grpconv[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

grpconv.exe
Size

39KB
MD5

5a13926732e6d349fd060c072bc7fb74
SHA1

515ea092604e6a3ead70e702573de0c54d769620
SHA256

3b496786568a0a35780b0af76ac486c24fefa867c663dd931a86db6a263e992c
SHA512

99fa12c4555c2d62c733d42991865dd50a5f59f9443979f776c50adc661e67f2f99cb9f680e43a9d248925cb9be944b382d22e164f4bff70397f0f3a46825c36
SSDEEP

768:Ayr0h7j4JEoo2BR/6kbdR6zuFZFBVM4NTqyd213k:Ayr0hX4JEo/R/PdRTTBGyd210

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
grpconv.exe

Files

grpconv.exe
.exe windows x86

132c218b1f2e13f78fee548483028e32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
EventActivityIdControl
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

kernel32

lstrlenW
GlobalUnlock
GlobalFree
ExpandEnvironmentStringsW
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
GetLastError
SetErrorMode
HeapSetInformation
GetThreadLocale
GetCommandLineW
GetModuleFileNameA
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
ReleaseSRWLockExclusive
OutputDebugStringW
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
LocalFree
lstrcmpiW
GlobalAlloc
GlobalLock
lstrcmpW
LocalAlloc
GetPrivateProfileSectionW

user32

CharNextW
LoadStringW
SetCursor
LoadCursorW

msvcrt

memmove
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_acmdln
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_vsnwprintf
__p__commode
_XcptFilter
_purecall
??3@YAXPAX@Z
memcpy_s
_initterm
_amsg_exit
memset

comctl32

ord334
ord17
ord332
ord328

shell32

ord94
SHGetFolderPathEx
ord165
ord42
ord58
ord49
ord51
ord164
ord680
SHChangeNotify
SHAddToRecentDocs

shlwapi

PathIsUNCW
PathFindFileNameW
PathFileExistsW
PathGetArgsW
PathUnquoteSpacesW
PathAppendW
PathGetDriveNumberW
ord456
PathFindExtensionW
ord158
PathRemoveFileSpecW
StrToIntW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeEx

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

imm32

ImmDisableIME

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

132c218b1f2e13f78fee548483028e32

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

comctl32

shell32

shlwapi

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

imm32

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB