GUM[.]EXE | Triage

Submit
Reports

Overview

overview

Static

static

GUM.exe

windows7-x64

GUM.exe

windows10-2004-x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

GUM.exe

Resource

win7-20220718-en

xpertrat evasion persistence rat trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

GUM.exe

Resource

win10v2004-20220721-en

xpertrat collection evasion persistence rat trojan

windows10-2004-x64

14 signatures

150 seconds

General

Target

GUM.EXE
Size

172KB
MD5

81912e3dd162ce7c96114a84d0d58b29
SHA1

2def8b1c48c9e550f57c9dab915c5232a7113d57
SHA256

f91cf396d6cc0e3803aa25fd0770e9a252196ae616e032e4880668c8ded74dc0
SHA512

893b3c4483d0a307cad24c73fce27bc4e02438439fc5b07d596146bdb92767e53e60642ff6264ce80891b10c0a7f2a3f5b397560a47ee6e1244d6e5e9a80f341
SSDEEP

3072:rNWDB5oIO1909/zdAAyvjFOp1WXNWGA7bulniw4wqPQy95j5VnGGFr5HYnjM:rIB5odw1z3yvYv8WX7K4wqYCVjnGGFrH

Score

N/A

Malware Config

Signatures

Files

GUM.EXE
.exe windows x86

a5db5a466a58a88fc36a0259818100cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord669
ord598
ord631
EVENT_SINK_AddRef
ord527
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ord717
ProcCallEngine
ord644
ord645
ord100
ord616

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy