GeodeInstaller-win[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

GeodeInstaller-win.exe
Size

6.6MB
MD5

c2d886e17fe94b343f9a303dbb32399f
SHA1

7642a5fb3e7cddd9425e93401b87c843dbc3a596
SHA256

df8e12de97f4aaedfa88e14f9ec05da543b18dac1b5d33a331d67ced04b9fe01
SHA512

300eb5ddec6c50f3d4d46e013dfd76e3f7b09e41ff588a7cd40c25c3645fc965cd083da825909e921ffa1d9d89d74f8b6d3b487f98ceada31bad466067ec3f0a
SSDEEP

49152:QVx8m7w/fwlDNfJzCDoxqFyHeFe1VThjePJkXv/Ml9ZQVk1BeqqIeEswbi14PZUN:C8mPJePcw96qb9+Elp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GeodeInstaller-win.exe

Files

GeodeInstaller-win.exe
.exe windows x64

439f42b3fe3fda899d6c937452fe510c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
RtlVirtualUnwind
NtCancelIoFileEx

opengl32

wglShareLists
wglCreateContext
wglGetProcAddress
wglGetCurrentDC
wglMakeCurrent
wglDeleteContext
wglGetCurrentContext

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

gdi32

GetPixelFormat
CreateRectRgn
DeleteObject
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
GetDeviceCaps
SwapBuffers

kernel32

WriteConsoleW
CreateThread
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
CloseHandle
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetCurrentThreadId
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
SleepConditionVariableSRW
SetHandleInformation
GetCurrentProcessId
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
lstrlenW
GetProcAddress
LoadLibraryW
GetModuleHandleW
LoadLibraryExW
GetLastError
FreeLibrary
SetThreadErrorMode
Sleep
FormatMessageW
GlobalLock
GlobalSize
GlobalAlloc
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
GlobalUnlock
GetSystemInfo
CreateFileMappingW
MapViewOfFile
VirtualProtect
UnmapViewOfFile
LoadLibraryA
GetModuleHandleA
ReleaseMutex
FindClose
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
SetFileInformationByHandle
DuplicateHandle
CreateDirectoryW
GetStdHandle
WaitForSingleObject
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
WaitForSingleObjectEx
CreateMutexA
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
GetConsoleMode
GetFullPathNameW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
RegisterDragDrop
OleInitialize
RevokeDragDrop

shell32

DragQueryFileW
SHGetKnownFolderPath
SHCreateItemFromParsingName
DragFinish

user32

SetWindowLongW
SystemParametersInfoA
ToUnicodeEx
GetKeyboardLayout
ShowWindow
GetWindowLongW
AdjustWindowRectEx
GetMenu
PostMessageW
SetWindowLongPtrW
ValidateRect
RedrawWindow
DefWindowProcW
PostThreadMessageW
PeekMessageW
GetUpdateRect
GetCursorPos
ReleaseCapture
IsWindowVisible
ScreenToClient
DestroyWindow
TrackMouseEvent
GetTouchInputInfo
CloseTouchInputHandle
MonitorFromWindow
MonitorFromRect
GetMonitorInfoW
SetWindowPos
LoadCursorW
SetCursor
TranslateMessage
DispatchMessageW
GetWindowLongPtrW
InvalidateRgn
GetDC
GetSystemMetrics
RegisterTouchWindow
RegisterClassExW
CreateWindowExW
GetClientRect
MapVirtualKeyA
GetMessageW
ChangeDisplaySettingsExW
GetWindowPlacement
SetWindowPlacement
GetClassNameW
GetClassInfoExW
OpenClipboard
CloseClipboard
GetClipboardData
EmptyClipboard
SetClipboardData
RegisterWindowMessageA
RegisterRawInputDevices
MsgWaitForMultipleObjectsEx
SetCapture
GetRawInputData
DestroyIcon
SendMessageW
ClientToScreen
GetWindowRect
ShowCursor
GetClipCursor
ClipCursor
GetActiveWindow
IsProcessDPIAware
MonitorFromPoint
SetWindowTextW
MapVirtualKeyW
SendInput
SetForegroundWindow
GetKeyState
GetKeyboardState

ws2_32

getpeername
getsockname
WSASocketW
bind
connect
ioctlsocket
closesocket
shutdown
recv
send
WSASend
setsockopt
WSAIoctl
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
getsockopt

dwmapi

DwmEnableBlurBehindWindow

secur32

AcquireCredentialsHandleA
FreeCredentialsHandle
QueryContextAttributesW
DeleteSecurityContext
ApplyControlToken
DecryptMessage
FreeContextBuffer
AcceptSecurityContext
InitializeSecurityContextW
EncryptMessage

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFreeCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateChain

winmm

timeGetDevCaps
timeBeginPeriod
timeEndPeriod

uxtheme

SetWindowTheme

imm32

ImmReleaseContext
ImmGetContext
ImmAssociateContextEx
ImmGetCompositionStringW

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGenRandom

vcruntime140

_CxxThrowException
memcmp
memcpy
memset
memmove
__CxxFrameHandler3
__current_exception_context
__C_specific_handler
__current_exception

api-ms-win-crt-math-l1-1-0

floor
roundf
_hypotf
tan
_hypot
fmod
__setusermatherr
log2
trunc
acosf
acos
fmodf
cosf
sin
cos
pow
ceil
round
ceilf
powf
atan2
floorf
truncf

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free

api-ms-win-crt-string-l1-1-0

strlen
wcslen

api-ms-win-crt-runtime-l1-1-0

_exit
_register_onexit_function
_initialize_narrow_environment
_crt_atexit
strerror
exit
_seh_filter_exe
_initterm_e
terminate
_initterm
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_configure_narrow_argv
_get_initial_narrow_environment
_c_exit
_set_app_type
__p___argv
_cexit
__p___argc

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

439f42b3fe3fda899d6c937452fe510c

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

opengl32

advapi32

gdi32

kernel32

ole32

shell32

user32

ws2_32

dwmapi

secur32

crypt32

winmm

uxtheme

imm32

bcrypt

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 17KB - Virtual size: 20KB

.pdata Size: 205KB - Virtual size: 204KB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 4.5MB - Virtual size: 4.5MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 17KB - Virtual size: 20KB

.pdata
Size: 205KB - Virtual size: 204KB

.reloc
Size: 32KB - Virtual size: 31KB