SecuriteInfo[.]com[.]BScope[.]Trojan[.]Wacatac[.]17556[.]3755

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.BScope.Trojan.Wacatac.17556.3755
Size

340KB
MD5

6d04b8bbd16cbac4e0a7a2af73010fb4
SHA1

11d96a81bbf83e834381c7729cdfbc3796db0d18
SHA256

1b3502ee01dc062c93fb6bc9424bd9accfd488bee939ed538428a94f37d1d74a
SHA512

3e7d72e33bae5539c6317c163f4d10e55126e73c06031a250bcf22503b30cde68a06b8bc3a5478b253f22fafee7c6482015a8a9baa4fdb91fbb7de6971962bff
SSDEEP

6144:cnLIDAOGf/PzbKVZIU9YcXd82tRUnXzCm:cnLcsiMU3tbih

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.BScope.Trojan.Wacatac.17556.3755

Files

SecuriteInfo.com.BScope.Trojan.Wacatac.17556.3755
.exe windows x86

bafcab10f55cf781a90c00a3e38433b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
GlobalUnlock
GlobalFree
GetTickCount
CreateEventA
GlobalLock
SetEndOfFile
CreateThread
GetThreadPriority
WaitForMultipleObjects
SetThreadPriority
GetCurrentThread
GetFileSize
GetComputerNameA
ReleaseMutex
CreateMutexA
ResetEvent
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
LockResource
SizeofResource
LoadResource
FindResourceA
GetModuleHandleA
FindNextFileA
FindClose
GetLastError
FindFirstFileA
GetCurrentThreadId
SetUnhandledExceptionFilter
ExitProcess
GetACP
LocalFree
LocalAlloc
GetCurrentProcess
GetVersionExA
DeleteCriticalSection
LoadLibraryA
RemoveDirectoryA
GetProcAddress
CompareStringA
FlushFileBuffers
WriteConsoleW
SetCurrentDirectoryA
CreateDirectoryA
MultiByteToWideChar
WideCharToMultiByte
SetFilePointer
DeleteFileA
GetTempPathA
WinExec
SetEnvironmentVariableA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetTempFileNameA
CopyFileA
GetEnvironmentVariableA
CreateProcessA
GetFileAttributesA
Sleep
WriteFile
FreeLibrary
CloseHandle
ReadFile
InitializeCriticalSection
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RtlUnwind
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapReAlloc
VirtualAlloc
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetOEMCP
GetCPInfo
GetTimeZoneInformation
RaiseException
GetModuleFileNameA
GetStdHandle
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
CompareStringW
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
GetProcessHeap
HeapAlloc
HeapFree
GetCommandLineA
GetSystemTimeAsFileTime

advapi32

RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
GetSidSubAuthority
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetAce
InitializeAcl
AddAccessAllowedAce
GetSidLengthRequired
InitializeSid
SetFileSecurityA
RegDeleteValueA

comctl32

PropertySheetA
ord17
CreateToolbarEx

comdlg32

GetOpenFileNameA
GetSaveFileNameA

gdi32

DeleteObject
DeleteDC
CreateDIBitmap
GetTextExtentPoint32A
CreateSolidBrush
GetObjectA
CreatePen
SelectObject
SetTextColor
LineTo
MoveToEx
GetStockObject
CreateCompatibleDC
CreateFontIndirectA
CreateFontA
BitBlt
CreateCompatibleBitmap

msacm32

acmStreamSize
acmStreamClose
acmStreamPrepareHeader
acmStreamConvert
acmStreamOpen
acmStreamUnprepareHeader

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

OleLoadPicture

shell32

ShellExecuteA
SHChangeNotify

user32

FillRect
GetDlgCtrlID
LoadCursorA
EnableWindow
ReleaseCapture
FrameRect
GetWindowWord
GetCapture
SetWindowWord
BeginPaint
SetFocus
IsWindowEnabled
GetFocus
SetCapture
SetCursor
EndPaint
DestroyIcon
CallWindowProcA
IsWindowVisible
DispatchMessageA
IsWindow
GetSysColorBrush
SetWindowPos
EndDialog
IsDialogMessageA
RemovePropA
DrawTextA
IsIconic
MapDialogRect
GetMessageA
ClientToScreen
InsertMenuA
CreatePopupMenu
GetKeyState
CreateDialogParamA
MapVirtualKeyA
GetKeyNameTextA
GetDesktopWindow
ScreenToClient
AppendMenuA
GetWindowPlacement
SetForegroundWindow
IsZoomed
PostQuitMessage
SetWindowPlacement
MsgWaitForMultipleObjects
SetActiveWindow
UpdateWindow
KillTimer
GetWindowTextA
GetDlgItemTextA
CallNextHookEx
GetDC
SetWindowsHookExA
UnhookWindowsHookEx
LoadImageA
GetWindowLongA
PeekMessageA
GetDlgItemInt
DefWindowProcA
RegisterClassA
TranslateMessage
CreateWindowExA
MessageBoxA
MoveWindow
CheckMenuItem
SetDlgItemTextA
DialogBoxParamA
DestroyMenu
GetCursorPos
GetDlgItem
EnableMenuItem
CheckMenuRadioItem
GetMenu
SendMessageA
GetClientRect
LoadMenuA
GetParent
GetSubMenu
TrackPopupMenu
SendDlgItemMessageA
GetWindowRect
SetTimer
DestroyWindow
IsDlgButtonChecked
SetWindowTextA
GetWindowDC
InvalidateRect
ReleaseDC
GetSysColor
ShowWindow
PostMessageA
GetPropA
SetPropA
SetWindowLongA
FindWindowA
GetActiveWindow
CheckDlgButton

winmm

waveOutClose
waveOutGetNumDevs
mixerGetID
waveOutSetVolume
mixerGetLineControlsA
mixerGetLineInfoA
mixerSetControlDetails
waveOutGetDevCapsA
waveOutPrepareHeader
waveOutOpen
waveOutUnprepareHeader
waveOutReset
waveOutWrite

ws2_32

send
gethostbyname
closesocket
__WSAFDIsSet
socket
recv
setsockopt
htons
WSAGetLastError
select
inet_addr
connect
ioctlsocket
WSAStartup

Sections

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bafcab10f55cf781a90c00a3e38433b5

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

comdlg32

gdi32

msacm32

ole32

oleaut32

shell32

user32

winmm

ws2_32

Sections

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 164KB - Virtual size: 169KB

.rsrc Size: 116KB - Virtual size: 112KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 164KB - Virtual size: 169KB

.rsrc
Size: 116KB - Virtual size: 112KB