GddTxs[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

GddTxs.zip
Size

567KB
MD5

c0392b365b747a35ed36c018e404a8a1
SHA1

60e23b7bc4ce991fc7b459fa01db497b0b6878d5
SHA256

4f82f7df472ccb0bd7aedbca1639049c132f5caa50938ef947f58321fd740eed
SHA512

e57de9aa7fd6f1084655b6f4d5b236674810c3596254e648f487eb3b46a4385726883bc8d86b97f0e8441f69729bd4a270cbd89861006b4177692650c5563148
SSDEEP

12288:laM6RHLxPSgYs1LQJbPgKOEen8XffYdv/2fxxm3/qpuag:wxQsEbPlOEen8X++flgag

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/package/glib-2.0-0.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/package/glib-2.0-0.dll	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/package/fdafvad.fdafad
unpack001/package/glib-2.0-0.dll
unpack001/package/libgcc_s_dw2-1.dll

Files

GddTxs.zip
.zip
package/fdafvad.fdafad
.exe windows x86

f9213ba4093cc8b0bf43f34d68c899a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

glib-2.0-0

g_assertion_message_expr
g_malloc

kernel32

DuplicateHandle
ExitProcess
GetCommandLineA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetStartupInfoA
SetUnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

_close
_dup2
_open
_read
_write
__getmainargs
__p___argc
__p___argv
__p__environ
__p__fmode
__set_app_type
__wgetmainargs
_assert
_cexit
_errno
_exit
_get_osfhandle
_iob
_onexit
_open_osfhandle
_setmode
_wchdir
_wspawnv
_wspawnvp
atexit
atoi
memcpy
signal
strlen

libgcc_s_dw2-1

__deregister_frame_info
__register_frame_info

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 116B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
package/glib-2.0-0.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

g_assertion_message_expr
g_malloc

Sections

UPX0
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
package/libgcc_s_dw2-1.dll
.dll windows x86

080e3868e0f94f7338a610f8f8cf004e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
ReleaseSemaphore
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

__dllonexit
_errno
_iob
abort
calloc
fflush
free
fwrite
malloc
memcpy
memset
realloc
strlen
vfprintf

Exports

Exports

_Unwind_Backtrace
_Unwind_DeleteException
_Unwind_FindEnclosingFunction
_Unwind_Find_FDE
_Unwind_ForcedUnwind
_Unwind_GetCFA
_Unwind_GetDataRelBase
_Unwind_GetGR
_Unwind_GetIP
_Unwind_GetIPInfo
_Unwind_GetLanguageSpecificData
_Unwind_GetRegionStart
_Unwind_GetTextRelBase
_Unwind_RaiseException
_Unwind_Resume
_Unwind_Resume_or_Rethrow
_Unwind_SetGR
_Unwind_SetIP
__absvdi2
__absvsi2
__addtf3
__addvdi3
__addvsi3
__ashldi3
__ashrdi3
__bswapdi2
__bswapsi2
__clear_cache
__clrsbdi2
__clrsbsi2
__clzdi2
__clzsi2
__cmpdi2
__ctzdi2
__ctzsi2
__deregister_frame
__deregister_frame_info
__deregister_frame_info_bases
__divdc3
__divdi3
__divsc3
__divtc3
__divtf3
__divxc3
__emutls_get_address
__emutls_register_common
__enable_execute_stack
__eqtf2
__extenddftf2
__extendsftf2
__extendxftf2
__ffsdi2
__ffssi2
__fixdfdi
__fixsfdi
__fixtfdi
__fixtfsi
__fixunsdfdi
__fixunsdfsi
__fixunssfdi
__fixunssfsi
__fixunstfdi
__fixunstfsi
__fixunsxfdi
__fixunsxfsi
__fixxfdi
__floatdidf
__floatdisf
__floatditf
__floatdixf
__floatsitf
__floatundidf
__floatundisf
__floatunditf
__floatundixf
__floatunsitf
__gcc_personality_v0
__getf2
__gttf2
__letf2
__lshrdi3
__lttf2
__moddi3
__muldc3
__muldi3
__mulsc3
__multc3
__multf3
__mulvdi3
__mulvsi3
__mulxc3
__negdi2
__negtf2
__negvdi2
__negvsi2
__netf2
__paritydi2
__paritysi2
__popcountdi2
__popcountsi2
__powidf2
__powisf2
__powitf2
__powixf2
__register_frame
__register_frame_info
__register_frame_info_bases
__register_frame_info_table
__register_frame_info_table_bases
__register_frame_table
__subtf3
__subvdi3
__subvsi3
__trunctfdf2
__trunctfsf2
__trunctfxf2
__ucmpdi2
__udivdi3
__udivmoddi4
__umoddi3
__unordtf2

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 188B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
txtCode/out.bin

Sharing

General

Malware Config

Signatures

Files

f9213ba4093cc8b0bf43f34d68c899a1

Headers

File Characteristics

Imports

glib-2.0-0

kernel32

msvcrt

libgcc_s_dw2-1

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 16B

.rdata Size: 512B - Virtual size: 304B

/4 Size: 512B - Virtual size: 4B

.bss Size: - Virtual size: 116B

.idata Size: 1KB - Virtual size: 1KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 168KB

UPX1 Size: 86KB - Virtual size: 88KB

.rsrc Size: 1024B - Virtual size: 4KB

080e3868e0f94f7338a610f8f8cf004e

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 83KB

.data Size: 512B - Virtual size: 36B

.rdata Size: 5KB - Virtual size: 4KB

/4 Size: 11KB - Virtual size: 11KB

.bss Size: - Virtual size: 188B

.edata Size: 3KB - Virtual size: 2KB

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 304B

/4
Size: 512B - Virtual size: 4B

.bss
Size: - Virtual size: 116B

.idata
Size: 1KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 168KB

UPX1
Size: 86KB - Virtual size: 88KB

.rsrc
Size: 1024B - Virtual size: 4KB

.text
Size: 84KB - Virtual size: 83KB

.data
Size: 512B - Virtual size: 36B

.rdata
Size: 5KB - Virtual size: 4KB

/4
Size: 11KB - Virtual size: 11KB

.bss
Size: - Virtual size: 188B

.edata
Size: 3KB - Virtual size: 2KB

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 2KB - Virtual size: 1KB