_gekkko@8
Static task
static1
Behavioral task
behavioral1
Sample
814081a9bfb3231b1c007488e7fb6c720586483f35330742bf3049e90398b85b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
814081a9bfb3231b1c007488e7fb6c720586483f35330742bf3049e90398b85b.exe
Resource
win10v2004-20220414-en
General
-
Target
814081a9bfb3231b1c007488e7fb6c720586483f35330742bf3049e90398b85b
-
Size
376KB
-
MD5
b159b0ad1bf4638eef29031b66dfdfe9
-
SHA1
e81d45d019c20e3d256844f1b234350e5e4a7855
-
SHA256
814081a9bfb3231b1c007488e7fb6c720586483f35330742bf3049e90398b85b
-
SHA512
41351db0bd767270b40a83ab4c32910eac4d9192edeca0b2c460439228f6325296f70dfcacb8d776ce1456d0549cc19227eba4c6bb22d53cfa964a3989d4f7d5
-
SSDEEP
6144:PcQQI3PeXNmBRfCjqucau8zAk0oQCebEBWh58tv499V8tBfMK7YND710/6EP2LCi:aI/dBRfCUQAk0oKbN5mWVqMKMetP2G4X
Malware Config
Signatures
Files
-
814081a9bfb3231b1c007488e7fb6c720586483f35330742bf3049e90398b85b.exe windows x86
2265ec7636cfff497e81814d185239e0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GlobalMemoryStatus
SetFilePointer
TlsGetValue
LoadResource
GetProfileSectionA
CancelWaitableTimer
SetComputerNameW
GetComputerNameW
ConnectNamedPipe
_lclose
SetTapeParameters
CreateNamedPipeW
GetProcessHeap
GetSystemTimeAsFileTime
FindActCtxSectionStringA
SetProcessPriorityBoost
ActivateActCtx
FindResourceExA
GlobalAlloc
GetPrivateProfileIntA
LoadLibraryW
LocalShrink
GetConsoleMode
GetPrivateProfileStructW
GetFileAttributesA
WritePrivateProfileStructW
VerifyVersionInfoA
lstrcatA
GetACP
GetThreadContext
lstrlenW
RaiseException
ReleaseActCtx
GetLastError
IsDBCSLeadByteEx
GetCurrentDirectoryW
GetProcAddress
IsValidCodePage
CopyFileA
GetLocalTime
LoadLibraryA
CreateSemaphoreW
UnhandledExceptionFilter
BuildCommDCBAndTimeoutsW
AddAtomW
VirtualLock
GetSystemInfo
SetEnvironmentVariableA
SetConsoleCursorInfo
WaitCommEvent
ContinueDebugEvent
FreeEnvironmentStringsW
CompareStringA
CloseHandle
AreFileApisANSI
lstrcpyA
WriteConsoleW
FlushFileBuffers
ExitThread
ExitProcess
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapFree
RtlUnwind
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
FatalAppExitA
TlsAlloc
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetCurrentThread
GetFileType
CreateFileA
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
HeapDestroy
HeapSize
MultiByteToWideChar
ReadFile
GetModuleFileNameA
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCPInfo
GetOEMCP
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
SetConsoleCtrlHandler
HeapReAlloc
SetStdHandle
GetConsoleCP
SetEndOfFile
FreeLibrary
LCMapStringW
CreateFileW
user32
GetCursorPos
advapi32
SetThreadToken
Exports
Exports
Sections
.text Size: 322KB - Virtual size: 322KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 739KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ