golddragon | 1d30dfa5d8f21d1465409b207115ded6[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

1d30dfa5d8f21d1465409b207115ded6.bin
Size

948KB
MD5

1d30dfa5d8f21d1465409b207115ded6
SHA1

942fd7b4ef1ccf7032a40acad975c7b5905c3c77
SHA256

ed0161f2a3337af5e27a84bea85fb4abe35654f5de22bcb8a503d537952b1e8a
SHA512

743b9e97336b07e3fde5511328488db212b1d7fac73152cef6253ddee1da3ee9764919eb2672caa0ffa258c79d37044f478afa6040d19ab822fc850e374fc646
SSDEEP

12288:Xk39Tm0nUOM1rlFZs4pw60ev9cdPw7lu73ATUUyLafJVtnMB8UltPh:CHUOM1hFZlZ9YPeu73AA6Jbne80

Score

10^/10

backdoor golddragon

Malware Config

Signatures

GoldDragon 2021 Stage1 backdoor 1 IoCs

Detect GoldDragon backdoor Stage 1.

backdoor

Processes:

resource	yara_rule
sample	golddragon_stage1

Golddragon family
golddragon

Files

1d30dfa5d8f21d1465409b207115ded6.bin
.dll windows x86

d7cf30779d8b58c19f625c8148399a98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance

shlwapi

PathAppendW

Exports

Exports

Run

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bobo0
Size: 466KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bobo1
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7cf30779d8b58c19f625c8148399a98

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 130KB - Virtual size: 129KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 7KB - Virtual size: 11KB

.gfids Size: 512B - Virtual size: 288B

.tls Size: 512B - Virtual size: 9B

.bobo0 Size: 466KB - Virtual size: 465KB

.bobo1 Size: 49KB - Virtual size: 48KB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 250KB - Virtual size: 249KB

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 7KB - Virtual size: 11KB

.gfids
Size: 512B - Virtual size: 288B

.tls
Size: 512B - Virtual size: 9B

.bobo0
Size: 466KB - Virtual size: 465KB

.bobo1
Size: 49KB - Virtual size: 48KB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 250KB - Virtual size: 249KB