golddragon | E11E2425C62F34EBB3F640BAEEFB67D5[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

E11E2425C62F34EBB3F640BAEEFB67D5.exe
Size

105.8MB
MD5

e11e2425c62f34ebb3f640baeefb67d5
SHA1

7dc6f8aaaf4431c365564a51dd37c143d857b89e
SHA256

237deba138355bfb448e74bfb68fc868f4807b24d68715a6d47e348fc0cf9257
SHA512

a0739d0141b41bcec079de8fac6df70dc93100721ad1f04ef9cbbf52102ed4b7bbfd7f088618ce9ac939d8fa7d6837a0c822c303d55d7c7fb2d1221d13703e48
SSDEEP

3145728:1JB3oonVicWt1i3Xr7PZvsB0xyTnJ7xpeDPKQa3BvI:1IsVicmiHXBLWnJ7mDPR/

Score

10^/10

backdoor golddragon

Malware Config

Signatures

GoldDragon 2021 Stage1 backdoor 1 IoCs
Detect GoldDragon backdoor Stage 1.
backdoor

Processes:

resource yara_rule

sample golddragon_stage1
Golddragon family
golddragon

resource	yara_rule
sample	golddragon_stage1

Files

E11E2425C62F34EBB3F640BAEEFB67D5.exe
.dll windows x86

194f714c2987b8432496320ebae1cc55

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GlobalAlloc
GlobalFree
Sleep
GetTempPathA
GetTempFileNameA
SetFileAttributesA
DeleteFileA
ReadFile
CloseHandle
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
WaitForSingleObject
FindFirstFileW
FindNextFileW
GetProcAddress
GetSystemDirectoryW
GetLogicalDriveStringsW
GetLocalTime
CopyFileW
GetCommandLineW
GetModuleFileNameW
InitializeCriticalSectionEx
GetModuleHandleA
TerminateThread
RaiseException
CreateThread
DecodePointer
DeleteCriticalSection
FreeLibrary
CreateProcessW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
FindClose
WriteConsoleW
GetStringTypeW
GetCommandLineA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LoadLibraryA
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
InterlockedFlushSList
SetLastError
RtlUnwind
CreateFileW
GetFileType
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetConsoleCP
GetConsoleMode
GetACP
GetStdHandle
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
FlushFileBuffers
SetStdHandle
SetEndOfFile
GetFileAttributesExW
CompareStringW
LCMapStringW

user32

ShowWindow

ole32

CoCreateInstance

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

shlwapi

PathFindExtensionW
StrCmpIW
PathAppendA
StrStrIW
PathAppendW
PathFindFileNameW
StrStrIA

advapi32

SystemFunction036

Exports

Exports

Run

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

194f714c2987b8432496320ebae1cc55

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

shell32

shlwapi

advapi32

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 49KB - Virtual size: 53KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 288B

.rsrc Size: 247KB - Virtual size: 246KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 49KB - Virtual size: 53KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 288B

.rsrc
Size: 247KB - Virtual size: 246KB

.reloc
Size: 7KB - Virtual size: 6KB