wrapper_2019092401_windows_x86_64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

wrapper_2019092401_windows_x86_64.exe
Size

1.2MB
MD5

075d5430184105df8961faf37b5b88ff
SHA1

405772ab7d845d3e71ffca9a3c8ff15a34a03acd
SHA256

e94adc21df9c49643fbab1a54d48363c8188caede30f4455bc4758f33ef38eea
SHA512

c9add3171d72e98143b3327a8c654b0c837322777cd6c83889c131317f13dc56912049048cd1a11c9dbb9bd5e44646e056bedfe64bd69fbb169281c61022565f
SSDEEP

24576:nf8/A8InhoIeKrY+AnmkSd8EIB2TamsYraxuwzUE7MrDD0zca:nf8/A5nhok8Tmp8EIB2TamsYraxuwwYf

Score

1^/10

Malware Config

Signatures

Files

wrapper_2019092401_windows_x86_64.exe
.exe windows x64

d63f3fea8ff6424ca6db18fe8f85cadb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

72:33:9f:7f:32:97:46:24:71:b4:47:67:23:08:62:f8
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/01/2019, 00:00

Not After

02/01/2021, 23:59

Subject

CN=Grid Republic (COMPUTATIONAL CHARITY PROJECT INC),O=Grid Republic (COMPUTATIONAL CHARITY PROJECT INC),POSTALCODE=02139,STREET=42 Maple Ave #3,L=Cambridge,ST=MA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c1:1b:31:55:90:5a:88:f3:88:ae:5b:5a:76:24:32:70:0e:df:0b:f8
Signer

Actual PE Digest

c1:1b:31:55:90:5a:88:f3:88:ae:5b:5a:76:24:32:70:0e:df:0b:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileAttributesA
DeleteFileA
FindFirstFileA
FindNextFileA
CopyFileA
MoveFileExA
OpenProcess
GetCurrentProcessId
TerminateProcess
OpenThread
SuspendThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
LocalFree
FormatMessageW
ExpandEnvironmentStringsA
SetCurrentDirectoryA
MultiByteToWideChar
WideCharToMultiByte
GetProcessTimes
GetCurrentThread
GetThreadTimes
DebugBreak
WaitForSingleObject
Sleep
GetSystemTimeAsFileTime
CreateMutexA
GetModuleFileNameA
GetProcAddress
HeapAlloc
HeapFree
GetProcessHeap
GetModuleHandleA
GetVersionExA
GetCurrentThreadId
GetThreadContext
IsDebuggerPresent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ReleaseMutex
WaitForMultipleObjects
DuplicateHandle
MapViewOfFile
UnmapViewOfFile
CreateEventA
CreateFileMappingA
OutputDebugStringA
FreeLibrary
SetLastError
LoadLibraryA
GetEnvironmentVariableA
SetUnhandledExceptionFilter
GetVersion
GetStdHandle
ReadFile
GetFileTime
SetFileTime
GetLocalTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
DosDateTimeToFileTime
GetDriveTypeA
GetFullPathNameA
SetFileAttributesA
SetVolumeLabelA
GetVolumeInformationA
GetLocaleInfoA
GetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleMode
GetFileType
SetFileAttributesW
RemoveDirectoryA
lstrcmpiA
lstrcpynA
lstrlenA
CreateThread
SetThreadPriority
EncodePointer
DecodePointer
IsProcessorFeaturePresent
SetStdHandle
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetCommandLineA
GetDriveTypeW
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
HeapReAlloc
ExitThread
LoadLibraryExW
SetConsoleCtrlHandler
HeapSize
GetCPInfo
GetFileInformationByHandle
PeekNamedPipe
IsValidCodePage
GetACP
GetOEMCP
WriteFile
GetModuleFileNameW
FatalAppExitA
GetStartupInfoW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetModuleHandleW
CreateSemaphoreW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
CreateFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTimeZoneInformation
ReadConsoleW
FlushFileBuffers
GetStringTypeW
CreatePipe
MoveFileExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
GetFullPathNameW
WriteConsoleW
SetEnvironmentVariableA
GetFileAttributesExW
CreateDirectoryA
GetDiskFreeSpaceExA
RemoveDirectoryW
CreateDirectoryW
SetEnvironmentVariableW
DeleteFileW
OpenFileMappingA
GetTempFileNameA
CloseHandle
FindClose
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
ResumeThread
GetCurrentDirectoryA
CreateIoCompletionPort
GetLastError
CreateJobObjectA
CreateProcessA
GetExitCodeProcess
AssignProcessToJobObject
GetCurrentProcess
GetQueuedCompletionStatus
SetFilePointer
SetPriorityClass
SetInformationJobObject
GetFileAttributesW
LocalAlloc
CreateFileA

user32

CharToOemA
GetClassNameA
GetWindowTextA
GetForegroundWindow
GetWindowThreadProcessId
OemToCharA

advapi32

SetEntriesInAclA
GetSecurityDescriptorLength
LookupPrivilegeValueA
SetKernelObjectSecurity
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
IsValidSecurityDescriptor
IsValidAcl
IsValidSid
AdjustTokenPrivileges
OpenProcessToken
GetKernelObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
AllocateAndInitializeSid
FreeSid

shell32

SHGetFolderPathA

Sections

.text
Size: 852KB - Virtual size: 852KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d63f3fea8ff6424ca6db18fe8f85cadb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

72:33:9f:7f:32:97:46:24:71:b4:47:67:23:08:62:f8Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

c1:1b:31:55:90:5a:88:f3:88:ae:5b:5a:76:24:32:70:0e:df:0b:f8Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 852KB - Virtual size: 852KB

.rdata Size: 295KB - Virtual size: 295KB

.data Size: 22KB - Virtual size: 576KB

.pdata Size: 43KB - Virtual size: 43KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

72:33:9f:7f:32:97:46:24:71:b4:47:67:23:08:62:f8
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

c1:1b:31:55:90:5a:88:f3:88:ae:5b:5a:76:24:32:70:0e:df:0b:f8
Signer

.text
Size: 852KB - Virtual size: 852KB

.rdata
Size: 295KB - Virtual size: 295KB

.data
Size: 22KB - Virtual size: 576KB

.pdata
Size: 43KB - Virtual size: 43KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB