
TranslateAcceleratorW
CloseClipboard
RegisterClassExW
SetWindowLongA
MsgWaitForMultipleObjects
InflateRect

gdi32

ExtTextOutA
StartDocA
AbortDoc
EndPage
GetTextExtentPoint32A
GetTextMetricsA
CreateCompatibleBitmap
CreateFontIndirectA
SetBkMode
GetObjectW

winspool.drv

GetPrinterDriverW
ClosePrinter

comdlg32

GetSaveFileNameA
ReplaceTextW
ChooseFontW

advapi32

RegCloseKey
OpenSCManagerA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueExA

shell32

ShellExecuteExA
ShellAboutW
DragFinish

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7638178220a198ac0c8dde08f7814d51

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 15KB - Virtual size: 15KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 15KB - Virtual size: 15KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 5KB - Virtual size: 4KB