Loader_GH[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Loader_GH.exe
Size

1.9MB
MD5

6fecf72d4e00be8f03d99249654d4cb5
SHA1

94d88e57c3b4906141a8573a9ff7ced3abd3400e
SHA256

e576bab4dbd66e4c800ca53945f89ba8d147e97dfc86407bc1a0a4d924f5fd6a
SHA512

560f9ff1b50aa9fc581ed8ad258bd2240c4827f6c35a8da000f7d8b68983cac2d1e66921d2765f94afbc14e95d16741a76bc3e48b7882fd1adee1946f50f087e
SSDEEP

24576:UsEX4m2KxYSsZgia/5mohVgz6K3dMPvDPDFIBQCEwN1dtdNEgk03dEuLqe3N/gx9:etmZNMzPxyoGLL3K9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Loader_GH.exe

Files

Loader_GH.exe
.exe windows:6 windows x86 arch:x86

a6af1cfac6be5e230c3b1c3479085bb0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glGetString
glGetIntegerv
glClear
glClearColor
wglGetCurrentDC
wglGetProcAddress
glPixelStorei
glDisable
glDrawElements
glViewport
glTexImage2D
glDeleteTextures
glTexParameteri
glBlendFunc
glScissor
glEnable
glGenTextures
glBindTexture
glPolygonMode
glIsEnabled

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeSListHead
Process32First
GetCurrentProcess
OutputDebugStringA
WaitForDebugEvent
TerminateProcess
ContinueDebugEvent
GetModuleHandleA
OpenProcess
GetCommandLineA
CreateToolhelp32Snapshot
Sleep
GetLastError
GetCurrentThread
LoadLibraryA
GetVersionExA
Process32Next
CloseHandle
CreateThread
GetThreadContext
GetProcAddress
GetStartupInfoA
CreateProcessA
DeviceIoControl
CreateFileW
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
WriteProcessMemory
WaitForSingleObject
VirtualAllocEx
CreateRemoteThread
GetModuleFileNameA
GetModuleHandleW
SetThreadExecutionState
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
VerSetConditionMask
FormatMessageW
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent

user32

ToUnicode
UnregisterDeviceNotification
ChangeDisplaySettingsExW
GetRawInputDeviceList
GetRawInputDeviceInfoA
EnumDisplaySettingsW
EnumDisplaySettingsExW
EnumDisplayDevicesW
EnumDisplayMonitors
RegisterDeviceNotificationW
RegisterRawInputDevices
GetRawInputData
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
LoadImageW
DestroyIcon
LoadCursorW
SetWindowLongW
GetWindowLongW
PtInRect
SetRect
ClipCursor
WindowFromPoint
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
AdjustWindowRectEx
GetClientRect
RemovePropW
GetPropW
SetPropW
RedrawWindow
ReleaseDC
OpenClipboard
SetForegroundWindow
ReleaseCapture
SetCapture
MapVirtualKeyW
GetKeyState
GetActiveWindow
SetFocus
IsZoomed
BringWindowToTop
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
DefWindowProcW
GetMessageTime
PeekMessageW
DispatchMessageW
TranslateMessage
TrackMouseEvent
MessageBoxA
CloseClipboard
GetDC
EnumDisplayDevicesA
SetClipboardData
GetClipboardData
EmptyClipboard

gdi32

DeleteObject
CreateRectRgn
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
SwapBuffers
CreateDCW
DeleteDC
GetDeviceCaps
SetDeviceGammaRamp

shell32

DragFinish
DragQueryPoint
DragQueryFileW
DragAcceptFiles

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

ws2_32

WSACleanup
connect
closesocket
shutdown
getaddrinfo
WSAStartup
send
socket
WSAGetLastError
recv
freeaddrinfo

vcruntime140

memchr
_except_handler4_common
__CxxFrameHandler3
__std_terminate
strstr
__std_exception_destroy
__std_exception_copy
memset
memcpy
memmove
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

fgetpos
setvbuf
__stdio_common_vsprintf_s
fputc
__p__commode
_set_fmode
ungetc
fsetpos
fclose
fread
_fseeki64
ftell
__acrt_iob_func
__stdio_common_vfprintf
fgetc
fflush
__stdio_common_vsscanf
__stdio_common_vsprintf
_wfopen
fwrite
fseek
_get_stream_buffer_pointers

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
free
_set_new_mode
calloc
malloc

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo_noreturn
_controlfp_s
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_c_exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
terminate
_seh_filter_exe
_set_app_type
_exit
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_initialize_narrow_environment

api-ms-win-crt-string-l1-1-0

strspn
strcspn
strncpy
strncmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

strtol
strtoul

api-ms-win-crt-math-l1-1-0

_libm_sse2_acos_precise
__setusermatherr
_libm_sse2_cos_precise
_libm_sse2_sin_precise
floor
_libm_sse2_sqrt_precise
_libm_sse2_pow_precise
ceil
ldexp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 438KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6af1cfac6be5e230c3b1c3479085bb0

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

kernel32

user32

gdi32

shell32

msvcp140

imm32

ws2_32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 241KB - Virtual size: 241KB

.data Size: 438KB - Virtual size: 458KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 241KB - Virtual size: 241KB

.data
Size: 438KB - Virtual size: 458KB

.rsrc
Size: 512B - Virtual size: 480B