06f19b33b2e2c4ef08310df3019806f914b648d2b7e075bb41afed564ae212e8

Sharing

Copy URL Twitter E-mail

General

Target

06f19b33b2e2c4ef08310df3019806f914b648d2b7e075bb41afed564ae212e8
Size

338KB
MD5

59548b2ffde1c3572a52287b3229a0e9
SHA1

05118f3e4bbb803e3550cd23be7351d0a98517bf
SHA256

06f19b33b2e2c4ef08310df3019806f914b648d2b7e075bb41afed564ae212e8
SHA512

cd21ccd21b7ca780f67ba8f9cc6cd9ae7b50e8d2e0703ecb135fe62aadfdb6e9b64dbbdfcf355c63fa64669f61d2ee607586ff4b1356efdd8d129781f18f8382
SSDEEP

3072:5KLA0HO0zTemBHzXtjXl5systRa/vPOgQC2mCxmTLM+1+MdG3CVnq9SYKPTvSm/+:5yVRtnHstRal3MZ3CVnYSY+5AOW4w4e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06f19b33b2e2c4ef08310df3019806f914b648d2b7e075bb41afed564ae212e8

Files

06f19b33b2e2c4ef08310df3019806f914b648d2b7e075bb41afed564ae212e8
.exe windows:6 windows x86 arch:x86

65e3e22f0a2536c42abb2357550eb204

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\slave\workspace\WGStart\Release\WGStart.pdb

Imports

shlwapi

PathFindExtensionW
PathIsDirectoryW

shell32

SHCreateDirectoryExW
CommandLineToArgvW
ShellExecuteW

kernel32

WriteConsoleW
SetStdHandle
GetCommandLineW
LocalFree
MultiByteToWideChar
WideCharToMultiByte
ReadFile
FindFirstFileW
FindNextFileW
WriteFile
RemoveDirectoryW
FindClose
CreateFileW
GetFileAttributesW
SetFileAttributesW
ReadConsoleW
DeleteFileW
CloseHandle
CopyFileW
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GlobalAddAtomW
GetLastError
LoadLibraryW
GlobalFindAtomW
GetProcAddress
FreeLibrary
CreateSymbolicLinkW
MoveFileW
SetEnvironmentVariableW
HeapSize
GetLogicalDriveStringsW
LCMapStringW
FreeEnvironmentStringsW
GetStringTypeW
FormatMessageW
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
SetEndOfFile
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
LoadLibraryExW
GetFileAttributesExW
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetACP
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
GetProcessHeap
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW

log

GenericLogImpl

httpsapi

HttpsGetWithResponse
HttpsFreeMemory

user32

MessageBoxW

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65e3e22f0a2536c42abb2357550eb204

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

shell32

kernel32

log

httpsapi

user32

Sections

.text Size: 242KB - Virtual size: 241KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 5KB - Virtual size: 8KB

.gfids Size: 1024B - Virtual size: 588B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 242KB - Virtual size: 241KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 5KB - Virtual size: 8KB

.gfids
Size: 1024B - Virtual size: 588B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 12KB