wakena[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

wakena.zip
Size

3.3MB
MD5

2c1680e59a482bbe60e7658659b20b3d
SHA1

3011f9b114213119c2fce31a3cc6612f889d5668
SHA256

23506c79b6112f7a234c35b838faa9b51286df3bba27f27b7731aa0f23364139
SHA512

17e971bac0ffddb03a99a7ffe47a14b2b712ebf920abc703840431ced458d955240f5014cd93bf46c43b58b2ad219c6eb78f761532561e3360b89f890866265a
SSDEEP

98304:3XS/iF94f2acXLgqNbjnksp1zB0lwkJbY:3XSiF98LGkMb4sp19Wa

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/bubs.exe
unpack001/cr.dll

Files

wakena.zip
.zip
bubs.exe
.exe windows:4 windows x86 arch:x86

c1a678497b09d9f4a893b18b9f3e8508

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteConsoleW
CancelWaitableTimer
FatalExit
FileTimeToSystemTime
FindFirstFileNameTransactedW
GetCommProperties
GetNamedPipeHandleStateA
SetUserGeoID

advapi32

EncryptFileW
GetNamedSecurityInfoA
LogonUserA
LsaEnumerateAccountsWithUserRight
OpenTraceA
RegCreateKeyExA
RegEnumValueW
RegOpenKeyA

comctl32

DPA_DeleteAllPtrs
DPA_SetPtr
DrawInsert
DrawStatusTextA
ImageList_GetImageInfo
ImageList_Merge

eappcfg

EapHostPeerConfigXml2Blob
EapHostPeerCredentialsXml2Blob
EapHostPeerFreeMemory
EapHostPeerInvokeConfigUI
EapHostPeerInvokeIdentityUI
EapHostPeerInvokeInteractiveUI
EapHostPeerQueryInteractiveUIInputFields
EapHostPeerQueryUserBlobFromCredentialInputFields

imm32

ImmDisableTextFrameService
ImmGetDescriptionA
ImmGetGuideLineW
ImmGetIMEFileNameW
ImmGetProperty
ImmInstallIMEA
ImmRegisterWordW
ImmUnregisterWordW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleProxyW
GetOleaccVersionInfo
GetRoleTextW
LresultFromObject
ObjectFromLresult
WindowFromAccessibleObject

oleaut32

DllUnregisterServer
LHashValOfNameSysA
VarBstrFromUI1
VarDecFromUI2
VarDecInt
VarDecSub
VarR8FromI2
VarR8FromR4
VarUI4FromCy

pdh

PdhBindInputDataSourceA
PdhBrowseCountersHA
PdhEnumObjectItemsA
PdhEnumObjectsA
PdhGetDefaultPerfObjectA
PdhGetRawCounterArrayA
PdhOpenLogA

powrprof

PowerReadIconResourceSpecifier
PowerReadSettingAttributes
PowerSettingRegisterNotification
PowerWriteACDefaultIndex
PowerWriteIconResourceSpecifier
PowerWriteSettingAttributes
PowerWriteValueMax
PowerWriteValueMin

t2embed

TTCharToUnicode
TTDeleteEmbeddedFont
TTEmbedFontFromFileA
TTEnableEmbeddingForFacename
TTGetEmbeddingType
TTGetNewFontName
TTIsEmbeddingEnabledForFacename
TTRunValidationTests

usp10

ScriptCacheGetHeight
ScriptGetCMap
ScriptGetFontAlternateGlyphs
ScriptGetFontProperties
ScriptJustify
ScriptLayout
ScriptStringOut
ScriptStringXtoCP
ScriptString_pcOutChars

winhttp

WinHttpAddRequestHeaders
WinHttpOpen
WinHttpQueryOption
WinHttpReceiveResponse
WinHttpSetCredentials
WinHttpTimeFromSystemTime
WinHttpWriteData

wkscli

NetAddAlternateComputerName
NetRenameMachineInDomain
NetSetPrimaryComputerName
NetWkstaGetInfo
NetWkstaUserEnum
NetWkstaUserSetInfo

cr

GeEDjPBPrcpWEceJ

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cr.dll
.dll windows:4 windows x86 arch:x86

e9b2da4f0f30e4b51e4bc95b30558944

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WriteConsoleW
CancelWaitableTimer
FatalExit
FileTimeToSystemTime
FindFirstFileNameTransactedW
GetCommProperties
GetNamedPipeHandleStateA
SetUserGeoID

msvcrt

_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
realloc
strlen
strncmp
vfprintf

advapi32

EncryptFileW
GetNamedSecurityInfoA
LogonUserA
LsaEnumerateAccountsWithUserRight
OpenTraceA
RegCreateKeyExA
RegEnumValueW
RegOpenKeyA

comctl32

DPA_DeleteAllPtrs
DPA_SetPtr
DrawInsert
DrawStatusTextA
ImageList_GetImageInfo
ImageList_Merge

eappcfg

EapHostPeerConfigXml2Blob
EapHostPeerCredentialsXml2Blob
EapHostPeerFreeMemory
EapHostPeerInvokeConfigUI
EapHostPeerInvokeIdentityUI
EapHostPeerInvokeInteractiveUI
EapHostPeerQueryInteractiveUIInputFields
EapHostPeerQueryUserBlobFromCredentialInputFields

imm32

ImmDisableTextFrameService
ImmGetDescriptionA
ImmGetGuideLineW
ImmGetIMEFileNameW
ImmGetProperty
ImmInstallIMEA
ImmRegisterWordW
ImmUnregisterWordW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleProxyW
GetOleaccVersionInfo
GetRoleTextW
LresultFromObject
ObjectFromLresult
WindowFromAccessibleObject

oleaut32

DllUnregisterServer
LHashValOfNameSysA
VarBstrFromUI1
VarDecFromUI2
VarDecInt
VarDecSub
VarR8FromI2
VarR8FromR4
VarUI4FromCy

pdh

PdhBindInputDataSourceA
PdhBrowseCountersHA
PdhEnumObjectItemsA
PdhEnumObjectsA
PdhGetDefaultPerfObjectA
PdhGetRawCounterArrayA
PdhOpenLogA

powrprof

PowerReadIconResourceSpecifier
PowerReadSettingAttributes
PowerSettingRegisterNotification
PowerWriteACDefaultIndex
PowerWriteIconResourceSpecifier
PowerWriteSettingAttributes
PowerWriteValueMax
PowerWriteValueMin

t2embed

TTCharToUnicode
TTDeleteEmbeddedFont
TTEmbedFontFromFileA
TTEnableEmbeddingForFacename
TTGetEmbeddingType
TTGetNewFontName
TTIsEmbeddingEnabledForFacename
TTRunValidationTests

usp10

ScriptCacheGetHeight
ScriptGetCMap
ScriptGetFontAlternateGlyphs
ScriptGetFontProperties
ScriptJustify
ScriptLayout
ScriptStringOut
ScriptStringXtoCP
ScriptString_pcOutChars

winhttp

WinHttpAddRequestHeaders
WinHttpOpen
WinHttpQueryOption
WinHttpReceiveResponse
WinHttpSetCredentials
WinHttpTimeFromSystemTime
WinHttpWriteData

wkscli

NetAddAlternateComputerName
NetRenameMachineInDomain
NetSetPrimaryComputerName
NetWkstaGetInfo
NetWkstaUserEnum
NetWkstaUserSetInfo

Exports

Exports

GeEDjPBPrcpWEceJ
fsrfefs
grggzdfg

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 917KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 172B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 119B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1a678497b09d9f4a893b18b9f3e8508

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

comctl32

eappcfg

imm32

oleacc

oleaut32

pdh

powrprof

t2embed

usp10

winhttp

wkscli

cr

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.data Size: 512B - Virtual size: 4B

.eh_fram Size: 512B - Virtual size: 64B

.idata Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 28B

e9b2da4f0f30e4b51e4bc95b30558944

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

comctl32

eappcfg

imm32

oleacc

oleaut32

pdh

powrprof

t2embed

usp10

winhttp

wkscli

Exports

Exports

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.data Size: 917KB - Virtual size: 916KB

.rdata Size: 1KB - Virtual size: 1KB

.eh_fram Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 172B

.edata Size: 512B - Virtual size: 119B

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 1024B - Virtual size: 552B

.text
Size: 4.5MB - Virtual size: 4.5MB

.data
Size: 512B - Virtual size: 4B

.eh_fram
Size: 512B - Virtual size: 64B

.idata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 28B

.text
Size: 4.6MB - Virtual size: 4.6MB

.data
Size: 917KB - Virtual size: 916KB

.rdata
Size: 1KB - Virtual size: 1KB

.eh_fram
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 172B

.edata
Size: 512B - Virtual size: 119B

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 1024B - Virtual size: 552B