wscript[.]exe | Triage

Resubmissions

24/07/2024, 07:28

240724-ja494avblk 3

Sharing

Copy URL Twitter E-mail

General

Target

wscript.exe
Size

192KB
MD5

3de6399eef77c93266a02a914d806dfa
SHA1

12c48f47f450042c2cf57cf0bd11a847e28c0a4b
SHA256

c04c98c824f51d372f0907708725d83e22fbf391c8647e404d9102bbfbfb3173
SHA512

f186994e52b95c6184e73e91d0ae2a3e8557c72d3ad48e59cb07305e669a20a6f37e405e464be75cb185104818b2c7c1209691a3069a5a5431608707dc37da81
SSDEEP

3072:nB2VoY316KDx4tmyMwq/siTdt++3VjUkgO1Djd0PyWUZxtt:B2VoY30KDx4gEq/si3t4+d0PynZh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
wscript.exe

Files

wscript.exe
.exe windows:10 windows x64 arch:x64

8e38120cbab568a4a9e02a52a69d8f37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wscript.pdb

Imports

msvcrt

wcscat_s
_swab
swprintf_s
__C_specific_handler
strcpy_s
_itow_s
memset
free
_callnewh
malloc
sprintf_s
wcscpy_s
_itow
_wcsicmp
_wcsnicmp
wcsncmp
bsearch
_vsnprintf
memmove_s
memcpy_s
_vsnwprintf
_beginthread
_endthread
wcsrchr
memcmp
memcpy
memmove
strcmp

oleaut32

CreateErrorInfo
SetErrorInfo
VariantClear
VariantChangeType
SafeArrayGetElement
LoadTypeLi
VariantCopy
VariantInit
SafeArrayCreate
SysAllocStringByteLen
UnRegisterTypeLi
LoadTypeLibEx
SysAllocString
SafeArrayGetUBound
SafeArrayDestroy
LoadRegTypeLi
SafeArrayCopy
SysFreeString
SysStringLen
SysAllocStringLen
SafeArrayPutElement
SafeArrayGetLBound

kernel32

InitializeCriticalSection
GetCurrentThreadId
DeleteCriticalSection
FindClose
GetUserDefaultLCID
FlushFileBuffers
GetTempFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
ReleaseMutex
GetModuleHandleA
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
GetStartupInfoA
AcquireSRWLockShared
ExitProcess
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
IsDebuggerPresent
GetSystemDirectoryA
EnterCriticalSection
GetPrivateProfileIntA
GetModuleFileNameA
CreateFileA
GetCommandLineW
GetTempPathA
FindFirstFileA
GetCommandLineA
MultiByteToWideChar
FindFirstFileW
GetConsoleMode
GetStdHandle
WideCharToMultiByte
CreateEventA
LoadLibraryExA
GetPrivateProfileStringW
CreateThread
GetPrivateProfileStringA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WriteFile
CreateFileW
UnmapViewOfFile
LeaveCriticalSection
GetPrivateProfileIntW
CreateFileMappingA
GetLocaleInfoA
GetLocaleInfoW
HeapReAlloc
GetFileSize
MapViewOfFile
SearchPathW
GetSystemDefaultUILanguage
FormatMessageA
LocalFree
LocalAlloc
LoadLibraryExW
GetFileAttributesW
FreeLibrary
GetUserDefaultUILanguage
GetACP
GetVersionExW
GetFullPathNameA
GetFileAttributesA
GetVersionExA
FindResourceExW
LoadResource
GetFullPathNameW
GetModuleFileNameW
GetCPInfo
CreateFileMappingW
SetEvent

user32

SetTimer
CreateWindowExA
MsgWaitForMultipleObjects
GetClassNameA
PostMessageA
IsWindowVisible
TranslateMessage
GetClassInfoA
DefWindowProcA
EnumThreadWindows
MsgWaitForMultipleObjectsEx
PeekMessageA
GetWindowLongPtrA
KillTimer
PostQuitMessage
GetParent
SetWindowLongPtrA
SendMessageA
PostThreadMessageA
GetActiveWindow
MessageBoxW
DispatchMessageA
GetMessageA
CharNextA
LoadStringW
LoadStringA
RegisterClassA

ole32

MkParseDisplayName
CoRegisterMessageFilter
CoGetTreatAsClass
CoInitialize
CLSIDFromString
CoUninitialize
CoGetClassObject
CLSIDFromProgID
CreateFileMoniker
CoGetInterfaceAndReleaseStream
CoCreateInstance
StringFromCLSID
CoRegisterClassObject
CoGetMalloc
CoRevokeClassObject
CoInitializeSecurity
CoMarshalInterThreadInterfaceInStream
CreateBindCtx

advapi32

RegCreateKeyExA
RegEnumKeyExA
IsTextUnicode
RegSetValueExA
RegQueryValueExA
LookupAccountNameW
ReportEventW
RegisterEventSourceW
GetUserNameW
RegQueryValueExW
DeregisterEventSource
RegOpenKeyExW
RegCreateKeyA
RegSetValueExW
RegCloseKey
RegOpenKeyA
RegSetValueA
RegDeleteKeyA
RegQueryValueA
ImpersonateLoggedOnUser
RegCreateKeyExW
RegOpenKeyExA

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

8e38120cbab568a4a9e02a52a69d8f37

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

oleaut32

kernel32

user32

ole32

advapi32

version

Sections

.text Size: 105KB - Virtual size: 104KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 39KB - Virtual size: 38KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 105KB - Virtual size: 104KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 39KB - Virtual size: 38KB

.reloc
Size: 3KB - Virtual size: 2KB