General
-
Target
gpg4win-3.1.15.exe
-
Size
28.6MB
-
Sample
210406-rrhyltdyqe
-
MD5
a96d89086f076d671560663d96993a16
-
SHA1
fd822ac0a8b9e83fa5169bab69349f7c7d16f488
-
SHA256
58b4de192ce0f3a7f25766e96ec379a8f125e3a1e2bdb2519c185a03a0a4ed4c
-
SHA512
be143c91001618dd91a3e9daefa735f0d7a31e95e0c5cfeb0b707a75c6c8cb1e11a1bd4f08929aa1f9a7f23b7d2464a01040ce7600ee1b4be42b8e2fe281aaa6
Static task
static1
Behavioral task
behavioral1
Sample
gpg4win-3.1.15.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
gpg4win-3.1.15.exe
Resource
win10v20201028
Malware Config
Extracted
C:\Program Files (x86)\Gpg4win\share\gpg4win\README.en.txt
jseward@bzip.org
adns-maint@chiark.greenend.org.uk
<dshaw@jabberwocky.com>
<peter@palfrader.org>
<mutz@kde.org>
3c31c9d6b19af840e2bd8ccbfef4072a6548dc4e
37a3117ea6cc50c8a88fba9b6018f35a04fa71ce
31de819181dd8abc25d89484ff6a4e60f032e8fc
183f409aa46e8780b8475437cc39f20dc6c6fe77
30e2f3767262b69e4050f7ad697ba6dc602f5946
3e57376285cec75aa2a3a5b5672cfdb0c50da603
3db28cce783aeb5f5d2b99ae1e288c3ec789b168
382f820db7adac5e31605c5fa93ba98ff0e94049
3959319bd04fbce513458857f334ada279b8cdd4
3f8a0ba9c7821049d51b982141a2330a246beb55
https://www.gpg4win.org/doc/en/gpg4win-compendium.html
https://www.gpg4win.org/system-requirements.html
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000452.html
https://lists.gnupg.org/pipermail/gnupg-announce/2020q4/000451.html
https://www.gpg4win.org/change-history.html
https://lists.gnupg.org/pipermail/gnupg-announce/2020q4/000450.html
https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html
https://gnupg.org
https://wiki.gnupg.org/WKD
https://wiki.gnupg.org/TroubleShooting#Restoring_corrupted_Archives_created_by_Kleopatra
https://lists.gnupg.org/pipermail/gnupg-announce/2018q4/000432.html
https://lists.gnupg.org/pipermail/gnupg-announce/2018q3/000428.html
https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000424.html
https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000421.html
https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000413.html
https
https://wiki.gnupg.org/GpgOL/MIMESupport
http://www.claws-mail.org/win32/
http://www.g-n-u.de
Targets
-
-
Target
gpg4win-3.1.15.exe
-
Size
28.6MB
-
MD5
a96d89086f076d671560663d96993a16
-
SHA1
fd822ac0a8b9e83fa5169bab69349f7c7d16f488
-
SHA256
58b4de192ce0f3a7f25766e96ec379a8f125e3a1e2bdb2519c185a03a0a4ed4c
-
SHA512
be143c91001618dd91a3e9daefa735f0d7a31e95e0c5cfeb0b707a75c6c8cb1e11a1bd4f08929aa1f9a7f23b7d2464a01040ce7600ee1b4be42b8e2fe281aaa6
Score10/10-
Registers COM server for autorun
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-