gzdoom[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gzdoom.exe
Size

8.7MB
MD5

ece7a33221c7dbfd5467219aa749fee0
SHA1

c6a92bca1cbdad7a2826a7acbb58b7ae2209c3da
SHA256

da5d7958f3a320fe5c33d18c324e80b56ed0c69c7cb237108c45916f986a4a85
SHA512

5a0256fb354b616c963fde96a2ee72d4295a00d548dfe1fc1acc0485d91f125b6e8ca41e73f2b138a090c5bc302fbf5941d8c7817d2a66d408a82a3a1a4f380f
SSDEEP

98304:1xIXLuIbkBjMNIHFcdBTPIgnwopPBviU5/5SzLF:1xzIABjMNIH2BPIawoFBvN5/5SzB

Score

1^/10

Malware Config

Signatures

Files

gzdoom.exe
.exe windows x64

61e13760b0afc8957b1802128b196532

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wsock32

WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
socket
sendto
recvfrom
ntohl
inet_addr
ioctlsocket
htons
inet_ntoa
closesocket
bind

winmm

timeEndPeriod
timeBeginPeriod
timeGetDevCaps

ole32

CoInitialize
CoTaskMemFree
CoUninitialize

user32

ClientToScreen
ClipCursor
GetClassLongPtrW
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetRawInputDeviceInfoW
GetCursorPos
SendMessageW
RegisterClassW
CreateWindowExW
ShowWindow
MoveWindow
SetWindowPos
SetFocus
SetCursorPos
GetWindowRect
GetClientRect
GetMessageW
GetParent
GetActiveWindow
GetFocus
SetForegroundWindow
TranslateMessage
DispatchMessageW
PeekMessageW
DefWindowProcW
PostQuitMessage
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
GetKeyState
MapVirtualKeyW
SetCapture
ReleaseCapture
InvalidateRect
AdjustWindowRectEx
SetCursor
GetWindowLongW
GetRawInputData
GetForegroundWindow
CreateDialogParamW
ScreenToClient
SetWindowTextA
GetUpdateRect
EndPaint
BeginPaint
CallWindowProcW
SendMessageA
GetDesktopWindow
UnregisterClassW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
GetMonitorInfoA
IsZoomed
KillTimer
SetTimer
SetDlgItemTextW
DestroyWindow
CreateIconIndirect
DestroyCursor
SetClassLongPtrW
GetWindowTextW
GetAsyncKeyState
SendDlgItemMessageW
SetDlgItemTextA
EndDialog
DialogBoxParamW
EnumDisplaySettingsW
MapDialogRect
IsDialogMessageW
LoadImageW
LoadIconW
LoadCursorW
GetDlgItem
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
SetRect
FillRect
MessageBoxW
MessageBoxA
GetWindowTextLengthW
SetWindowTextW
ReleaseDC
GetDC
DrawIcon
GetSystemMetrics
RegisterRawInputDevices

gdi32

DPtoLP
GetObjectW
SetMapMode
SetBkColor
GetMapMode
BitBlt
SetPixelFormat
DescribePixelFormat
ChoosePixelFormat
SwapBuffers
CreateDIBSection
SetPixelV
Rectangle
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
TextOutW
GetTextMetricsW
SetTextAlign
SetTextColor
StretchDIBits
SetBkMode
SelectObject
GetTextExtentPoint32W
GetStockObject
GetDeviceCaps
DeleteObject
CreateSolidBrush
CreateFontIndirectW

comctl32

ord17

comdlg32

GetSaveFileNameW

dbghelp

SymGetSymFromAddr64
ImageNtHeader
SymInitialize
SymGetLineFromAddr64
SymCleanup

zmusic

ZMusic_GetMidiDevices
CreateDecoder
ChangeMusicSettingFloat
ZMusic_GetLastError
FindLoopTags
SoundDecoder_Close
ZMusic_FillStream
ZMusic_Start
ZMusic_Pause
ZMusic_Resume
ZMusic_Update
ZMusic_IsPlaying
ChangeMusicSettingInt
SoundDecoder_Read
ZMusic_OpenSong
SoundDecoder_GetInfo
ZMusic_Stop
ZMusic_Close
ZMusic_SetSubsong
ZMusic_IsLooping
ZMusic_IdentifyMIDIType
ZMusic_IsMIDI
ZMusic_GetStreamInfo
ZMusic_SetCallbacks
ZMusic_SetGenMidi
ZMusic_SetWgOpn
ZMusic_SetDmxGus
ZMusic_CreateMIDISource
ZMusic_MIDIDumpWave
ZMusic_VolumeChanged
ZMusic_WriteSMF
ZMusic_GetStats
ChangeMusicSettingString
ZMusic_GetADLBanks

kernel32

RtlUnwindEx
CreateTimerQueue
VirtualFree
VirtualProtect
VirtualAlloc
UnregisterWaitEx
ReleaseSemaphore
UnregisterWait
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SignalObjectAndWait
SetLastError
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
TerminateProcess
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetModuleHandleExW
GetStringTypeW
LCMapStringEx
MultiByteToWideChar
DecodePointer
EncodePointer
GetACP
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
AcquireSRWLockShared
ReleaseSRWLockShared
RaiseException
GetCommandLineA
ExitThread
HeapSize
CreateDirectoryW
GetFileAttributesExW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
DeleteFileW
RemoveDirectoryW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
SetStdHandle
FindFirstFileExW
RtlPcToFileHeader
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetNativeSystemInfo
SwitchToThread
WaitForSingleObjectEx
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEndOfFile
GetProcessHeap
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateMutexW
ReleaseMutex
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFreeEx
VirtualAllocEx
GetSystemInfo
FindNextFileW
FindFirstFileW
FindClose
WideCharToMultiByte
GetLastError
SleepEx
GetCurrentProcess
SetPriorityClass
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalAlloc
GlobalUnlock
GlobalLock
LoadLibraryW
RtlCaptureContext
GetStdHandle
GetCommandLineW
GetFileInformationByHandle
WriteFile
CloseHandle
DuplicateHandle
SetUnhandledExceptionFilter
HeapAlloc
Sleep
QueueUserAPC
GetCurrentProcessId
ExitProcess
GetCurrentThread
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
MulDiv
AllocConsole
AttachConsole
SetConsoleMode
ReadConsoleW
FlushConsoleInputBuffer
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadPriority
GetVersionExW
LocalFree
GetProcessAffinityMask
SetThreadAffinityMask
FormatMessageA
GetNumaProcessorNode
WriteConsoleW
SetConsoleTextAttribute
GetEnvironmentVariableW
CreateFileW
GetFullPathNameW
RtlVirtualUnwind
GetFileSize
GetTempFileNameW
ReadFile
SetFilePointer
GetTempPathW
WaitForSingleObject
CreateThread
GetExitCodeThread
VirtualQuery
IsDebuggerPresent
RtlAddFunctionTable
RtlDeleteFunctionTable
RtlLookupFunctionEntry
HeapCreate
HeapReAlloc
HeapFree

shell32

ShellExecuteW
SHGetKnownFolderPath
ShellExecuteA

advapi32

RegCloseKey
RegQueryValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
GetUserNameW
RegOpenKeyExW

d3d9

Direct3DCreate9Ex

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 437KB - Virtual size: 9.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

creg
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

freg
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

areg
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

yreg
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

greg
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61e13760b0afc8957b1802128b196532

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

winmm

ole32

user32

gdi32

comctl32

comdlg32

dbghelp

zmusic

kernel32

shell32

advapi32

d3d9

Exports

Exports

Sections

.text Size: 6.2MB - Virtual size: 6.2MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 437KB - Virtual size: 9.9MB

.pdata Size: 253KB - Virtual size: 252KB

creg Size: 1024B - Virtual size: 936B

freg Size: 7KB - Virtual size: 7KB

areg Size: 8KB - Virtual size: 8KB

yreg Size: 1024B - Virtual size: 536B

greg Size: 1024B - Virtual size: 672B

_RDATA Size: 77KB - Virtual size: 76KB

.rsrc Size: 303KB - Virtual size: 303KB

.reloc Size: 57KB - Virtual size: 56KB

.text
Size: 6.2MB - Virtual size: 6.2MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 437KB - Virtual size: 9.9MB

.pdata
Size: 253KB - Virtual size: 252KB

creg
Size: 1024B - Virtual size: 936B

freg
Size: 7KB - Virtual size: 7KB

areg
Size: 8KB - Virtual size: 8KB

yreg
Size: 1024B - Virtual size: 536B

greg
Size: 1024B - Virtual size: 672B

_RDATA
Size: 77KB - Virtual size: 76KB

.rsrc
Size: 303KB - Virtual size: 303KB

.reloc
Size: 57KB - Virtual size: 56KB