Wakeful[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Wakeful.exe
Size

356KB
MD5

5f07ea51a3f3fa73892607b91d784ece
SHA1

1d528ed05e9df93af01d899a1e7d38c92979ebe4
SHA256

c1cfba23dbe0385937a4306fbccb934ba4234c502993080b7cfacc171ada4ec1
SHA512

807cc4bdf707403a154cfa26998817198c486c99c8a64e4401cc0016f2b59e301b355f2a6c69307a41d8f87c1bb7f6e7d1e4076e8c8a4eb38195e3db05114bd6
SSDEEP

6144:U85P82c2UYd/8CzLAzctn4uHqQHcRoWGZU2SNUjtISTc3WXmy2vsyCf:U8V8qU4kCvjxkGZkNU1TL2vs/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Wakeful.exe

Files

Wakeful.exe
.exe windows x86

48e414e431433a62713440d22abb8343

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

gethostbyname

winmm

mixerOpen

version

VerQueryValueW

comctl32

ImageList_Create

psapi

GetModuleBaseNameW

wininet

InternetOpenW

user32

GetDC

gdi32

BitBlt

comdlg32

GetSaveFileNameW

advapi32

RegCloseKey

shell32

DragFinish

ole32

CoGetObject

oleaut32

SafeArrayGetLBound

Sections

.MPRESS1
Size: 313KB - Virtual size: 876KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE