wrapper[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

wrapper.exe
Size

369KB
MD5

9a9c7bddbf8be5afe828eed51906954a
SHA1

9716c52a0ce859557f09b6d68dfeb5c47ee12ed1
SHA256

d47090a13c7320d10ca942ba1a7937cee1fee8e41795a49ba35cdb32648875c2
SHA512

8d5dc028f27b3217b2a84f8e0c932071e53af317733cdcee4167ded69cdc80260d4c97e6352e77b9a0a5b45e6f0280ffc6187392dcb9146390315498f4c0181e
SSDEEP

6144:ZT7CLJyjPz7rmbYK6ay7nieLL11n9mHAe:ZTwJYrDK6ay7nied

Score

1^/10

Malware Config

Signatures

Files

wrapper.exe
.exe windows:5 windows x86

264bc1679a131f5abe5d557107d73011

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

97:06:fe:b5:6e:56:cc:cb:66:3a:bb:55:a7:a0:e4:76
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

12-11-2010 00:00

Not After

12-11-2015 23:59

Subject

CN=Tanuki Software Ltd.,O=Tanuki Software Ltd.,POSTALCODE=134-0088,STREET=6-16-7-1001 Nishi-Kasai\, Edogawa-ku,L=Tokyo,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

74:1f:9d:62:27:14:70:a3:f5:f2:1a:21:58:bf:2a:92:85:d3:da:e5
Signer

Actual PE Digest

74:1f:9d:62:27:14:70:a3:f5:f2:1a:21:58:bf:2a:92:85:d3:da:e5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetGetUniversalNameW

shell32

ShellExecuteExW

netapi32

NetWkstaGetInfo
NetApiBufferFree

wsock32

WSAGetLastError
gethostname
inet_addr
ioctlsocket
htons
ntohs
recv
bind
socket
closesocket
send
listen
accept
inet_ntoa
WSAStartup

shlwapi

PathIsDirectoryW
PathFindOnPathW

advapi32

DeleteService
OpenServiceW
LsaOpenPolicy
StartServiceCtrlDispatcherW
OpenSCManagerW
LsaQueryInformationPolicy
OpenProcessToken
CloseServiceHandle
CreateServiceW
LsaFreeMemory
QueryServiceConfigW
ConvertSidToStringSidW
ControlService
RegisterServiceCtrlHandlerW
LsaNtStatusToWinError
RegEnumValueW
SetServiceStatus
LsaClose
QueryServiceStatus
StartServiceW
LookupAccountSidW
LookupAccountNameW
RegQueryInfoKeyW
RegQueryValueExW
LsaAddAccountRights
RegisterEventSourceW
RegCreateKeyW
DeregisterEventSource
RegOpenKeyExW
ReportEventW
RegCloseKey
RegSetValueExW
GetTokenInformation

user32

GetWindowPlacement
GetSystemMetrics
FindWindowW
SetWindowPlacement
IsWindowVisible

crypt32

CryptDecodeObject
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose

wintrust

WinVerifyTrust

pdh

PdhOpenQueryW
PdhCollectQueryData
PdhGetFormattedCounterValue

kernel32

FreeEnvironmentStringsW
SetEnvironmentVariableA
GetStringTypeW
GetDriveTypeA
LCMapStringW
InitializeCriticalSectionAndSpinCount
CreateFileA
LoadLibraryA
GetCommandLineW
GetTickCount
LCMapStringA
GetStringTypeA
GetLocaleInfoA
EnumSystemLocalesA
GetCurrentDirectoryA
RtlUnwind
GetStartupInfoA
SetHandleCount
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
CompareStringW
RaiseException
HeapSize
CompareStringA
GetModuleHandleA
lstrcmpA
GetProcessHeap
SetEndOfFile
SetFilePointer
GetConsoleCP
SetLastError
TlsFree
MultiByteToWideChar
GetLastError
CreateMutexW
WaitForSingleObject
Sleep
FormatMessageW
WriteConsoleW
GetModuleFileNameW
lstrlenW
GetCurrentThreadId
ReleaseMutex
CloseHandle
LocalFree
GetFullPathNameW
GetACP
PeekNamedPipe
GetEnvironmentStringsW
ConnectNamedPipe
GetModuleHandleW
CreateNamedPipeW
WriteFile
WideCharToMultiByte
GetLocaleInfoW
GetVersionExW
TerminateProcess
ReadFile
GetThreadLocale
GetProcAddress
GetSystemInfo
GetEnvironmentVariableW
SetPriorityClass
GetDriveTypeW
AllocConsole
FreeLibrary
CreateProcessW
GetCurrentProcess
QueryPerformanceCounter
GetUserDefaultLCID
GenerateConsoleCtrlEvent
OpenProcess
LoadLibraryW
GetExitCodeProcess
FileTimeToSystemTime
CreateFileW
FlushFileBuffers
SetThreadLocale
GetStdHandle
GetCurrentDirectoryW
GetLocalTime
LocalAlloc
SetConsoleCtrlHandler
GlobalMemoryStatusEx
CreatePipe
SetConsoleTitleW
QueryPerformanceFrequency
DuplicateHandle
FileTimeToLocalFileTime
GetCurrentProcessId
lstrcpyW
CreateThread
ExpandEnvironmentStringsW
HeapAlloc
GetFileType
HeapFree
EnterCriticalSection
LeaveCriticalSection
FindClose
FindFirstFileW
DeleteFileW
GetTimeZoneInformation
GetSystemTimeAsFileTime
MoveFileW
SetEnvironmentVariableW
SetCurrentDirectoryW
InterlockedDecrement
SetStdHandle
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
ExitProcess
FindNextFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue

Sections

.text
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

264bc1679a131f5abe5d557107d73011

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

97:06:fe:b5:6e:56:cc:cb:66:3a:bb:55:a7:a0:e4:76Certificate

Extended Key Usages

Key Usages

74:1f:9d:62:27:14:70:a3:f5:f2:1a:21:58:bf:2a:92:85:d3:da:e5Signer

Headers

DLL Characteristics

File Characteristics

Imports

mpr

shell32

netapi32

wsock32

shlwapi

advapi32

user32

crypt32

wintrust

pdh

kernel32

Sections

.text Size: 224KB - Virtual size: 224KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 5KB - Virtual size: 146KB

.rsrc Size: 26KB - Virtual size: 26KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

97:06:fe:b5:6e:56:cc:cb:66:3a:bb:55:a7:a0:e4:76
Certificate

74:1f:9d:62:27:14:70:a3:f5:f2:1a:21:58:bf:2a:92:85:d3:da:e5
Signer

.text
Size: 224KB - Virtual size: 224KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 5KB - Virtual size: 146KB

.rsrc
Size: 26KB - Virtual size: 26KB