Gupax[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Gupax.exe
Size

19.0MB
MD5

880bb7d34febb354a45e3f48c7e6a4ea
SHA1

cd61f522822f90eb5c8a304ac8826c6fe5b5c7aa
SHA256

369eb0b02bc28f9acaffc4d77ad8aa4c75d2ccc5713348a71b680f49f3114e07
SHA512

1477a7bf24d9a7480bcdf7538ad6134a4fb3cf2cabacde0548d431d177b502f7ab54fba6c3c8762a064c8cef6c84a6fd87c10b0280c48e0daf500d8650da27f1
SSDEEP

98304:XGSHNBXcBbi5hlpj6ngoynV0xRO+KqT1OIEPMVJB8O+pOqoIKMmhlNy51+Bm27aE:J35WMsT7nlqS09mY23xN

Score

1^/10

Malware Config

Signatures

Files

Gupax.exe
.exe windows x64

18c0c773263001985f894a892d8a6a06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetThreadErrorMode
GlobalFree
GlobalUnlock
RtlCaptureContext
GetCurrentThread
RtlLookupFunctionEntry
ReleaseMutex
GetProcAddress
CreateMutexA
LoadLibraryA
WaitForSingleObjectEx
GetFileInformationByHandleEx
GetConsoleMode
GetStdHandle
TryAcquireSRWLockShared
UnmapViewOfFile
CreateFileW
SetThreadStackGuarantee
AddVectoredExceptionHandler
CreateDirectoryW
SetEnvironmentVariableW
GetCurrentProcess
GetCommandLineW
GetCurrentProcessId
GetDiskFreeSpaceExW
DeleteFileW
GetSystemInfo
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
FindClose
IsDebuggerPresent
RemoveVectoredExceptionHandler
FreeLibrary
GetModuleHandleW
TryAcquireSRWLockExclusive
TerminateProcess
GlobalLock
GlobalSize
SleepEx
WriteFileEx
GetExitCodeProcess
MultiByteToWideChar
GlobalAlloc
WaitForSingleObject
GlobalMemoryStatusEx
GetFileType
GetNamedPipeInfo
QueryPerformanceFrequency
ReadFile
Sleep
WriteFile
DeviceIoControl
LocalAlloc
CreateEventW
UnlockFileEx
lstrlenW
SetEndOfFile
LockFileEx
RtlUnwindEx
RtlPcToFileHeader
SleepConditionVariableSRW
WakeAllConditionVariable
GetQueuedCompletionStatusEx
RaiseException
CreateIoCompletionPort
SetFileCompletionNotificationModes
SwitchToThread
GetModuleHandleA
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreatePipe
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateProcessW
DuplicateHandle
GetProcessId
SetErrorMode
SetLastError
LoadLibraryW
EncodePointer
WakeConditionVariable
GetTickCount64
CloseHandle
WriteConsoleW
GetCurrentDirectoryW
GetEnvironmentVariableW
FormatMessageW
GetModuleFileNameW
SetFilePointerEx
GetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
FindFirstFileW
ReleaseSRWLockShared
AcquireSRWLockShared
GetLastError
QueryPerformanceCounter
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
GetFileAttributesW
CreateNamedPipeW
CreateThread
ReadFileEx
LocalFree
InitializeCriticalSectionAndSpinCount
ExitProcess
GetSystemTimeAsFileTime
MoveFileExW
SetFileInformationByHandle
SetHandleInformation
TlsAlloc
LoadLibraryExW
SetFilePointer
TlsGetValue
HeapReAlloc
GetCurrentThreadId
TlsSetValue
HeapFree
HeapAlloc
GetProcessTimes
OpenProcess
DeleteCriticalSection
ReadProcessMemory
GetProcessHeap
VirtualQueryEx
GetSystemTimes
GetProcessIoCounters
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetConsoleMode
AreFileApisANSI
PostQueuedCompletionStatus
CreateFileMappingW
MapViewOfFile
VirtualProtect
HeapCreate
CreateEventA
ReleaseSRWLockExclusive
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
GetTempPathW
CreateMutexW
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
AcquireSRWLockExclusive
DeleteFileA
HeapCompact
HeapDestroy
UnlockFile
GetFileSize
SystemTimeToFileTime
WideCharToMultiByte
FlushFileBuffers
GetTickCount
FormatMessageA
GetSystemTime
TlsFree

crypt32

CertVerifyCertificateChainPolicy
CertCloseStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertGetCertificateChain
CertAddCertificateContextToStore
CertOpenStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertDuplicateStore
CertDuplicateCertificateContext

secur32

DeleteSecurityContext
DecryptMessage
ApplyControlToken
EncryptMessage
FreeContextBuffer
AcceptSecurityContext
AcquireCredentialsHandleA
InitializeSecurityContextW
QueryContextAttributesW
FreeCredentialsHandle

ws2_32

getsockopt
connect
bind
WSAIoctl
ioctlsocket
WSASocketW
getsockname
WSAStartup
closesocket
WSACleanup
getpeername
getaddrinfo
send
recv
WSASend
socket
WSAGetLastError
setsockopt
shutdown
freeaddrinfo

ole32

CoInitializeSecurity
RevokeDragDrop
CoTaskMemFree
CoUninitialize
CoSetProxyBlanket
RegisterDragDrop
CoCreateInstance
OleInitialize
CoInitializeEx

shell32

SHGetKnownFolderPath
CommandLineToArgvW
SHCreateItemFromParsingName
ShellExecuteW
DragFinish
DragQueryFileW

pdh

PdhCloseQuery
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhCollectQueryData
PdhOpenQueryA
PdhRemoveCounter

bcrypt

BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidW
SystemFunction036

user32

GetMenu
AdjustWindowRectEx
ClientToScreen
SystemParametersInfoA
GetKeyState
ToUnicodeEx
ShowWindow
SendMessageW
SetWindowLongW
GetMessageW
SetClipboardData
EmptyClipboard
GetKeyboardLayout
DestroyIcon
GetClipboardData
IsClipboardFormatAvailable
GetKeyboardState
SetCursor
LoadCursorW
MonitorFromRect
CloseTouchInputHandle
GetTouchInputInfo
MapVirtualKeyA
TrackMouseEvent
SetCapture
ScreenToClient
GetActiveWindow
IsProcessDPIAware
GetClipCursor
RegisterWindowMessageA
GetDC
RegisterTouchWindow
GetSystemMetrics
SetForegroundWindow
SendInput
MapVirtualKeyW
TranslateMessage
MsgWaitForMultipleObjectsEx
DispatchMessageW
GetUpdateRect
PostThreadMessageW
ValidateRect
GetRawInputData
DefWindowProcW
GetWindowLongPtrW
DestroyWindow
RegisterRawInputDevices
SetWindowLongPtrW
RedrawWindow
CreateWindowExW
RegisterClassExW
CreateIcon
MonitorFromWindow
SetWindowPlacement
GetWindowPlacement
PeekMessageW
ChangeDisplaySettingsExW
GetMonitorInfoW
InvalidateRgn
SetWindowPos
GetWindowRect
ReleaseCapture
GetCursorPos
SetWindowTextW
PostMessageW
GetClientRect
GetWindowLongW
ClipCursor
CloseClipboard
OpenClipboard
ShowCursor

winmm

timeGetDevCaps
timeEndPeriod
timeBeginPeriod

gdi32

GetDeviceCaps
CreateRectRgn
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

imm32

ImmAssociateContextEx
ImmGetContext
ImmReleaseContext
ImmSetCandidateWindow
ImmGetCompositionStringW

ntdll

NtQuerySystemInformation
NtQueryInformationProcess
RtlNtStatusToDosError
NtCancelIoFileEx
RtlGetVersion
NtDeviceIoControlFile
NtCreateFile

oleaut32

GetErrorInfo
SysFreeString
SysStringLen
VariantClear
SysAllocString

iphlpapi

GetIfEntry2

powrprof

CallNtPowerInformation

d3dcompiler_47

D3DCompile

uxtheme

SetWindowTheme

psapi

GetModuleFileNameExW
GetPerformanceInfo

api-ms-win-crt-math-l1-1-0

roundf
round
__setusermatherr
truncf
log
exp2
sin
cos
powf
_hypotf
ceilf
floorf
expf
floor
trunc
exp2f
atan2f
log10
ceil
pow
cbrtf
sinf
cosf
acosf
fmod

api-ms-win-crt-string-l1-1-0

wcsncmp
strcpy_s
strcspn
strncmp
wcslen
strlen
strcmp

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_msize
free
realloc
calloc
malloc

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

terminate
_initterm
_initialize_narrow_environment
_crt_atexit
_configure_narrow_argv
_set_app_type
_seh_filter_exe
_wassert
_register_onexit_function
abort
_initialize_onexit_table
_initterm_e
_beginthreadex
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_exit
exit
_endthreadex
_get_initial_narrow_environment

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 13.1MB - Virtual size: 13.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 455KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18c0c773263001985f894a892d8a6a06

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crypt32

secur32

ws2_32

ole32

shell32

pdh

bcrypt

advapi32

user32

winmm

gdi32

dwmapi

imm32

ntdll

oleaut32

iphlpapi

powrprof

d3dcompiler_47

uxtheme

psapi

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 13.1MB - Virtual size: 13.1MB

.rdata Size: 5.1MB - Virtual size: 5.1MB

.data Size: 26KB - Virtual size: 30KB

.pdata Size: 455KB - Virtual size: 454KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 265KB - Virtual size: 265KB

.reloc Size: 58KB - Virtual size: 57KB

.text
Size: 13.1MB - Virtual size: 13.1MB

.rdata
Size: 5.1MB - Virtual size: 5.1MB

.data
Size: 26KB - Virtual size: 30KB

.pdata
Size: 455KB - Virtual size: 454KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 265KB - Virtual size: 265KB

.reloc
Size: 58KB - Virtual size: 57KB