CGnetsw[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

CGnetsw.exe
Size

308KB
MD5

d41d55b9e897bd267a86ad24b3a71d5b
SHA1

c61824b64eeff1cd9ce0ffe62fc7ef3423d14f3b
SHA256

92b21be92815374cd72c9e6a7dc12a7e5cccd4fa27e8f5e884a1119b723369b6
SHA512

2e6d9d0057b575c824db35c8148ee1dbb8c4cd5592c16675be44521c59bd5b61e7735c01760d62cc3577bb29c5e7d43f8c2fcb037313fccedec0da11b054843a
SSDEEP

3072:lQQiy9Dyt5fvyieCfUhjrw+Of/h/d+nFJmjUQrVkbD+IFLhRktyhCxFRK1Xj7UQk:6u1FnF+q2ihUy0FgGQ0Ikc+KcuxSV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CGnetsw.exe

Files

CGnetsw.exe
.exe windows:4 windows x86 arch:x86

1ae712d72bcb5a4635bc785416ab4aed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
GetSecurityInfo
GetUserNameW
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegGetValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
SetEntriesInAclA
SetSecurityInfo
SystemFunction036

comctl32

InitCommonControlsEx

dnsapi

DnsFree
DnsQuery_UTF8

iphlpapi

CreateIpForwardEntry
DeleteIpForwardEntry2
DeleteIpForwardEntry
FreeMibTable
GetAdaptersAddresses
GetAdaptersInfo
GetIpForwardTable2
GetIpForwardTable
GetNetworkParams

kernel32

AssignProcessToJobObject
CancelIo
CancelIoEx
CancelSynchronousIo
CloseHandle
ConnectNamedPipe
CopyFileW
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateJobObjectW
CreateMutexW
CreateNamedPipeA
CreateNamedPipeW
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateSymbolicLinkW
CreateThread
CreateToolhelp32Snapshot
DebugBreak
DeleteCriticalSection
DeviceIoControl
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
GetConsoleCursorInfo
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleTitleW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSizeEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetNamedPipeHandleStateA
GetNativeSystemInfo
GetNumberOfConsoleInputEvents
GetPriorityClass
GetProcAddress
GetProcessIoCounters
GetProcessTimes
GetQueuedCompletionStatus
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
GetVersionExW
GlobalMemoryStatusEx
InitializeConditionVariable
InitializeCriticalSection
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LocalFree
MapViewOfFile
MoveFileExW
MultiByteToWideChar
OpenProcess
PeekNamedPipe
PostQueuedCompletionStatus
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserWorkItem
ReOpenFile
ReadConsoleInputW
ReadConsoleW
ReadDirectoryChangesW
ReadFile
RegisterWaitForSingleObject
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileCompletionNotificationModes
SetFilePointerEx
SetFileTime
SetHandleInformation
SetInformationJobObject
SetLastError
SetNamedPipeHandleState
SetPriorityClass
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWait
UnregisterWaitEx
VerifyVersionInfoA
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleInputW
WriteConsoleW
WriteFile
lstrcatW
lstrcpyW
lstrlenA
lstrlenW

msvcrt

__doserrno
__getmainargs
__initenv
__lconv_init
__p__acmdln
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_beginthreadex
_cexit
_close
_close
_errno
_exit
_get_osfhandle
_initterm
_iob
_lseeki64
_onexit
_open_osfhandle
_read
_strdup
_umask
_vsnprintf
_wchmod
_wcsdup
_wcsrev
_write
_wrmdir
abort
calloc
exit
fclose
fopen
fprintf
free
fwprintf
fwrite
getenv
malloc
printf
raise
realloc
signal
strncmp
strtok
vfprintf

ntdll

RtlIpv6AddressToStringA
VerSetConditionMask
_snprintf
_snwprintf
_wcsnicmp
atoi
floor
isspace
isxdigit
memcmp
memcpy
memcpy_s
memmove
memset
qsort
sprintf
strchr
strcmp
strcpy
strlen
strstr
tolower
wcschr
wcscpy
wcslen
wcsncmp
wcsncpy
wcspbrk
wcsrchr
wcstombs

psapi

GetProcessMemoryInfo

setupapi

CM_Get_Device_ID_ExW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsExW
SetupDiGetDeviceInfoListDetailW
SetupDiGetDeviceRegistryPropertyW

user32

BeginPaint
CreateWindowExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
DispatchMessageA
DispatchMessageW
DrawTextW
EndDialog
EndPaint
ExitWindowsEx
FindWindowW
GetClientRect
GetMessageA
GetMessageW
GetSystemMenu
GetSystemMetrics
InsertMenuW
KillTimer
LoadAcceleratorsW
LoadImageW
MapVirtualKeyW
MessageBoxW
MoveWindow
PostQuitMessage
RegisterClassExW
SendMessageW
SetForegroundWindow
SetTimer
SetWindowTextW
ShowWindow
TranslateAcceleratorW
TranslateMessage
UpdateWindow

userenv

GetUserProfileDirectoryW

wlanapi

WlanEnumInterfaces
WlanFreeMemory
WlanOpenHandle

ws2_32

WSADuplicateSocketW
WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASetLastError
WSASocketW
WSAStartup
bind
closesocket
connect
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
select
setsockopt
shutdown
socket

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1ae712d72bcb5a4635bc785416ab4aed

Headers

File Characteristics

Imports

advapi32

comctl32

dnsapi

iphlpapi

kernel32

msvcrt

ntdll

psapi

setupapi

user32

userenv

wlanapi

ws2_32

Sections

.text Size: 220KB - Virtual size: 219KB

.data Size: 4KB - Virtual size: 4KB

.rdata Size: 22KB - Virtual size: 21KB

.eh_fram Size: 29KB - Virtual size: 29KB

.bss Size: - Virtual size: 2.7MB

.idata Size: 10KB - Virtual size: 10KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 19KB - Virtual size: 19KB

.text
Size: 220KB - Virtual size: 219KB

.data
Size: 4KB - Virtual size: 4KB

.rdata
Size: 22KB - Virtual size: 21KB

.eh_fram
Size: 29KB - Virtual size: 29KB

.bss
Size: - Virtual size: 2.7MB

.idata
Size: 10KB - Virtual size: 10KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 19KB - Virtual size: 19KB