privateloader | wgam_windows[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

wgam_windows.zip
Size

94.5MB
MD5

c94d922da06085398f2208f8fc1da36b
SHA1

7be8b21d257815ddb47ac0dc64c5917840658199
SHA256

cd27a6a968521080a99cd600ea7c5e03e8f620b1ce0b19f60fa540f4830036dd
SHA512

5ac724e8953ffb2dc34eb51a2e2675a318a1b7a084b0978afc8794f432edbb7b6c4430d9811c7ea03ef153c23f3b3203a077ed1822a65673d1c6e90bfc73bea4
SSDEEP

1572864:qT3aj+oK0R1MdzfTkJ+k+tBJJyXSgoPuwqwfVn5pZXLDJDgHUiWuFyctGYPfv:qT3aySoLkAfz/yXSg0uQfVnZ/8UiWu0m

Score

10^/10

privateloader

Malware Config

Signatures

Privateloader family
privateloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wgam_windows.exe

Files

wgam_windows.zip
.zip
wgam_windows.exe
.exe windows:4 windows x64 arch:x64

1b5031dfe417e10aec0a4aac4a2e9c55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

GetCurrentHwProfileA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

avrt

AvSetMmThreadCharacteristicsA
AvSetMmThreadPriority

bcrypt

BCryptGenRandom

dinput8

DirectInput8Create

dwmapi

DwmEnableBlurBehindWindow
DwmFlush
DwmIsCompositionEnabled

gdi32

BitBlt
ChoosePixelFormat
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
SelectObject
SetBkColor
SetPixelFormat
SetTextColor
SwapBuffers

imm32

ImmAssociateContext
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

iphlpapi

GetAdaptersAddresses
GetBestInterfaceEx

kernel32

AddVectoredExceptionHandler
AttachConsole
CloseHandle
CreateDirectoryW
CreateEventA
CreateMutexA
CreatePipe
CreateProcessW
CreateSemaphoreA
DeleteCriticalSection
DeleteFileW
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FormatMessageW
FreeLibrary
GetCommandLineW
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExA
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetHandleInformation
GetLastError
GetLocalTime
GetLocaleInfoEx
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNativeSystemInfo
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemPowerStatus
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameW
GetThreadContext
GetThreadPriority
GetTickCount
GetTickCount64
GetTimeZoneInformation
GetUserDefaultUILanguage
GetVolumeInformationW
GlobalAlloc
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LCIDToLocaleName
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ReplaceFileW
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEvent
SetHandleInformation
SetLastError
SetPriorityClass
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_commode
_endthreadex
_errno
_filelengthi64
_fileno
_fmode
_fstat64
_get_osfhandle
_getpid
_gmtime64
_initterm
_lock
_lseeki64
_onexit
_scprintf
_setjmp
_snprintf
_strdup
_strnicmp
fwprintf
_time64
_ultoa
_unlock
_vscprintf
_vsnprintf
_vsnprintf_s
_wchdir
_wfopen
_wfsopen
_wgetenv
_wrename
_wrmdir
_wstat64
_wunlink
abort
acos
asin
atan
atof
atoi
bsearch
calloc
cosh
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fputwc
fread
free
freopen_s
frexp
fseek
fsetpos
ftell
fwrite
getc
getenv
getwc
islower
isspace
isupper
iswctype
isxdigit
localeconv
log10
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
putwc
qsort
rand
realloc
remove
setlocale
setvbuf
signal
sinh
srand
strcat
strchr
strcmp
strcoll
strcpy
strcpy_s
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
strxfrm
tan
tanh
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcscpy_s
wcsftime
wcslen
wcsxfrm
_vsnprintf_s
longjmp
_write
_strdup
_read
_memicmp
_fileno
_fdopen
_close

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
PropVariantClear

opengl32

wglCreateContext
wglDeleteContext
wglGetProcAddress
wglMakeCurrent

shell32

CommandLineToArgvW
DragAcceptFiles
DragQueryFileW
SHFileOperationW
SHGetKnownFolderPath
ShellExecuteW

shlwapi

PathFileExistsW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
AllowSetForegroundWindow
CallWindowProcW
ClientToScreen
ClipCursor
CloseClipboard
CloseTouchInputHandle
CreateIconFromResource
CreateIconIndirect
CreateWindowExW
DefWindowProcW
DestroyIcon
DispatchMessageW
EmptyClipboard
EnumDisplayMonitors
EnumDisplaySettingsW
FlashWindowEx
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetMessageExtraInfo
GetMonitorInfoW
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetSystemMetrics
GetTouchInputInfo
GetWindowLongPtrA
GetWindowRect
IsClipboardFormatAvailable
IsIconic
KillTimer
LoadCursorA
LoadIconA
MapVirtualKeyExA
MessageBoxA
MessageBoxW
MonitorFromPoint
MonitorFromWindow
MoveWindow
OpenClipboard
PeekMessageW
RegisterClassExW
RegisterRawInputDevices
RegisterTouchWindow
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageA
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetTimer
SetWindowLongPtrA
SetWindowPos
SetWindowRgn
SetWindowTextW
ShowWindow
SystemParametersInfoA
TrackMouseEvent
TranslateMessage

winmm

midiInClose
midiInGetDevCapsA
midiInGetErrorTextA
midiInGetID
midiInGetNumDevs
midiInOpen
midiInStart
midiInStop
timeBeginPeriod
timeEndPeriod

ws2_32

WSAConnect
freeaddrinfo
getaddrinfo
getnameinfo
inet_pton

wsock32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
getsockname
htonl
htons
inet_addr
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
_Z13widechar_mainiPPw
_Z5_mainv
main

Sections

.text
Size: 29.4MB - Virtual size: 29.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

pck
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 583KB - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 209B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wgam_windows.pck

Sharing

General

Malware Config

Signatures

Files

1b5031dfe417e10aec0a4aac4a2e9c55

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

avrt

bcrypt

dinput8

dwmapi

gdi32

imm32

iphlpapi

kernel32

msvcrt

ole32

opengl32

shell32

shlwapi

user32

winmm

ws2_32

wsock32

Exports

Exports

Sections

.text Size: 29.4MB - Virtual size: 29.4MB

.data Size: 25KB - Virtual size: 25KB

.rdata Size: 3.5MB - Virtual size: 3.5MB

pck Size: 512B - Virtual size: 8B

.pdata Size: 583KB - Virtual size: 583KB

.xdata Size: 2.2MB - Virtual size: 2.2MB

.bss Size: - Virtual size: 73KB

.edata Size: 512B - Virtual size: 209B

.idata Size: 15KB - Virtual size: 15KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 165KB - Virtual size: 165KB

.reloc Size: 166KB - Virtual size: 165KB

.text
Size: 29.4MB - Virtual size: 29.4MB

.data
Size: 25KB - Virtual size: 25KB

.rdata
Size: 3.5MB - Virtual size: 3.5MB

pck
Size: 512B - Virtual size: 8B

.pdata
Size: 583KB - Virtual size: 583KB

.xdata
Size: 2.2MB - Virtual size: 2.2MB

.bss
Size: - Virtual size: 73KB

.edata
Size: 512B - Virtual size: 209B

.idata
Size: 15KB - Virtual size: 15KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 165KB - Virtual size: 165KB

.reloc
Size: 166KB - Virtual size: 165KB