GWX_control_panel[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

GWX_control_panel.exe
Size

4.4MB
MD5

c6ea8429c22c53bc7a738ffec4831429
SHA1

ff89e1f50bdf778293e9cbbc91bf76aa5fa85143
SHA256

bf0b2c1f38f2dde284c20ca0c4027495f52e52b35b846a1f655c6670816552c8
SHA512

4ab5a451922c875fcb0e0f09df5a3fc8075f7727e9d1d550eecaf34b8230126816c271f0300ba1c9fa7a17d462c600d42316bb1522b1592eb89f4f8a8acf5855
SSDEEP

98304:z8uWTz6+AlHKQhOkrdZ5O9pO+1t1c1X3gCKFLOAkGkzdnEVomFHKnPw:uzQ49pO+1t1c1gCKFLOyomFHKnPw

Score

1^/10

Malware Config

Signatures

Files

GWX_control_panel.exe
.exe windows x86

a6702727081adc8edeb36eb1cb09d8c9

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:f2:9c:8a:4d:d8:05:f9:18:1f:6b:38:59:fc:af:83
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07-01-2016 00:00

Not After

06-01-2017 23:59

Subject

CN=Josh Mayfield,O=Josh Mayfield,POSTALCODE=97229,STREET=16958 NW Cove Ct,L=Portland,ST=OR,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b5:1f:4b:cc:a8:43:7f:0e:5d:3b:5b:45:87:c2:fe:fb:de:88:a6:82
Signer

Actual PE Digest

b5:1f:4b:cc:a8:43:7f:0e:5d:3b:5b:45:87:c2:fe:fb:de:88:a6:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumResourceTypesW
GetModuleFileNameA
FlushInstructionCache
EnumResourceNamesW
EnumResourceLanguagesW
lstrcpynA
LocalSize
SetEnvironmentVariableA
WriteConsoleW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
OutputDebugStringW
GetTimeZoneInformation
GetConsoleCP
GetStringTypeW
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStartupInfoW
GetStdHandle
GetFileType
SetStdHandle
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
AreFileApisANSI
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
ExitThread
CreateThread
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineW
GetUserDefaultLCID
FindResourceExW
VirtualProtect
GetFileTime
GetFileAttributesExW
FileTimeToLocalFileTime
SetErrorMode
GetProfileIntW
GetTickCount
SearchPathW
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
lstrcmpiW
GetFileSize
GetFileAttributesW
FileTimeToSystemTime
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcpyW
CompareStringA
GetVersionExW
GetCurrentThread
GetCurrentProcessId
lstrcmpA
ResumeThread
SuspendThread
SetThreadPriority
CopyFileW
FormatMessageW
MulDiv
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleA
FreeResource
InitializeCriticalSectionAndSpinCount
SetLastError
EncodePointer
OutputDebugStringA
DecodePointer
HeapSize
RaiseException
InitializeCriticalSectionEx
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentDirectoryW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetSystemDirectoryW
WaitForMultipleObjects
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
OpenProcess
GetExitCodeProcess
WaitForSingleObject
GetModuleHandleW
GetDateFormatW
GetTimeFormatW
GetEnvironmentVariableW
Sleep
LocalFree
GlobalFree
LocalAlloc
WriteFile
GetModuleFileNameW
GetTempPathW
GetCurrentProcess
CloseHandle
FindNextFileW
DeleteFileW
RemoveDirectoryW
GetTempFileNameW
ReadFile
GetFileSizeEx
CreateFileW
SetFileAttributesW
FindClose
FindFirstFileW
InitializeCriticalSection
GetLastError
VerifyVersionInfoW
VerSetConditionMask
FreeLibrary
GetProcAddress
LoadLibraryW
SetEvent
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetLocalTime
DeleteCriticalSection
CreateEventW

user32

ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetDesktopWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
FillRect
InvalidateRect
DrawStateW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
InflateRect
GetMenuItemInfoW
DestroyMenu
GetActiveWindow
TranslateMessage
GetMessageW
RemoveMenu
InsertMenuW
GetMenuState
GetMenuStringW
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassLongW
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxW
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
GetForegroundWindow
UpdateWindow
GetMenuItemCount
SetMenu
GetMenu
GetCapture
GetKeyState
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
SendDlgItemMessageA
PostQuitMessage
DrawEdge
UnpackDDElParam
GetWindowInfo
ReuseDDElParam
FrameRect
IsChild
CreateWindowExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
DispatchMessageW
IsDialogMessageW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
GetWindowTextLengthW
SetWindowTextW
IsWindowEnabled
GetFocus
SetFocus
GetDlgCtrlID
CheckDlgButton
GetDlgItem
SetWindowPos
MoveWindow
UnhookWindowsHookEx
UnregisterClassW
ShowWindow
DrawIcon
GetClientRect
IsIconic
AppendMenuW
GetSystemMenu
PeekMessageW
RegisterClassExW
GetClassInfoExW
GetWindowThreadProcessId
AllowSetForegroundWindow
DrawFrameControl
SetWindowRgn
GetSysColorBrush
DrawFocusRect
OffsetRect
IsRectEmpty
DrawIconEx
WindowFromPoint
ShowOwnedPopups
SetCursor
GetKeyNameTextW
MapVirtualKeyW
CopyImage
LoadCursorW
RealChildWindowFromPoint
IntersectRect
SetLayeredWindowAttributes
SetRectEmpty
EnumDisplayMonitors
EnumWindows
GetWindowTextW
TrackMouseEvent
IsZoomed
CharUpperW
GetAsyncKeyState
SetCapture
ReleaseCapture
DeleteMenu
MessageBeep
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
IsMenu
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
PostThreadMessageW
GetNextDlgGroupItem
GetWindowRect
PtInRect
GetSystemMetrics
ExitWindowsEx
RegisterWindowMessageW
SendMessageW
LoadImageW
DestroyIcon
LoadIconW
SetTimer
KillTimer
IsWindow
LoadMenuW
GetSubMenu
SetMenuDefaultItem
PostMessageW
GetCursorPos
LookupIconIdFromDirectoryEx
CreateIconIndirect
CreateIconFromResourceEx
SendMessageTimeoutW
SetWindowLongA
GetWindowLongA
IsWindowUnicode
SetForegroundWindow
TrackPopupMenu
GetMenuItemID
InsertMenuItemW
GetClassNameW
FindWindowW
SystemParametersInfoW
SetParent
RedrawWindow
SetActiveWindow
EnableWindow
HideCaret
InvertRect
SubtractRect
MapDialogRect
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
CreateMenu
DestroyCursor
GetWindowRgn
TranslateAcceleratorW
CharUpperBuffW
RegisterClipboardFormatW
CopyAcceleratorTableW
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
IsClipboardFormatAvailable
GetUpdateRect
SetClassLongW
DestroyAcceleratorTable
ModifyMenuW
CopyIcon
GetIconInfo
GetDoubleClickTime
LockWindowUpdate
BringWindowToTop
SetRect
SetCursorPos
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
WaitMessage

gdi32

MoveToEx
TextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateEllipticRgn
CreateRectRgnIndirect
Ellipse
GetBkColor
GetTextColor
PatBlt
CreatePolygonRgn
Polygon
Polyline
GetTextMetricsW
SetRectRgn
DPtoLP
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
CreateDIBSection
GetDIBits
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
StretchDIBits
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExW
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
SetPixelV
GetTextFaceW
SetTextAlign
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
SetBrushOrgEx
GetStockObject
CreateSolidBrush
CreateBitmap
ExtTextOutW
GetTextExtentPoint32W
CreateFontIndirectW
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateDCW
CopyMetaFileW
GetObjectW
SetTextColor
SetBkColor
DeleteObject
GetRgnBox
DeleteDC

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
OpenProcessToken
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyExW
RegCreateKeyExW
AllocateAndInitializeSid
CreateWellKnownSid
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
GetUserNameW
RegDeleteValueW
CheckTokenMembership
SetNamedSecurityInfoW
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
QueryServiceStatusEx
ControlServiceExW
StartServiceW
OpenServiceW
CloseServiceHandle
OpenSCManagerW
FreeSid
RegSetKeySecurity
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
CryptAcquireContextW

shell32

Shell_NotifyIconW
SHAppBarMessage
ShellExecuteExW
ShellExecuteW
SHGetKnownFolderPath
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
DragFinish
DragQueryFileW
SHGetFileInfoW
SHGetDesktopFolder

comctl32

ImageList_Add
ImageList_Destroy
ImageList_GetIcon
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_DrawIndirect
ImageList_GetBkColor
ImageList_GetImageInfo
ImageList_Draw
_TrackMouseEvent
InitCommonControlsEx
FlatSB_GetScrollProp

shlwapi

PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsRootW
PathIsDirectoryW
PathRemoveBackslashW
PathAppendW
PathStripPathW
PathStripToRootW
PathFileExistsW
StrFormatKBSizeW
PathIsUNCW

uxtheme

GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
DrawThemeText
DrawThemeParentBackground
GetThemePartSize
GetWindowTheme

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoDisconnectObject
CoCreateInstance
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeEx
OleLockRunning
CoInitialize

oleaut32

OleLoadPicturePath
VarBstrFromDate
VariantCopy
SysStringLen
LoadTypeLi
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipDrawImageRectI
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipBitmapLockBits
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipCreateBitmapFromHBITMAP

dbghelp

ImageDirectoryEntryToData

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

HttpOpenRequestW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
InternetConnectW
InternetOpenW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 503KB - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6702727081adc8edeb36eb1cb09d8c9

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

04:f2:9c:8a:4d:d8:05:f9:18:1f:6b:38:59:fc:af:83Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

b5:1f:4b:cc:a8:43:7f:0e:5d:3b:5b:45:87:c2:fe:fb:de:88:a6:82Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

dbghelp

version

wininet

oleacc

imm32

winmm

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 503KB - Virtual size: 503KB

.data Size: 36KB - Virtual size: 72KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 147KB - Virtual size: 146KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

04:f2:9c:8a:4d:d8:05:f9:18:1f:6b:38:59:fc:af:83
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

b5:1f:4b:cc:a8:43:7f:0e:5d:3b:5b:45:87:c2:fe:fb:de:88:a6:82
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 503KB - Virtual size: 503KB

.data
Size: 36KB - Virtual size: 72KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 147KB - Virtual size: 146KB