wget[.]exe | Triage

Resubmissions

02-08-2024 22:12

240802-14s8csxdma 3

02-08-2024 22:09

240802-13apmaxcqd 6

02-08-2024 22:06

240802-1z4hjaxbpg 6

02-08-2024 22:03

240802-1yg8xascqk 3

Sharing

Copy URL

Twitter E-mail

General

Target

wget.exe
Size

438KB
MD5

aa173375c21ea31b8cc615dccb54e43b
SHA1

a00ea43c0ebbed364a606da39526f1dbed37e91e
SHA256

cf02b7614fea863672ccbed7701e5b5a8fad8ed1d0faa2f9ea03b9cc9ba2a3ba
SHA512

55f6b509f1b2e9229d8a9526c8f50e696708c81d6339b59aaf807bc6283ed2e5277f654cd5ab77b018db5d5adeb02a64001080838fbfd79634ff88af0049a0d2
SSDEEP

12288:+mLQAy20LdLBMGoWoIejCg+iKFFlEZlg1:+mMAy20LdmGoF0g+n/j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
wget.exe

Files

wget.exe
.exe windows:4 windows x86 arch:x86

Password: test

b5ee18df259e08ce53b60f0de373b43b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libeay32

CRYPTO_free
DES_ecb_encrypt
DES_set_key
DES_set_odd_parity
ERR_error_string
ERR_get_error
MD4_Final
MD4_Init
MD4_Update
MD5_Final
MD5_Init
MD5_Update
OPENSSL_add_all_algorithms_noconf
RAND_egd
RAND_file_name
RAND_load_file
RAND_screen
RAND_status
X509_NAME_get_text_by_NID
X509_NAME_oneline
X509_free
X509_get_issuer_name
X509_get_subject_name
X509_verify_cert_error_string

libintl3

libintl_bindtextdomain
libintl_fprintf
libintl_gettext
libintl_ngettext
libintl_printf
libintl_sprintf
libintl_textdomain
libintl_vfprintf

libssl32

SSL_CTX_ctrl
SSL_CTX_free
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_set_default_verify_paths
SSL_CTX_set_verify
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate_file
SSL_connect
SSL_free
SSL_get_error
SSL_get_peer_certificate
SSL_get_verify_result
SSL_library_init
SSL_load_error_strings
SSL_new
SSL_peek
SSL_pending
SSL_read
SSL_set_connect_state
SSL_set_fd
SSL_shutdown
SSL_write
SSLv23_client_method
SSLv2_client_method
SSLv3_client_method
TLSv1_client_method

kernel32

CloseHandle
CreateEventA
CreateFileMappingA
CreateProcessA
CreateThread
ExitProcess
FreeLibrary
GetCommandLineA
GetConsoleScreenBufferInfo
GetCurrentProcessId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStdHandle
GetSystemDirectoryA
GetTickCount
LoadLibraryA
MapViewOfFile
OpenFileMappingA
QueryPerformanceCounter
QueryPerformanceFrequency
ResumeThread
SetConsoleCtrlHandler
SetConsoleTitleA
SetEvent
SetUnhandledExceptionFilter
SleepEx
TerminateProcess
TerminateThread
UnmapViewOfFile
WaitForMultipleObjects
WaitForSingleObject

msvcrt

_chmod
_close
_fdopen
_getpid
_isatty
_mkdir
_open
_read
_strdup
_unlink
_utime
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_errno
_flsbuf
_fstati64
_iob
_isctype
_onexit
_pctype
_setmode
_snprintf
_stati64
_stricmp
_strnicmp
_sys_nerr
_vsnprintf
abort
atexit
atoi
calloc
exit
fclose
fflush
fgetc
fgets
fopen
fprintf
fputc
fputs
fread
free
fwrite
getenv
localeconv
localtime
malloc
memchr
memcpy
memmove
memset
mktime
perror
qsort
rand
realloc
rename
setlocale
signal
srand
sscanf
strcat
strchr
strcmp
strcpy
strerror
strftime
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtoul
time

ws2_32

WSAAddressToStringA

wsock32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
getpeername
getservbyname
getservbyport
getsockname
htonl
htons
inet_addr
inet_ntoa
listen
ntohs
recv
select
send
setsockopt
socket

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: test

b5ee18df259e08ce53b60f0de373b43b

Headers

File Characteristics

Imports

libeay32

libintl3

libssl32

kernel32

msvcrt

ws2_32

wsock32

Sections

.text Size: 344KB - Virtual size: 343KB

.data Size: 83KB - Virtual size: 83KB

.bss Size: - Virtual size: 37KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 344KB - Virtual size: 343KB

.data
Size: 83KB - Virtual size: 83KB

.bss
Size: - Virtual size: 37KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 3KB