672649c2187d489367860d485daa48e8_bugat_cryptowall_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

672649c2187d489367860d485daa48e8_bugat_cryptowall_JC.exe
Size

365KB
MD5

672649c2187d489367860d485daa48e8
SHA1

cc90f3a2a63b84c7fc862ae62e51d3edd5b4fd4a
SHA256

1a5ae722d4356a41bf9303a8c52470d023e81e42e0c9dbbaa72793440c10bf95
SHA512

ee98be3bbaec404438e2bce18003cfed1e083c0af74ae9c64735bf50cc6a021d9d92cf17d27f07a26617f8878771a6df3b022d5acd06d3375fad8fa4b5070d69
SSDEEP

6144:1qu4TEHPhVMyfDNfFrcb21rSPavWRooktGxOerqmKE9oCvsZ8g3+eeaYVCvv:1qDTEHPhKidFIaWwoktGxWE9S3CC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
672649c2187d489367860d485daa48e8_bugat_cryptowall_JC.exe

Files

672649c2187d489367860d485daa48e8_bugat_cryptowall_JC.exe
.exe windows x64

c410a0d21e5f572bdb876f852f8f6ef7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GlobalFindAtomW
CompareStringW
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
SetEndOfFile
ReadConsoleW
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableW
FindResourceA
lstrlenW
lstrlenA
lstrcmpW
FormatMessageW
MulDiv
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleA
FreeLibrary
GetSystemTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
LCMapStringW
GetStartupInfoW
CreateProcessA
GetCurrentThreadId
CreateThread
WriteConsoleW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFilePointerEx
GetCurrentProcessId
Sleep
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
QueryPerformanceCounter
GetLastError
RaiseException
CloseHandle
WriteFile
ReadFile
GetFileType
CreateFileW
RtlVirtualUnwind
RtlUnwindEx
GetFileSizeEx
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
GetConsoleOutputCP

user32

LoadStringW
EmptyClipboard

advapi32

InitializeSecurityDescriptor
FreeSid
GetLengthSid
IsValidSid
SetSecurityDescriptorDacl
RegCloseKey
RegCreateKeyA
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegGetValueW
CopySid

ole32

CoCreateInstance
CoInitialize
CoCreateGuid
CoUninitialize

shell32

ShellAboutW
SHGetSpecialFolderPathW

oleaut32

BSTR_UserFree

shlwapi

ShellMessageBoxA

comctl32

ImageList_Destroy
ImageList_Add
ImageList_Create

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

winmm

timeGetTime

uxtheme

IsThemeActive
BufferedPaintClear

gdi32

CreatePatternBrush
CreateSolidBrush
GetRgnBox
CreateCompatibleBitmap
CombineRgn
CreateRectRgn
CreateRectRgnIndirect
DeleteDC
EqualRgn
CreateFontIndirectW
GetDeviceCaps
GetStockObject
GetTextExtentPointW
GetTextExtentPoint32W
LineTo
SelectObject
SetBkColor
SetBkMode
SetRectRgn
SetTextColor
GetTextMetricsW
CreateDIBSection
ExtCreatePen
MoveToEx
GetObjectW
CreateCompatibleDC

winspool.drv

UploadPrinterDriverPackageA

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c410a0d21e5f572bdb876f852f8f6ef7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

comctl32

rpcrt4

winmm

uxtheme

gdi32

winspool.drv

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 208KB - Virtual size: 208KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 208KB - Virtual size: 208KB

.reloc
Size: 2KB - Virtual size: 1KB