MGL[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MGL.exe
Size

10.2MB
MD5

009907018127a217d8388b4fb45f580c
SHA1

a626454f6e439b1abb8b67d698b9565743f56374
SHA256

7288934622af10995104ecaa369bd6f479bbe9f6b65f0e19d734f877e3ce3616
SHA512

3ceda7b3ccc975e632d0c6155cd9a4decee3acbd29574e6ea63a23234e2550de0f21cef2d4e9f87a6c9529dc9a740bb0c33866abbf7cdb08228019e653c84ff9
SSDEEP

196608:zym1uHGDLZ90fa+8E8hIlCv1lYELSciSbH2O:zyKuuLZ90C+8EMqCwEeBM

Score

1^/10

Malware Config

Signatures

Files

MGL.exe
.exe windows:6 windows x86

739364e36145535c2b1fef1bcb246bbd

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:db:53:e2:13:ac:1d:cb:28:ff:b2:26
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

29/12/2022, 16:09

Not After

29/12/2024, 16:09

Subject

CN=MY.GAMES B.V.,O=MY.GAMES B.V.,L=Amsterdam,ST=Noord-Holland,C=NL,1.2.840.113549.1.9.1=#0c0f646f6d61696e406d792e67616d6573

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:6f:8a:54:4d:2d:ce:55:72:49:fb:c6:94:e9:77:03:ff:90:1c:97:c0:81:02:56:44:16:f8:3d:ca:78:ec:59
Signer

Actual PE Digest

2e:6f:8a:54:4d:2d:ce:55:72:49:fb:c6:94:e9:77:03:ff:90:1c:97:c0:81:02:56:44:16:f8:3d:ca:78:ec:59

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

shlwapi

PathCreateFromUrlW
PathCombineW
UrlCreateFromPathW

wininet

InternetCloseHandle
InternetCrackUrlW
HttpOpenRequestW
HttpSendRequestW
InternetConnectW
InternetOpenA
InternetSetOptionW
HttpQueryInfoW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

authz

AuthzAccessCheck
AuthzFreeResourceManager
AuthzInitializeResourceManager
AuthzFreeContext
AuthzInitializeContextFromSid

msimg32

AlphaBlend

shell32

DragFinish
SHGetFolderPathW
SHGetFileInfoW
SHChangeNotify
DragQueryFileW
Shell_NotifyIconW
DragAcceptFiles
SHCreateStdEnumFmtEtc
SHAppBarMessage
ShellExecuteW
ShellExecuteExW

ws2_32

select
setsockopt
WSAAddressToStringW
WSACleanup
gethostbyname
bind
closesocket
WSAGetLastError
connect
inet_addr
getnameinfo
send
WSCEnumProtocols
htons
htonl
accept
freeaddrinfo
WSAStartup
__WSAFDIsSet
WSCGetProviderPath
getsockname
listen
getaddrinfo
recv
socket
inet_ntoa
ioctlsocket
shutdown

psapi

GetModuleInformation
GetProcessImageFileNameW
GetProcessMemoryInfo
EnumProcessModules
GetModuleFileNameExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

MoveWindow
CreateWindowExW
PeekMessageW
MonitorFromWindow
MessageBoxA
SetTimer
AllowSetForegroundWindow
WindowFromPoint
BeginPaint
FrameRect
RegisterWindowMessageW
FillRect
DispatchMessageW
EnumWindows
GetClassInfoW
SetActiveWindow
GetActiveWindow
GetKeyboardLayoutList
EnumChildWindows
ReleaseCapture
LoadCursorW
SetCapture
GetCapture
GetCursorInfo
CharLowerBuffW
GetSystemMetrics
PostMessageW
SetWindowLongW
CharUpperBuffW
GetClientRect
ShowCursor
SetClipboardData
GetClipboardData
ClientToScreen
IsIconic
GetMonitorInfoW
ShowWindow
CharUpperW
DefWindowProcW
SetForegroundWindow
GetForegroundWindow
GetAsyncKeyState
MapVirtualKeyExW
EnableWindow
GetShellWindow
DestroyWindow
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetFocus
GetDC
SetFocus
ReleaseDC
EndPaint
TrackMouseEvent
GetParent
MessageBeep
MessageBoxW
SetClassLongW
RegisterHotKey
UpdateWindow
AttachThreadInput
MsgWaitForMultipleObjects
DestroyIcon
IsWindowVisible
EmptyClipboard
FlashWindowEx
PtInRect
UnregisterClassW
SendMessageW
GetLastInputInfo
IsWindow
EnumThreadWindows
InvalidateRect
ScreenToClient
GetWindowInfo
SendMessageTimeoutW
BringWindowToTop
SetCursor
LoadStringW
SetWindowPos
OpenClipboard
TranslateMessage
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
UpdateLayeredWindow
DrawIconEx
GetClassNameW
LoadImageW
GetIconInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
DeferWindowPos
EndDeferWindowPos
UnregisterHotKey
GetKeyState
MonitorFromPoint
SystemParametersInfoW
CreateIconFromResourceEx
GetWindow
GetWindowLongW
GetWindowRect
KillTimer
BeginDeferWindowPos
PostThreadMessageW
IsWindowEnabled
CreateIconIndirect
FindWindowW
GetKeyboardLayout

oleaut32

SafeArrayPutElement
SysFreeString
VariantClear
VariantInit
SysReAllocStringLen
SysAllocString
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayCreateVector
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
CloseServiceHandle
RegSetValueExW
AddAccessDeniedObjectAce
AddAccessAllowedObjectAce
AddAuditAccessAceEx
AddAce
OpenThreadToken
CloseEventLog
RegQueryInfoKeyW
IsValidSid
CreateWellKnownSid
GetLengthSid
AddAccessAllowedAceEx
OpenEventLogW
GetTokenInformation
ReadEventLogW
RegCreateKeyExW
SetSecurityDescriptorDacl
OpenServiceW
InitializeAcl
RegEnumKeyExW
AdjustTokenPrivileges
QueryServiceConfigW
CopySid
SetSecurityInfo
AddAuditAccessObjectAce
RegDeleteKeyW
LookupPrivilegeValueW
OpenSCManagerW
RegOpenKeyExW
OpenProcessToken
RegDeleteValueW
RegNotifyChangeKeyValue
AddAccessDeniedAceEx
GetNamedSecurityInfoW
SetNamedSecurityInfoW
RegFlushKey
RegEnumValueW
RegQueryValueExW
ConvertSidToStringSidW
RegCloseKey
InitializeSecurityDescriptor
EnumServicesStatusW

kernel32

ReadFileEx
SetFileTime
GetFileTime
Process32FirstW
GetACP
GetExitCodeProcess
CloseHandle
LocalFree
SizeofResource
GetCurrentProcessId
TerminateThread
SetHandleInformation
GetHandleInformation
GetFullPathNameW
FindNextFileW
WriteProcessMemory
CreateHardLinkW
SetUnhandledExceptionFilter
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
FreeLibrary
SetDllDirectoryW
GetUserDefaultLCID
SetLastError
GetModuleFileNameW
GetLastError
GlobalAlloc
GlobalUnlock
OpenMutexW
CreateThread
CompareStringW
GetGeoInfoW
LoadLibraryA
CreateMutexW
ResetEvent
GetVolumeInformationW
RaiseException
FormatMessageW
OpenJobObjectW
GetCurrentThread
GetLogicalDrives
HeapReAlloc
IsBadReadPtr
ExpandEnvironmentStringsW
LoadLibraryExW
MoveFileWithProgressW
FileTimeToSystemTime
VirtualQuery
VirtualQueryEx
Sleep
SetFilePointer
FlushFileBuffers
LoadResource
SuspendThread
GetTickCount
WritePrivateProfileStringW
GetFileSize
GetStartupInfoW
GetFileAttributesW
SetThreadPriority
VirtualAlloc
GetSystemInfo
GetTempPathW
LeaveCriticalSection
GetLogicalDriveStringsW
GetModuleHandleA
HeapCreate
VerSetConditionMask
GetDiskFreeSpaceW
GetUserDefaultUILanguage
WriteFileEx
GetModuleFileNameA
CompareStringA
WaitForSingleObjectEx
GetCompressedFileSizeW
HeapFree
WideCharToMultiByte
MultiByteToWideChar
FindClose
LoadLibraryW
SetEvent
FreeEnvironmentStringsW
GetLocaleInfoW
ConnectNamedPipe
GetLocalTime
WaitForSingleObject
GetSystemPowerStatus
OpenThread
DeleteCriticalSection
HeapLock
SetErrorMode
GetLogicalProcessorInformation
TzSpecificLocalTimeToSystemTime
SleepEx
IsValidLocale
LocalAlloc
WaitForMultipleObjectsEx
GetVolumePathNameW
SetFileAttributesW
QueryDosDeviceW
VirtualProtect
SetEnvironmentVariableW
ReadProcessMemory
QueryPerformanceFrequency
SetThreadContext
VirtualFree
GetThreadContext
FlushInstructionCache
ExitProcess
HeapAlloc
GetLongPathNameW
RtlUnwind
GetCPInfo
GetStdHandle
DisconnectNamedPipe
GetModuleHandleW
SetInformationJobObject
ReadFile
CompareFileTime
CreateProcessW
CreateRemoteThread
GetNativeSystemInfo
FindResourceW
GetUserGeoID
CheckRemoteDebuggerPresent
MapViewOfFile
MulDiv
CreateFileA
GetVersion
GetDriveTypeW
FreeResource
Module32NextW
SetThreadExecutionState
MoveFileW
GlobalAddAtomW
GetSystemTimeAsFileTime
OpenProcess
SwitchToThread
GetExitCodeThread
GetEnvironmentVariableA
OutputDebugStringW
GetFileAttributesExW
GlobalMemoryStatusEx
SetNamedPipeHandleState
IsProcessorFeaturePresent
LockResource
TerminateProcess
QueryInformationJobObject
GetCurrentThreadId
MoveFileExW
UnhandledExceptionFilter
PeekNamedPipe
GlobalFree
HeapWalk
EnterCriticalSection
GetDiskFreeSpaceExW
ReleaseMutex
EnumResourceLanguagesW
GlobalDeleteAtom
SetCurrentDirectoryW
GetCurrentDirectoryW
InitializeCriticalSection
GlobalLock
GetCurrentProcess
GetCommandLineW
HeapSetInformation
ResumeThread
GetProcAddress
VirtualAllocEx
BaseFlushAppcompatCache
FindResourceExW
GetVersionExW
VerifyVersionInfoW
GetEnvironmentStringsW
LCMapStringW
DeviceIoControl
FindFirstFileW
UnmapViewOfFile
Process32NextW
lstrlenW
GetVolumeNameForVolumeMountPointW
SetEndOfFile
QueryPerformanceCounter
CreateToolhelp32Snapshot
SystemTimeToFileTime
CreateFileW
EnumResourceNamesW
GetSystemDirectoryW
DeleteFileW
GetEnvironmentVariableW
Module32FirstW
WriteFile
GetFileInformationByHandle
FindFirstFileExW
ExitThread
CreateNamedPipeW
CreateFileMappingW
CreatePipe
TlsGetValue
HeapUnlock
GetDateFormatW
TlsSetValue
GetSystemDefaultUILanguage
GetOverlappedResult
CreateDirectoryW
EnumCalendarInfoW
IsWow64Process
GetProcessId
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

shfolder

SHGetFolderPathA

dnsapi

DnsQuery_W
DnsRecordListFree

ole32

CoCreateGuid
CoCreateInstance
CoUninitialize
OleInitialize
CoSetProxyBlanket
PropVariantClear
OleUninitialize
CoInitializeEx
CoInitialize
CoInitializeSecurity
CoTaskMemFree
CoTaskMemAlloc
DoDragDrop

iphlpapi

GetAdaptersAddresses
IcmpCloseHandle
IcmpSendEcho
IcmpCreateFile
GetBestInterface

gdi32

GetBitmapBits
SetBkMode
GetObjectW
CreateCompatibleBitmap
CreateDIBSection
SetMapMode
GetStockObject
CreateSolidBrush
SelectObject
DeleteObject
DeleteDC
BitBlt
GetDeviceCaps
CreateCompatibleDC

ntdll

NtQueryInformationProcess
NtQueryInformationThread

Exports

Exports

NoGCLayPipe
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 674KB - Virtual size: 674KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 457KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

739364e36145535c2b1fef1bcb246bbd

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

25:db:53:e2:13:ac:1d:cb:28:ff:b2:26Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

2e:6f:8a:54:4d:2d:ce:55:72:49:fb:c6:94:e9:77:03:ff:90:1c:97:c0:81:02:56:44:16:f8:3d:ca:78:ec:59Signer

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

shlwapi

wininet

comdlg32

authz

msimg32

shell32

ws2_32

psapi

version

user32

oleaut32

advapi32

kernel32

shfolder

dnsapi

ole32

iphlpapi

gdi32

ntdll

Exports

Exports

Sections

.text Size: 6.6MB - Virtual size: 6.6MB

.itext Size: 10KB - Virtual size: 10KB

.data Size: 674KB - Virtual size: 674KB

.bss Size: - Virtual size: 122KB

.idata Size: 13KB - Virtual size: 13KB

.didata Size: 4KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 130B

.tls Size: - Virtual size: 56B

.rdata Size: 512B - Virtual size: 93B

.reloc Size: 457KB - Virtual size: 457KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

25:db:53:e2:13:ac:1d:cb:28:ff:b2:26
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

2e:6f:8a:54:4d:2d:ce:55:72:49:fb:c6:94:e9:77:03:ff:90:1c:97:c0:81:02:56:44:16:f8:3d:ca:78:ec:59
Signer

.text
Size: 6.6MB - Virtual size: 6.6MB

.itext
Size: 10KB - Virtual size: 10KB

.data
Size: 674KB - Virtual size: 674KB

.bss
Size: - Virtual size: 122KB

.idata
Size: 13KB - Virtual size: 13KB

.didata
Size: 4KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 130B

.tls
Size: - Virtual size: 56B

.rdata
Size: 512B - Virtual size: 93B

.reloc
Size: 457KB - Virtual size: 457KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB