gandball
Static task
static1
Behavioral task
behavioral1
Sample
1949e1a48df5ec684a0fc0f6bd3ee4119a29954b356cd17bfd7a1bc4daaf7216.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1949e1a48df5ec684a0fc0f6bd3ee4119a29954b356cd17bfd7a1bc4daaf7216.exe
Resource
win10v2004-20220414-en
General
-
Target
1949e1a48df5ec684a0fc0f6bd3ee4119a29954b356cd17bfd7a1bc4daaf7216
-
Size
3.8MB
-
MD5
b6cbd52f048d0b356f1b67ff2e783860
-
SHA1
2539e01b0d761b64c4a74da6a2ebe2da85e68214
-
SHA256
1949e1a48df5ec684a0fc0f6bd3ee4119a29954b356cd17bfd7a1bc4daaf7216
-
SHA512
2b0072427aef5d3ee5a0411309f018b2c6c4b126c6eb2a4f1d996a6e7ced5e8849558a3a6bdce45b41b9c2f98378a610cb8ea24dba5e76edc2756a39340ec2a8
-
SSDEEP
98304:QteYKJFbCL1i0KuctvVDDtG89hdrKbLS1/3vcIPpLhxJnAWu:Qz84ic8C8VmbC3vVJnD
Malware Config
Signatures
Files
-
1949e1a48df5ec684a0fc0f6bd3ee4119a29954b356cd17bfd7a1bc4daaf7216.exe windows x86
011bd7fe935be769d1a6051ae62668e8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleHandleW
WriteFile
GetUserDefaultLangID
TlsSetValue
OpenProcess
GetExitCodeProcess
lstrlenW
ReplaceFileA
GetSystemDefaultLCID
GetLastError
GetProcAddress
VirtualProtect
GetCurrentProcessId
UnregisterWaitEx
OpenFileMappingA
CreateHardLinkA
GlobalLock
LoadResource
GetNumberOfConsoleInputEvents
GlobalCompact
GlobalFix
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
RtlUnwind
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
IsProcessorFeaturePresent
LCMapStringW
MultiByteToWideChar
GetStringTypeW
advapi32
AddAccessAllowedAce
SetServiceStatus
SetServiceObjectSecurity
Exports
Exports
Sections
.text Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3.7MB - Virtual size: 3.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 30.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 51KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ