SecuriteInfo[.]com[.]BScope[.]Trojan[.]Wacatac[.]27806[.]31148[.]exe

General

Target

SecuriteInfo.com.BScope.Trojan.Wacatac.27806.31148.exe
Size

84KB
MD5

e8db2da9ff67ccb1c459b730199988e0
SHA1

c5348f0aab1687e5e164b60f7333f1b8d879e653
SHA256

ff3bd4f234223d443e4641c59df7011a03d93f9624ecdaeb73cabdbd2fb8284c
SHA512

cd2142e1f8bd23d042c8e1f372f613f367f3003f0d7acae1293a805a05804625366d124f61275c6b6b611b5fc041104f2bba239b2715fea78a40efdd890a4382
SSDEEP

1536:7bZg1oRH3Wbf31KHaibre0FP5cz1r5voi1J4FArULGWL0JpyXhM9D:/2yRXW7poi71gP0JpL9D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.BScope.Trojan.Wacatac.27806.31148.exe

Files

SecuriteInfo.com.BScope.Trojan.Wacatac.27806.31148.exe
.exe windows x86

42bd66a7d93cb586e516de4ffe0b740a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
CompareStringW
CompareStringA
VirtualQuery
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
SetEndOfFile
GetOEMCP
GetACP
RtlUnwind
GetLocaleInfoA
GetCPInfo
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
ExitThread
CloseHandle
TlsSetValue
TlsGetValue
GetLastError
ResumeThread
CreateThread
GetModuleHandleA
GetCommandLineA
GetVersionExA
WriteFile
FlushFileBuffers
ReadFile
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
GetProcAddress
TlsFree
SetLastError
TlsAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetStdHandle
GetTimeZoneInformation
CreateFileA
LoadLibraryA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
SetEnvironmentVariableA

ws2_32

WSACleanup
WSAStartup
bind
listen
recvfrom
sendto
gethostbyname
htons
inet_addr
socket
connect
accept
getsockname
getpeername
inet_ntoa
send
closesocket
select
WSAGetLastError
recv

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

42bd66a7d93cb586e516de4ffe0b740a

Headers

File Characteristics

Imports

kernel32

ws2_32

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 41KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 41KB