UNWISE[.]EXE | Triage

Sharing

Copy URL Twitter E-mail

General

Target

UNWISE.EXE
Size

264KB
MD5

e3e7a497526f0d4859666583a252dc0b
SHA1

67bafac39679f5a86b8af3c8325c80a1b1cf139e
SHA256

202276d5115e50424303ea0077a3bc06e2fb597022b451f1be1c2a631cffa98d
SHA512

1bb70ed49d6123e4a87df3035a8bd7b792b3ae2cb759057056575e15f34d8bbab9fb7d6fb7ac32d24d28f87e4cadcdacd853dabce4d05ffdc8b35c2f89b26ca5
SSDEEP

1536:tooAXnUY3wB/LV2G2W9TqDFNMFQMFVzqgR+WHXLJs8s4XkGOBjGTMn1J3hlktaPY:0nUYbW9eUzqgR+W7JbOZnH4ageXZN4a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UNWISE.EXE

Files

UNWISE.EXE
.exe windows:4 windows x86

a4d91a5804503e1932c2480eb7ec4b0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
FindNextFileA
FindClose
GetFileAttributesA
SetFileAttributesA
_llseek
GetVersionExA
GetLocalTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
RemoveDirectoryA
MoveFileExA
LockResource
GetPrivateProfileIntA
DeleteFileA
FreeResource
SetErrorMode
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
SizeofResource
lstrcatA
_lcreat
_lwrite
_lclose
OpenFile
lstrcpynA
CreateProcessA
WaitForSingleObject
WritePrivateProfileStringA
_lread
GetDriveTypeA
GetSystemDirectoryA
_lopen
lstrcmpA
lstrcmpiA
GetModuleFileNameA
lstrlenA
lstrcpyA
GetTempPathA
GetTempFileNameA
CopyFileA
FindResourceA
LoadResource
MulDiv
GetPrivateProfileStringA
GetACP
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
VirtualAlloc
FreeEnvironmentStringsA
HeapCreate
HeapDestroy
VirtualFree
GetCPInfo
ReadFile
WinExec
SetFilePointer
WriteFile
GetStdHandle
SetHandleCount
SetStdHandle
GetCurrentProcess
TerminateProcess
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
HeapFree
HeapAlloc
MoveFileA
GetFullPathNameA
CreateFileA
GetFileType
SetEndOfFile
CloseHandle
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
RtlUnwind
GetLastError
GetOEMCP

user32

RegisterClassA
LoadBitmapA
LoadIconA
UpdateWindow
ShowWindow
PeekMessageA
SetTimer
TranslateMessage
DdeUninitialize
GetSystemMetrics
SetWindowTextA
GetMessageA
GetSysColor
LoadCursorA
SetCursor
EnableWindow
IsWindowVisible
CreateDialogParamA
IsDialogMessageA
PostMessageA
MessageBoxA
wsprintfA
ExitWindowsEx
CreateWindowExA
ReleaseDC
InvalidateRect
DefWindowProcA
PostQuitMessage
EndPaint
GetClientRect
BeginPaint
GetDC
MoveWindow
GetWindowRect
SetDlgItemTextA
EndDialog
GetDialogBaseUnits
FillRect
DrawIcon
LoadStringA
GetParent
EnumChildWindows
FindWindowA
DialogBoxParamA
SendMessageA
DdeCreateDataHandle
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeFreeDataHandle
DdeDisconnect
DestroyWindow
SendDlgItemMessageA
OemToCharA
SetFocus
ScreenToClient
GetWindowTextA
GetDlgItem
DispatchMessageA
FrameRect
KillTimer
GetDlgItemTextA
DdeGetData

gdi32

GetStockObject
DeleteDC
BitBlt
CreateCompatibleDC
PatBlt
CreateSolidBrush
SelectObject
RealizePalette
SelectPalette
ExtTextOutA
SetBkColor
GetTextExtentPointA
CreateFontIndirectA
GetDeviceCaps
StretchBlt
CreateCompatibleBitmap
CreateDIBitmap
CreatePalette
GetObjectA
DeleteObject

comdlg32

GetOpenFileNameA

advapi32

RegEnumValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
OpenSCManagerA
RegDeleteKeyA
RegEnumKeyExA
RegDeleteValueA
RegSetValueA
RegSetValueExA
RegEnumKeyA
RegOpenKeyA
DeleteService
ControlService
OpenServiceA

Exports

Exports

_ItemDlg@16
_MainWndProc@16
_SharedDlg@16

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4d91a5804503e1932c2480eb7ec4b0c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 13KB - Virtual size: 15KB

.rsrc Size: 192KB - Virtual size: 192KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 13KB - Virtual size: 15KB

.rsrc
Size: 192KB - Virtual size: 192KB