wrapper_2019121301_windows_x86_64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

wrapper_2019121301_windows_x86_64.exe
Size

1.2MB
MD5

e51401d5319de8caddb3c15cf3d7b346
SHA1

b940c302b0c6408514b9ba8072e66a6a668ed357
SHA256

86d7b956e180a997f26acbec81f3fe22091ffb27b272c3936d7eeae22ac48bc7
SHA512

92ef35221b35072268963c96d5cacb3fcdc20ef3f1c0be8f10fbb1ba08303dd14829299006d24aeb66e2d30d7fdf9e6a56a1c5b904bb09ed609b9bd4dcbc15aa
SSDEEP

24576:6n5Nh2VB/fQbH91TelNnbrOOnRQh8YoduE+Og1XoRtlPoQr6Ry+M3a0xoq:6n5Nh2L/fQx1ToNHOOnQ8YoduExg1XoX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
wrapper_2019121301_windows_x86_64.exe

Files

wrapper_2019121301_windows_x86_64.exe
.exe windows x64

1240fa74d78129232d304e385e651fd5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OpenProcess
GetCurrentProcessId
TerminateProcess
OpenThread
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
LocalFree
FormatMessageW
ExpandEnvironmentStringsA
SetCurrentDirectoryA
MultiByteToWideChar
WideCharToMultiByte
GetProcessTimes
GetCurrentThread
GetThreadTimes
DebugBreak
WaitForSingleObject
Sleep
GetSystemTimeAsFileTime
CreateMutexA
GetModuleFileNameA
GetProcAddress
HeapAlloc
HeapFree
GetProcessHeap
GetModuleHandleA
GetVersionExA
GetCurrentThreadId
GetThreadContext
IsDebuggerPresent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ReleaseMutex
WaitForMultipleObjects
DuplicateHandle
MapViewOfFile
UnmapViewOfFile
CreateEventA
CreateFileMappingA
OutputDebugStringA
FreeLibrary
SetLastError
LoadLibraryA
GetEnvironmentVariableA
SetUnhandledExceptionFilter
GetVersion
GetStdHandle
ReadFile
GetFileTime
SetFileTime
GetLocalTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
DosDateTimeToFileTime
GetDriveTypeA
GetFullPathNameA
SetFileAttributesA
SetVolumeLabelA
GetVolumeInformationA
GetLocaleInfoA
GetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleMode
GetFileType
SetFileAttributesW
GetFileAttributesW
lstrcmpiA
lstrcpynA
MoveFileExA
CreateThread
SetThreadPriority
EncodePointer
DecodePointer
IsProcessorFeaturePresent
SetStdHandle
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetCommandLineA
GetDriveTypeW
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
HeapReAlloc
ExitThread
LoadLibraryExW
SetConsoleCtrlHandler
HeapSize
GetCPInfo
GetFileInformationByHandle
PeekNamedPipe
IsValidCodePage
GetACP
GetOEMCP
WriteFile
GetModuleFileNameW
FatalAppExitA
GetStartupInfoW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetModuleHandleW
CreateSemaphoreW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
CreateFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTimeZoneInformation
ReadConsoleW
FlushFileBuffers
GetStringTypeW
CreatePipe
MoveFileExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
GetFullPathNameW
WriteConsoleW
SetEnvironmentVariableA
GetFileAttributesExW
CopyFileA
FindNextFileA
RemoveDirectoryW
CreateDirectoryW
SetEnvironmentVariableW
DeleteFileW
OpenFileMappingA
FindFirstFileA
DeleteFileA
GetFileAttributesA
RemoveDirectoryA
CreateDirectoryA
GetDiskFreeSpaceExA
GetTempFileNameA
CloseHandle
FindClose
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
GetCurrentDirectoryA
GetLastError
CreateProcessA
GetExitCodeProcess
GetCurrentProcess
SetFilePointer
SetPriorityClass
lstrlenA
LocalAlloc
CreateFileA

user32

CharToOemA
GetClassNameA
GetWindowTextA
GetForegroundWindow
GetWindowThreadProcessId
OemToCharA

advapi32

SetEntriesInAclA
GetSecurityDescriptorLength
LookupPrivilegeValueA
SetKernelObjectSecurity
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
IsValidSecurityDescriptor
IsValidAcl
IsValidSid
AdjustTokenPrivileges
OpenProcessToken
GetKernelObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
AllocateAndInitializeSid
FreeSid

shell32

SHGetFolderPathA

Sections

.text
Size: 852KB - Virtual size: 852KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1240fa74d78129232d304e385e651fd5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 852KB - Virtual size: 852KB

.rdata Size: 295KB - Virtual size: 295KB

.data Size: 22KB - Virtual size: 546KB

.pdata Size: 43KB - Virtual size: 43KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 852KB - Virtual size: 852KB

.rdata
Size: 295KB - Virtual size: 295KB

.data
Size: 22KB - Virtual size: 546KB

.pdata
Size: 43KB - Virtual size: 43KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB