gj112[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gj112.exe
Size

2.3MB
MD5

2ab4f5a642d5d999c7ba47281a96f669
SHA1

c713bb8587fa363d6857e887e52035f2208c636b
SHA256

12d26a8eec67477070452dade0c125d9200fa9610a6c256b6addcd24c255807a
SHA512

33ebde4b75c88a1b28903113c2e8166f9a1faaf425ae51e719841cff0d55e33b3e3f14b30010b2b23311dd5ceb2ff294f4b6e2f0ffe2384f318445309ffe85da
SSDEEP

49152:ELhuQrJKiZW+PgEltG0q/XCWEp6kZw6DJvB:ELhRZjB

Score

N/A

Malware Config

Signatures

Files

gj112.exe
.exe windows x86

257241a1afac48a3bee074a527579d04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

accept
bind
WSASetLastError
inet_addr
htons
htonl
listen
closesocket
recv
send
recvfrom
sendto
connect
socket
ntohs
getpeername
WSAStartup
WSACleanup
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
gethostname
gethostbyname
shutdown
inet_ntoa

log4netwrapper

??1CLog4netWrapper@@QAE@XZ
?Info@CLog4netWrapper@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?SetName@CLog4netWrapper@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
??0CLog4netWrapper@@QAE@XZ
?Warn@CLog4netWrapper@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?Error@CLog4netWrapper@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
??0CLog4netWrapper@@QAE@V?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
??0CLog4netWrapper@@QAE@ABV0@@Z
?Debug@CLog4netWrapper@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z

mfc90

ord5890
ord2566
ord2588
ord4202
ord6294
ord3414
ord3413
ord3034
ord641
ord4399
ord379
ord1709
ord3931
ord4727
ord5761
ord6802
ord2481
ord600
ord290
ord5851
ord1387
ord2372
ord3666
ord1102
ord3140
ord516
ord6333
ord522
ord301
ord5870
ord5963
ord5997
ord4280
ord5372
ord3726
ord825
ord1087
ord1061
ord3612
ord845
ord833
ord1228
ord3244
ord4644
ord2280
ord693
ord2590
ord484
ord4153
ord5670
ord4977
ord5482
ord333
ord6616
ord1699
ord4477
ord2480
ord2149
ord2084
ord1374
ord519
ord518
ord3997
ord3676
ord4396
ord6078
ord4527
ord3158
ord3148
ord2470
ord1220
ord1116
ord2505
ord3764
ord3830
ord3831
ord3796
ord3935
ord2595
ord5877
ord2484
ord5869
ord6074
ord554
ord3663
ord758
ord613
ord337
ord2497
ord1039
ord2097
ord744
ord524
ord1174
ord2537
ord296
ord5109
ord1681
ord5327
ord3815
ord677
ord686
ord2100
ord4642
ord1685
ord1771
ord2278
ord436
ord1691
ord663
ord6793
ord403
ord1265
ord1555
ord5753
ord320
ord712
ord6114
ord3580
ord3856
ord1272
ord486
ord819
ord1065
ord6595
ord4507
ord4506
ord6479
ord3377
ord6408
ord4760
ord2364
ord2587
ord1357
ord367
ord2143
ord636
ord1500
ord6153
ord4305
ord580
ord5892
ord1041
ord6121
ord3648
ord5307
ord3730
ord942
ord4392
ord6148
ord6615
ord5063
ord4706
ord4656
ord5598
ord4970
ord5339
ord2445
ord2079
ord2855
ord5432
ord5435
ord4716
ord4539
ord3224
ord3221
ord464
ord3222
ord6361
ord978
ord5786
ord3278
ord2646
ord2645
ord1684
ord4330
ord5581
ord2369
ord1384
ord4683
ord6355
ord3217
ord4671
ord3994
ord3808
ord4281
ord6432
ord3422
ord1746
ord3940
ord2638
ord2639
ord2642
ord2641
ord2640
ord4337
ord5001
ord3993
ord4095
ord4851
ord4850
ord5209
ord4608
ord5199
ord4795
ord4575
ord4582
ord5194
ord4793
ord4808
ord4806
ord4788
ord4791
ord4786
ord5281
ord5278
ord4364
ord3345
ord6390
ord5584
ord5637
ord3670
ord1444
ord5607
ord1683
ord4679
ord413
ord669
ord3807
ord3949
ord5926
ord2950
ord2948
ord3525
ord400
ord2547
ord579
ord780
ord5528
ord5776
ord6339
ord6815
ord1568
ord2896
ord4384
ord3629
ord4529
ord6241
ord6048
ord3738
ord4979
ord2854
ord2862
ord6742
ord2204
ord2239
ord5589
ord6027
ord1466
ord5844
ord3004
ord5928
ord4663
ord5270
ord5156
ord2090
ord4627
ord3331
ord3030
ord6419
ord6533
ord4891
ord4670
ord3991
ord6680
ord5646
ord2447
ord406
ord2490
ord665
ord6170
ord1098
ord1155
ord1186
ord6462
ord570
ord994
ord341
ord5552
ord5658
ord617
ord4434
ord4409
ord6783
ord4159
ord6781
ord4733
ord2251
ord2206
ord6018
ord4165
ord1046
ord5533
ord6721
ord5813
ord4199
ord2087
ord3209
ord5657
ord5659
ord4333
ord4981
ord5663
ord6001
ord3110
ord4890
ord3659
ord589
ord793
ord4882
ord4878
ord4875
ord4029
ord265
ord781
ord1219
ord5750
ord1247
ord311
ord307
ord1280
ord6791
ord2691
ord1062
ord3554
ord1252
ord2698
ord405
ord2209
ord5835
ord3390
ord2692
ord664
ord766
ord1042
ord6188
ord2721
ord581
ord782
ord3479
ord941
ord4481
ord945
ord1868
ord4030
ord5842
ord485
ord1760
ord1492
ord6771
ord2105
ord1605
ord4497
ord2279
ord1698
ord4643
ord3553
ord2069
ord1108
ord1358
ord2106
ord1183
ord3477
ord2672
ord692
ord1137
ord1603
ord2904
ord899
ord2082
ord4502
ord4116
ord4311
ord6291
ord6584
ord1037
ord6359
ord841
ord1935
ord1943
ord2050
ord1922
ord615
ord4993
ord2208
ord5636
ord374
ord639
ord4252
ord6327
ord6335
ord3056
ord4248
ord2899
ord3783
ord798
ord4431
ord306
ord1320
ord1321
ord1607
ord6676
ord6682
ord6670
ord595
ord796
ord2592
ord1144
ord3213
ord305
ord6613
ord1611
ord300
ord266
ord3157
ord4031
ord2539
ord5924
ord6740
ord2327
ord3178
ord910
ord6257
ord6559
ord2360
ord6530
ord1490
ord1938
ord2057
ord1944
ord316
ord820
ord611
ord633
ord777
ord654
ord3506
ord1677
ord3502
ord3519
ord2103
ord1604
ord4496
ord2277
ord1670
ord4640
ord3487
ord2274
ord1668
ord4638
ord3480
ord2283
ord1720
ord3346
ord6391
ord1497
ord4646
ord5647
ord3277
ord4667
ord3643
ord3528
ord3534
ord3987
ord5615
ord4617
ord5152
ord5309
ord1810
ord1809
ord1678
ord3344
ord6388
ord1755
ord1752
ord4331
ord1496
ord4650
ord5585
ord2074
ord5497
ord6780
ord4589
ord3732
ord5139
ord4688
ord1729
ord6446
ord5668
ord5666

msvcr90

atol
_purecall
_CIfmod
exit
strncpy
__RTDynamicCast
_mbstok_s
rand
_encoded_null
__FrameUnwindFilter
__CxxQueryExceptionSize
_decode_pointer
srand
sprintf
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_mbsicmp
_mbscmp
memcpy_s
sprintf_s
_mbctoupper
__CxxFrameHandler3
_mbctolower
sscanf_s
strftime
strcpy_s
atof
_fcvt_s
_atoi64
wcsncpy_s
memcpy
strcmp
free
malloc
_resetstkoflw
floor
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
_setmbcp
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
atoi
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
_initterm
_acmdln
_ismbblead
_onexit
_exit
_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
strtod
ceil
_localtime64_s
_time64
?what@exception@std@@UBEPBDXZ
memset
modf
_XcptFilter
__CxxExceptionFilter

kernel32

GetCurrencyFormatA
GetNumberFormatA
GetUserDefaultLCID
SetLocaleInfoA
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetComputerNameA
CreateFileA
LoadLibraryA
GetModuleHandleA
GetProcAddress
SetLastError
lstrcatA
IsDBCSLeadByte
ReleaseMutex
SetFilePointer
WriteFile
FindResourceA
LoadResource
LockResource
FreeResource
LocalAlloc
LocalFree
InterlockedIncrement
FormatMessageA
lstrcpyA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
DeleteFileA
CreateDirectoryA
InterlockedDecrement
CreateMutexA
GetModuleFileNameA
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameW
lstrcmpiA
GetCurrentProcess
SetSystemTime
GetExitCodeThread
SetCommTimeouts
GetCommTimeouts
ReadFile
SetCommState
GetCommState
CompareStringA
Sleep
GetVersionExA
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentDirectoryA
GetSystemTime
GetLastError
WaitForMultipleObjects
ResetEvent
GetCurrentThreadId
WideCharToMultiByte
lstrlenW
SetEvent
CreateEventA
GetSystemDirectoryA
CreateProcessA
WaitForSingleObject
CloseHandle
GetExitCodeProcess
Beep
MultiByteToWideChar
lstrlenA
GetCurrentProcessId

user32

DeleteMenu
GetMessagePos
InflateRect
DrawFrameControl
FindWindowExA
LoadCursorA
SetForegroundWindow
BringWindowToTop
ShowWindow
CloseClipboard
SetCapture
ReleaseCapture
DispatchMessageA
TranslateMessage
GetCursorPos
DestroyIcon
CreateIconFromResourceEx
RedrawWindow
CallWindowProcA
GetDC
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
EmptyClipboard
SetClipboardData
TrackPopupMenu
MessageBeep
GetMenuItemCount
IsWindow
GetWindowLongA
SetWindowLongA
GetParent
LoadImageA
ExitWindowsEx
GetFocus
GetSysColor
OemKeyScan
IsWindowVisible
RegisterWindowMessageA
GetDesktopWindow
EnableWindow
SendMessageA
InvalidateRect
LoadBitmapA
SetTimer
KillTimer
wsprintfA
MessageBoxA
PostMessageA
LoadIconA
SetWindowsHookExA
ShowCursor
UnhookWindowsHookEx
CallNextHookEx
GetWindowRect
UpdateWindow
EnableMenuItem
InsertMenuA
ScreenToClient
DrawFocusRect
FrameRect
DestroyMenu
CreatePopupMenu
AppendMenuA
OffsetRect
PtInRect
CopyRect
GetDlgItem
DestroyAcceleratorTable
CopyAcceleratorTableA
CreateAcceleratorTableA
GetClassNameA
TranslateAcceleratorA
PostThreadMessageA
GetWindow
GetNextDlgGroupItem
ReleaseDC
IsWindowEnabled
GetClientRect
GetKeyState
FillRect
GetWindowPlacement
GetLastActivePopup

gdi32

GetStockObject
BitBlt
CreateCompatibleBitmap
GetCurrentObject
GetTextExtentPoint32A
GetTextColor
CreateFontIndirectA
CreatePen
CreateCompatibleDC
GetObjectA
GetBitmapBits
CreateBitmapIndirect
SelectObject
StretchDIBits
DeleteObject
CreateSolidBrush
SetBkColor

comdlg32

GetSaveFileNameA

advapi32

RegDeleteKeyA
RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetFolderPathA

comctl32

ImageList_DrawEx

shlwapi

SHDeleteKeyA
SHCopyKeyA

ole32

CoInitialize
OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoUninitialize

oleaut32

GetErrorInfo
VarI4FromStr
SysStringLen
SafeArrayDestroyData
GetActiveObject
SafeArrayGetElement
VarR8FromDec
VarR8FromCy
SafeArrayGetUBound
SafeArrayRedim
SafeArrayPutElement
VariantCopy
VariantInit
SysAllocString
VariantClear
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
VarUdateFromDate
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VarDateFromStr
SysFreeString
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime

toolkitpro1122vc90

?LoadSkin@CXTPSkinManager@@QAEHPBD0@Z
?PreTranslateMessage@?$CXTPCommandBarsSiteBase@VCFrameWnd@@@@MAEHPAUtagMSG@@@Z
?OnSetPreviewMode@?$CXTPFrameWndBase@VCFrameWnd@@@@UAEXHPAUCPrintPreviewState@@@Z
?LoadFrame@?$CXTPFrameWndBase@VCFrameWnd@@@@UAEHIKPAVCWnd@@PAUCCreateContext@@@Z
?OnWndMsg@?$CXTPCommandBarsSiteBase@VCFrameWnd@@@@MAEHIIJPAJ@Z
??0CXTPFrameWnd@@QAE@XZ
?XTPSkinManager@@YAPAVCXTPSkinManager@@XZ
?SetApplyOptions@CXTPSkinManager@@QAEXK@Z
??1CXTPFrameWnd@@UAE@XZ
??0CXTPTaskDialog@@QAE@PAVCWnd@@@Z
?SetWindowTitle@CXTPTaskDialog@@QAEXPBD@Z
?SetCommonButtons@CXTPTaskDialog@@QAEXH@Z
?SetMainInstruction@CXTPTaskDialog@@QAEHPBD@Z
?SetFooter@CXTPTaskDialog@@QAEHPBD@Z
?SetFooterIcon@CXTPTaskDialog@@QAEHPB_W@Z
?SetContent@CXTPTaskDialog@@QAEHPBD@Z
?SetMainIcon@CXTPTaskDialog@@QAEHPB_W@Z
?EnableMessageBoxStyle@CXTPTaskDialog@@QAEXH@Z
?EnableCommandLinks@CXTPTaskDialog@@QAEXHH@Z
?DoModal@CXTPTaskDialog@@QAEHH@Z
??1CXTPTaskDialog@@UAE@XZ
??0CXTPWinDwmWrapper@@QAE@XZ
?SetProcessDPIAware@CXTPWinDwmWrapper@@QAEXXZ
??1CXTPWinDwmWrapper@@QAE@XZ
?AddButton@CXTPTaskDialog@@QAEXPBDH@Z

msvcp90

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ibfs32

TMEndSession
TMNext
TMRom
TMFirst
TMSetup
TMExtendedStartSession
TMTouchByte

winspool.drv

EnumPrintersA

msvcm90

?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z

mscoree

_CorExeMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 814KB - Virtual size: 813KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

257241a1afac48a3bee074a527579d04

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

log4netwrapper

mfc90

msvcr90

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

toolkitpro1122vc90

msvcp90

version

ibfs32

winspool.drv

msvcm90

mscoree

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 814KB - Virtual size: 813KB

.data Size: 27KB - Virtual size: 338KB

.rsrc Size: 367KB - Virtual size: 367KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 814KB - Virtual size: 813KB

.data
Size: 27KB - Virtual size: 338KB

.rsrc
Size: 367KB - Virtual size: 367KB