GDI[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

GDI.zip
Size

15KB
MD5

d84499452148651767431efedab900b2
SHA1

e0148e9156578403decaba2c9346caa1333f0722
SHA256

340949fe95a15d5d02b956d29d2024c1d7fa7775eee0d25754adeba9a667c6d3
SHA512

19de3b15f22db1dba39a336f2cb774f9b8cf3d83ff2610e36bb228c4320ffa95047f5b07d6960a74eac18c8115a83add736915aa08d19d92a9bb45e3f5fc10b0
SSDEEP

384:vl8lS7r0L9E7cbzNpPSmrG3zLE7LJ28Uf0eumHIEnuunDRDz:vl8CCNBSmrwzLE7Lc7f7uOtnuODRDz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GDI/GDI.exe

Files

GDI.zip
.zip

Password: godli
GDI/GDI.application
GDI/GDI.exe
.exe windows:4 windows x86 arch:x86

Password: godli

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\PC\Desktop\GDI\GDI\obj\Release\GDI.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GDI/GDI.exe.config
GDI/GDI.exe.manifest
GDI/GDI.pdb