gmcloud - xaxx - Rali[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gmcloud - xaxx - Rali.exe
Size

953KB
MD5

f1587c04109affb631e32530f2788400
SHA1

6e1032d0774f846cf2732bd030c878e8ffdfbda0
SHA256

9fa31d1e0f51f211cf25d89de5dfa9d5e106f77dff9e18b0cb2030530c13903a
SHA512

a3781e66794a82cbf2ffa85f27cbd8a898c895c5d509eb7e0924b011b65d72a881df0c7f4a3bc3e0f42587f6eec45a2dd86ae7e151e4af07675f066f8925c43d
SSDEEP

12288:6fdManssMcA1LR6Luw3ARzNtletq2GUBRU9ftKfqUkcsf1CHsQ:+M7xZguEkzs42JBW9ftvbHf1CJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gmcloud - xaxx - Rali.exe

Files

gmcloud - xaxx - Rali.exe
.exe windows x86

2fc48abcfc4886d28d2790323d96cffb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr71

__p__commode
__p__fmode
__set_app_type
_adjust_fdiv
__dllonexit
_onexit
_controlfp
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_mbschr
_mbsicmp
_access
_mbsrchr
isspace
_splitpath
_except_handler3
_makepath

kernel32

GetModuleHandleA
GetModuleFileNameA
FreeLibrary
GetProcAddress
GetSystemDirectoryA
lstrcatA
GetCurrentDirectoryA
LoadLibraryA
lstrcpyA
_lopen
_lclose
_llseek
_lread
GetStartupInfoA

user32

MessageBoxA
LoadStringA
wsprintfA

advapi32

RegQueryValueA
RegOpenKeyA
RegCloseKey

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ