goldenspy | 68472c7468b931dbbea1900bdeb4dcf10bdbfe1384e0984f4272f1a036659202

Sharing

Copy URL

Twitter E-mail

General

Target

68472c7468b931dbbea1900bdeb4dcf10bdbfe1384e0984f4272f1a036659202
Size

634KB
MD5

27fc849f5ba788646b2d18ca3c22b36b
SHA1

49971c535f462aed0aed6843c9d2d08ff8b1f688
SHA256

68472c7468b931dbbea1900bdeb4dcf10bdbfe1384e0984f4272f1a036659202
SHA512

666ab3f2f028ec462e9b3343a884d375340b3f8a08429e75d9ce9a4dd0bb10fe523c5b79903f95d881f5cd6b45ccc5451fbf8cb5322ed9d86f8460dc881222ba
SSDEEP

12288:iCDP7bIcq/Hs3fOmj+5NM6jXDk8Ts3FBvRP+8mboaQHt3nHiXGYGeQgO:iI4hmi5NopRUm3CHGbgO

Score

10^/10

goldenspy

Malware Config

Signatures

GoldenSpy Payload 1 IoCs

Processes:

resource	yara_rule
sample	goldenspy_svm_payload

Goldenspy family
goldenspy

Files

68472c7468b931dbbea1900bdeb4dcf10bdbfe1384e0984f4272f1a036659202
.exe windows x86

be4aab2fb5cd36db72cfa50b61115daf

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
GetVersionExA
GetTickCount
CreateMutexA
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
ReadFile
IsDBCSLeadByteEx
WriteFile
SetFilePointer
CreateFileW
MultiByteToWideChar
GetFileSize
WideCharToMultiByte
GetCurrentDirectoryA
SetCurrentDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleHandleA
SystemTimeToFileTime
CreateDirectoryA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetLastError
SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
HeapAlloc
CloseHandle
Process32Next
Sleep
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
OutputDebugStringA
GetCurrentProcess
HeapFree
Process32First
DeleteFileA
GetTempPathA
FindClose
FindNextFileA
FindFirstFileA
GetModuleFileNameA
FileTimeToSystemTime
SetFileAttributesA
LoadResource
LockResource
FreeResource
FindResourceA
SizeofResource
GetLocalTime
DeleteCriticalSection
DecodePointer
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExA
HeapReAlloc
FlushFileBuffers
GetTimeZoneInformation
DeleteFileW
GetFileAttributesExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
WinExec
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
CopyFileA
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetFileType
GetACP
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleHandleExW
ExitProcess
QueryPerformanceFrequency
LoadLibraryExW
RtlUnwind
OutputDebugStringW
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW

user32

GetSystemMetrics
GetDesktopWindow

advapi32

ChangeServiceConfig2A
RegEnumKeyExA
RegCreateKeyA
DeregisterEventSource
CreateServiceA
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
DeleteService
ControlService
StartServiceA
ReportEventA
RegisterEventSourceA
CloseServiceHandle
OpenSCManagerA
OpenServiceA
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA

ole32

CLSIDFromProgID
CoCreateGuid
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
GetErrorInfo
SysAllocString
VariantClear

shlwapi

PathIsDirectoryA

wininet

InternetConnectA
HttpOpenRequestA
InternetReadFile
HttpEndRequestA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
HttpSendRequestExA
HttpAddRequestHeadersA
InternetSetOptionA
HttpQueryInfoA
InternetWriteFile

Sections

.text
Size: 493KB - Virtual size: 492KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 489KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be4aab2fb5cd36db72cfa50b61115daf

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

wininet

Sections

.text Size: 493KB - Virtual size: 492KB

.rdata Size: 124KB - Virtual size: 123KB

.data Size: 5KB - Virtual size: 9KB

.rsrc Size: 489KB - Virtual size: 488KB

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 493KB - Virtual size: 492KB

.rdata
Size: 124KB - Virtual size: 123KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 489KB - Virtual size: 488KB

.reloc
Size: 22KB - Virtual size: 21KB