gu[.]exe | Triage

Sharing

General

Target

gu.exe
Size

501KB
MD5

4838cffb6abbb084c90d6148c8af4150
SHA1

3b468222f1b323c944f14ec5e6d9e88cf99e43b0
SHA256

454aeeebb31b396580032ea5484a998de90f0e8acc5bac19f2cdc66150cfff62
SHA512

cd9770457c90ff8e6c0f69fdcbee987058182ae53ab40b718ab450953abcf631a7e54a35b140f743d8384063b8f5499ddf1fdb79055f14a3e5232f7cc6f3c99c
SSDEEP

12288:qYMo1y/Os3kV5Jwrg1fgve6QXv9dntE7F/:qYMo1y/OsC5C2fgve6QXv9jEh/

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

Processes:

resource yara_rule

sample Nirsoft
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

gu.exe

Files

gu.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 496KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ