Static task
static1
Behavioral task
behavioral1
Sample
wanakiwi.zip
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
wanakiwi.exe
Resource
win10v2004-20240802-en
General
-
Target
wanakiwi.zip
-
Size
354KB
-
MD5
e4f370b101104c15269a3b888ed98e08
-
SHA1
ad5b797c7cc788a21403ca0cc959bb548580c84f
-
SHA256
40da854572ad619f1e48ebc62e7ac42fc46b2f3fbdd0dd9069eb451b79f578f4
-
SHA512
5fd22a7bc6ae20461aab75d0806309d0ed5f926219437a2a252dd96a4dcae616c0b7faa91a7f12d693c75ef9e36c26f0f876cf3fa82d85d419bfe08b1b8ab6ef
-
SSDEEP
6144:khQbV921g4F8OnnPl66sLG2kFCUMPX3icAmBEtHxxxXww9yz8rgot:zYNmC0pPnAmB8tweyre
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/wanakiwi.exe
Files
-
wanakiwi.zip.zip
-
wanakiwi.exe.exe windows:5 windows x86 arch:x86
0a32e52c283cd253a8c1ffdaa7c3fd73
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
CryptAcquireContextW
CryptReleaseContext
CryptImportKey
CryptDestroyKey
CryptSetKeyParam
CryptDecrypt
ReportEventA
DeregisterEventSource
RegisterEventSourceA
shlwapi
PathFindExtensionW
ntdll
NtQuerySystemInformation
RtlInitUnicodeString
RtlEqualUnicodeString
RtlAdjustPrivilege
kernel32
SetEndOfFile
WriteConsoleW
FindFirstFileW
WriteFile
GetFileAttributesW
ReadFile
CreateFileW
FlushFileBuffers
GetFileSizeEx
FindClose
LocalAlloc
FindNextFileW
CloseHandle
LocalFree
VirtualQueryEx
OpenProcess
ReadProcessMemory
GetLastError
SetFilePointer
GetCurrentProcess
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
GetVersion
GetFileType
GetStdHandle
MultiByteToWideChar
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FreeLibrary
LoadLibraryA
FlushConsoleInputBuffer
HeapFree
GetCommandLineW
HeapReAlloc
HeapAlloc
EncodePointer
DecodePointer
InterlockedDecrement
ExitProcess
GetModuleHandleExW
AreFileApisANSI
SetConsoleCtrlHandler
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
IsDebuggerPresent
IsProcessorFeaturePresent
InterlockedIncrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetStringTypeW
GetProcessHeap
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
Sleep
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LoadLibraryExW
RtlUnwind
ReadConsoleW
GetConsoleCP
SetStdHandle
SetFilePointerEx
CompareStringW
LCMapStringW
OutputDebugStringW
LoadLibraryW
SetEnvironmentVariableA
HeapSize
RaiseException
user32
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
Sections
.text Size: 528KB - Virtual size: 528KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 167KB - Virtual size: 166KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 648B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 63KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ