GXImageLogger[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

GXImageLogger.zip
Size

4.5MB
MD5

168a2fff89275945e63b59e11c4b9330
SHA1

3fb8d4b260ad2c4e8b7d6f1e7d2e06057b28144f
SHA256

4ea39e898e095eb3106424cd19984472d261a1c45bae82afcbca33accd91b0ad
SHA512

27a3751e573cd523d78b9dd5367f6fe12b87df68a5f9570b4fbba38dc7fbb23a7249f1e4b588f93df0e0d26d89718dbbdb1629d3fe79b9eddd22f3bedcd5df16
SSDEEP

98304:RSD4A1Sd64lNXThq5t54Yi+6iXwsWf4mhHouYQ0XGTVjUcZEXV+3q:YMoS04lFhyUYi+hXwslfVQQmUcp6

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GXImageLogger/GXBuilder.exe
unpack001/GXImageLogger/bin/LCompilers/injector/gxmain.dll

Files

GXImageLogger.zip
.zip

Password: gxv3
GXImageLogger/GXBuilder.exe
.exe windows:4 windows x86 arch:x86

Password: gxv3

6f462fcc6b830b77fb3fef2add9dc570

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

malloc
_sleep
memset
strcmp
strcpy
getenv
sprintf
fopen
fwrite
fclose
__argc
__argv
_environ
_XcptFilter
__set_app_type
_controlfp
__getmainargs
exit

shell32

ShellExecuteA

kernel32

SetUnhandledExceptionFilter

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GXImageLogger/bin/LCompilers/injector/gxmain.dll
.dll windows:4 windows x64 arch:x64

Password: gxv3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GXImageLogger/bin/LCompilers/version.txt
GXImageLogger/image_input/50lb88.png
.png

Password: gxv3
GXImageLogger/output/50lb88.png
.png

Password: gxv3

Sharing

General

Malware Config

Signatures

Files

Password: gxv3

Password: gxv3

6f462fcc6b830b77fb3fef2add9dc570

Headers

File Characteristics

Imports

msvcrt

shell32

kernel32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 5.2MB - Virtual size: 5.2MB

.bss Size: - Virtual size: 4B

.rsrc Size: 403KB - Virtual size: 402KB

Password: gxv3

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 9KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

Password: gxv3

Password: gxv3

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 5.2MB - Virtual size: 5.2MB

.bss
Size: - Virtual size: 4B

.rsrc
Size: 403KB - Virtual size: 402KB

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB