Launcher[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Launcher.zip
Size

4.4MB
MD5

d277c408d82cc4d64ce37ff7b2bf242d
SHA1

1207780ccd0cab956a9c5fafcc0f3ec5d2d84d3d
SHA256

a77520d46493b01622329e899cab09bcb7a497c3f736fc524350d28c13d7eadc
SHA512

358c6f844c855a5ed6d10e69e20413a4b14a6e91160e62f20ab03ff2f00f3bff0eb2b22c74a3bf2ebd53e9829346496b35a5a154a936ad544e5724f9d652bf7f
SSDEEP

98304:k0796K+3BoD9h9Z1lvBADcX51FaePZJA5bIPb66IjOfVTF0Q2OCxfbHRnH:k0U3BoP1lvBccXBBC5bIz63ONTFBMNRH

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Grand.exe
unpack001/discord-rpc.dll

Files

Launcher.zip
.zip
Grand.exe
.exe windows x64

b420f74882cfa7ba5bcdd57b3759377c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

urlmon

URLDownloadToFileW

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA

kernel32

GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32Next
CloseHandle
GetProcAddress
VirtualAllocEx
CreateRemoteThread
VirtualFreeEx
IsDebuggerPresent
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
VerSetConditionMask
VerifyVersionInfoW
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetLocaleInfoEx
LCMapStringEx
GetStringTypeW
CompareStringEx
GetCPInfo
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
CreateDirectoryW
MoveFileExW
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
OutputDebugStringW
ReadConsoleW
WaitForSingleObject
GetFileSizeEx
HeapReAlloc
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
HeapFree
WriteFile
ExitProcess
GetCommandLineW
GetCommandLineA
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
ReadFile
WriteProcessMemory
Process32First
MultiByteToWideChar
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetFileType
CreateFileW
RtlUnwind
LoadLibraryExW
FreeLibrary
TlsFree
SetEnvironmentVariableW
GetProcessHeap
SetEndOfFile
SetFilePointerEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue

user32

UpdateWindow
PostQuitMessage
UnregisterClassA
PeekMessageA
GetDesktopWindow
RegisterClassExA
SystemParametersInfoA
GetWindowLongW
AdjustWindowRectEx
GetKeyState
LoadCursorA
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
ScreenToClient
SetWindowTextW
WindowFromPoint
GetCapture
SetWindowLongA
ClientToScreen
IsChild
GetMonitorInfoA
GetForegroundWindow
SetLayeredWindowAttributes
SetFocus
BringWindowToTop
SetCapture
SetCursor
SetWindowLongW
GetClientRect
ReleaseCapture
SetForegroundWindow
IsIconic
SetCursorPos
ReleaseDC
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
DispatchMessageA
GetWindowRect
DestroyWindow
GetDC
ShowWindow
MessageBoxA
DefWindowProcA
CreateWindowExA
TranslateMessage

gdi32

SetTextColor
PatBlt
TextOutA
SelectObject
GetDeviceCaps
CreateFontA

shell32

ShellExecuteA

discord-rpc

Discord_UpdatePresence
Discord_Initialize

d3d9

Direct3DCreate9

xinput1_4

ord4
ord2

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

Sections

.text
Size: 806KB - Virtual size: 806KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.0Dev
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
discord-rpc.dll
.dll windows x64

547849034e068fd01d4cacec67fdac22

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey

kernel32

CreateFileW
ReadFile
WriteFile
CloseHandle
GetLastError
PeekNamedPipe
WaitNamedPipeW
GetCurrentProcessId
GetModuleFileNameW
lstrlenW
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead

msvcp140

?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Cnd_broadcast
_Cnd_timedwait
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Mtx_unlock
_Mtx_lock
_Mtx_init_in_situ
_Xtime_get_ticks
_Thrd_join
_Thrd_id
_Mtx_destroy_in_situ
_Mtx_current_owns

vcruntime140

memcmp
__C_specific_handler
memcpy
memset
__std_type_info_destroy_list
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

terminate
_beginthreadex
_seh_filter_dll
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__acrt_iob_func
__stdio_common_vfprintf

Exports

Exports

Discord_ClearPresence
Discord_Initialize
Discord_Register
Discord_RegisterSteamGame
Discord_Respond
Discord_RunCallbacks
Discord_Shutdown
Discord_UpdateHandlers
Discord_UpdatePresence

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b420f74882cfa7ba5bcdd57b3759377c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

urlmon

wininet

kernel32

user32

gdi32

shell32

discord-rpc

d3d9

xinput1_4

imm32

Sections

.text Size: 806KB - Virtual size: 806KB

.rdata Size: 202KB - Virtual size: 202KB

.data Size: 9KB - Virtual size: 23KB

.pdata Size: 31KB - Virtual size: 31KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 4KB - Virtual size: 3KB

.0Dev Size: 5.8MB - Virtual size: 5.8MB

547849034e068fd01d4cacec67fdac22

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 5KB - Virtual size: 221KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 512B - Virtual size: 108B

.text
Size: 806KB - Virtual size: 806KB

.rdata
Size: 202KB - Virtual size: 202KB

.data
Size: 9KB - Virtual size: 23KB

.pdata
Size: 31KB - Virtual size: 31KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 4KB - Virtual size: 3KB

.0Dev
Size: 5.8MB - Virtual size: 5.8MB

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 5KB - Virtual size: 221KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 108B