GMCloud - XAXX - Cibeles[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

GMCloud - XAXX - Cibeles.exe
Size

1.9MB
MD5

decd44f598249e76d427dc296ea33fd6
SHA1

b2ca768bf726e593f1e47a9b8c1ac62d7d36619e
SHA256

eb5a00726c51719a0aa3cd12af970aaa2eef9bfa5fce9892d918d6d5e8c14b23
SHA512

778ab3071411ab043666a165b5c897427bebd11c6ca470041b4b158e66b5d2b7abb1ca1c3a934ae294665fced13f709168717a63ed1a678a31ffcff66fbc29c4
SSDEEP

24576:+W8xivGVdYCx25b5xNK7d4b667Vxnhv71CQzwqVePXCfOonaOY78pOSyIHVX:Lps25b5xw7dyh/hv71hzwqVePSJASzVX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GMCloud - XAXX - Cibeles.exe

Files

GMCloud - XAXX - Cibeles.exe
.exe windows x86

2fc48abcfc4886d28d2790323d96cffb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr71

__p__commode
__p__fmode
__set_app_type
_adjust_fdiv
__dllonexit
_onexit
_controlfp
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_mbschr
_mbsicmp
_access
_mbsrchr
isspace
_splitpath
_except_handler3
_makepath

kernel32

GetModuleHandleA
GetModuleFileNameA
FreeLibrary
GetProcAddress
GetSystemDirectoryA
lstrcatA
GetCurrentDirectoryA
LoadLibraryA
lstrcpyA
_lopen
_lclose
_llseek
_lread
GetStartupInfoA

user32

MessageBoxA
LoadStringA
wsprintfA

advapi32

RegQueryValueA
RegOpenKeyA
RegCloseKey

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ