wrapper_2019103116_windows_x86_64[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

wrapper_2019103116_windows_x86_64.exe
Size

1.2MB
MD5

c2f8efd8ff957c8e9ba3f33ddc550b67
SHA1

f5e260f242cddbe1365144106364579d05523f4a
SHA256

a7c8d5523446be4119589d679464db8411b48a1f09a2f5e686f10c4242214d9c
SHA512

293dc3aab4632fcc05b8dcd2c58a39d4592b13f62b31d9e7a03f03299af08c52d2c19d76f8f929b4b12ea25a97af3fba8ec739eb2333486c00d6883834852b91
SSDEEP

24576:00SVGodhcDhF8MIwGLf5KR0IcgqpIYLq7E93P9gf03kGzZ:00SVGMhcDhFSwyKR0IcgqpIYLq7Yf9eW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
wrapper_2019103116_windows_x86_64.exe

Files

wrapper_2019103116_windows_x86_64.exe
.exe windows x64

fe005040d37f184011b1c78377fa1673

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileAttributesA
DeleteFileA
FindFirstFileA
FindNextFileA
CopyFileA
MoveFileExA
LocalAlloc
OpenProcess
GetCurrentProcessId
TerminateProcess
OpenThread
SuspendThread
QueryInformationJobObject
CreateToolhelp32Snapshot
Thread32First
Thread32Next
LocalFree
FormatMessageW
ExpandEnvironmentStringsA
SetCurrentDirectoryA
MultiByteToWideChar
WideCharToMultiByte
GetProcessTimes
GetCurrentThread
GetThreadTimes
DebugBreak
WaitForSingleObject
Sleep
GetSystemTimeAsFileTime
CreateMutexA
GetModuleFileNameA
GetProcAddress
HeapAlloc
HeapFree
GetProcessHeap
GetModuleHandleA
GetVersionExA
GetCurrentThreadId
GetThreadContext
IsDebuggerPresent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ReleaseMutex
WaitForMultipleObjects
DuplicateHandle
MapViewOfFile
UnmapViewOfFile
CreateEventA
CreateFileMappingA
OutputDebugStringA
FreeLibrary
SetLastError
LoadLibraryA
GetEnvironmentVariableA
SetUnhandledExceptionFilter
GetVersion
GetStdHandle
ReadFile
GetFileTime
SetFileTime
GetLocalTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
DosDateTimeToFileTime
GetDriveTypeA
GetFullPathNameA
SetFileAttributesA
SetVolumeLabelA
GetVolumeInformationA
GetLocaleInfoA
GetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleMode
GetFileType
RemoveDirectoryA
GetFileAttributesW
lstrcmpiA
lstrcpynA
lstrlenA
CreateThread
SetThreadPriority
EncodePointer
DecodePointer
IsProcessorFeaturePresent
SetStdHandle
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetCommandLineA
GetDriveTypeW
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
HeapReAlloc
ExitThread
LoadLibraryExW
SetConsoleCtrlHandler
HeapSize
GetCPInfo
GetFileInformationByHandle
PeekNamedPipe
IsValidCodePage
GetACP
GetOEMCP
WriteFile
GetModuleFileNameW
FatalAppExitA
GetStartupInfoW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetModuleHandleW
CreateSemaphoreW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
CreateFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTimeZoneInformation
ReadConsoleW
FlushFileBuffers
GetStringTypeW
CreatePipe
MoveFileExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
GetFullPathNameW
WriteConsoleW
SetEnvironmentVariableA
GetFileAttributesExW
CreateDirectoryA
GetDiskFreeSpaceExA
RemoveDirectoryW
CreateDirectoryW
SetEnvironmentVariableW
DeleteFileW
OpenFileMappingA
GetTempFileNameA
CloseHandle
FindClose
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
ResumeThread
GetCurrentDirectoryA
CreateIoCompletionPort
GetLastError
CreateJobObjectA
CreateProcessA
GetExitCodeProcess
AssignProcessToJobObject
GetCurrentProcess
GetQueuedCompletionStatus
SetFilePointer
SetPriorityClass
SetInformationJobObject
SetFileAttributesW
CreateFileA

user32

CharToOemA
GetClassNameA
GetWindowTextA
GetForegroundWindow
GetWindowThreadProcessId
OemToCharA

advapi32

SetEntriesInAclA
GetSecurityDescriptorLength
LookupPrivilegeValueA
SetKernelObjectSecurity
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
IsValidSecurityDescriptor
IsValidAcl
IsValidSid
AdjustTokenPrivileges
OpenProcessToken
GetKernelObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
AllocateAndInitializeSid
FreeSid

shell32

SHGetFolderPathA

Sections

.text
Size: 853KB - Virtual size: 852KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe005040d37f184011b1c78377fa1673

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 853KB - Virtual size: 852KB

.rdata Size: 296KB - Virtual size: 295KB

.data Size: 22KB - Virtual size: 576KB

.pdata Size: 43KB - Virtual size: 43KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 853KB - Virtual size: 852KB

.rdata
Size: 296KB - Virtual size: 295KB

.data
Size: 22KB - Virtual size: 576KB

.pdata
Size: 43KB - Virtual size: 43KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB