_gekkko@8
Static task
static1
Behavioral task
behavioral1
Sample
893e3007917cabb488406223f2c36c4556721e36ebfa9b0a57183ca01e48045e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
893e3007917cabb488406223f2c36c4556721e36ebfa9b0a57183ca01e48045e.exe
Resource
win10v2004-20220414-en
General
-
Target
893e3007917cabb488406223f2c36c4556721e36ebfa9b0a57183ca01e48045e
-
Size
237KB
-
MD5
eff41fc132a136f18e929fd2dbbc6f0c
-
SHA1
8172ddc7def1ff008a7b67b691f898d48141efa3
-
SHA256
893e3007917cabb488406223f2c36c4556721e36ebfa9b0a57183ca01e48045e
-
SHA512
45b54cb98d91abefa58b2f5e84c16ef07faa4e4673842b33aa071fb6236fb22dc52d961d5738e0160857f755460b61321ae64abe9e9a0a5f0138ae2e88890985
-
SSDEEP
6144:gDLyDucOlhYYsiPir9ATmCQ9Ga/t9N+A:gDWDucOlVs9Lh/n4
Malware Config
Signatures
Files
-
893e3007917cabb488406223f2c36c4556721e36ebfa9b0a57183ca01e48045e.exe windows x86
d410f6bccfd5fbd595d4ceec25054b24
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetThreadContext
OpenFile
WritePrivateProfileStructA
TlsGetValue
FindResourceExW
BuildCommDCBAndTimeoutsA
LoadResource
InterlockedIncrement
GetProfileStringW
GetComputerNameW
OpenSemaphoreA
_lclose
GetModuleHandleW
GetProcessHeap
GetSystemTimeAsFileTime
ActivateActCtx
GlobalAlloc
GetPrivateProfileIntA
LoadLibraryW
GetConsoleMode
GetVersionExW
GetFileAttributesA
lstrcatA
GetACP
ExitThread
lstrlenW
DisconnectNamedPipe
VirtualUnlock
DeactivateActCtx
GetLastError
GetProcAddress
CreateNamedPipeA
IsValidCodePage
SearchPathA
GetLocalTime
LoadLibraryA
LocalAlloc
AddAtomA
GetPrivateProfileStructA
GetTapeParameters
WriteProfileStringA
SetConsoleCursorInfo
FreeEnvironmentStringsW
VirtualProtect
CompareStringA
ScrollConsoleScreenBufferA
DebugBreak
FindActCtxSectionStringW
LocalFree
CopyFileExA
AreFileApisANSI
lstrcpyA
GetModuleHandleA
GetStartupInfoW
HeapAlloc
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
InterlockedDecrement
Sleep
HeapSize
ExitProcess
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetOEMCP
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
WideCharToMultiByte
LCMapStringW
RaiseException
user32
GetCursorPos
Exports
Exports
Sections
.text Size: 206KB - Virtual size: 205KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 733KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ