GX_Image_Logger[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

GX_Image_Logger.zip
Size

11.6MB
MD5

0320cabde39fe61ef6e6aa1a30aa9304
SHA1

f8683922467ed12c978216a480646da2736b43d1
SHA256

aa094222e49bcf065d68a71ae3ee75b23d6117b991b48a6dc26e38187fc43e76
SHA512

b6892e282a7687019b4a52c467c6d94c18bfefd84aa296c3b478443e0a6773112cdba0a59e78ea935da16df2a82228f5495dcc5ca47179ace275fac976373141
SSDEEP

196608:7tTzYWug8MzolK6NxKZkvZwLr20G2TNfKCVt5S+n9tA7pLdDtMConoxBkh6IKfCA:7t1RUlKwMkvKN51Vnn9kDKc84CA

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/GXImageLogger/GX_Builder.exe
unpack001/GXImageLogger/bin/LCompilers/injector/gxmain.dll

Files

GX_Image_Logger.zip
.zip

Password: 2024
GXImageLogger/GX_Builder.exe
.exe windows:4 windows x86 arch:x86

Password: 2024

6f462fcc6b830b77fb3fef2add9dc570

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

malloc
_sleep
memset
strcmp
strcpy
getenv
sprintf
fopen
fwrite
fclose
__argc
__argv
_environ
_XcptFilter
__set_app_type
_controlfp
__getmainargs
exit

shell32

ShellExecuteA

kernel32

SetUnhandledExceptionFilter

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12.5MB - Virtual size: 12.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GXImageLogger/bin/LCompilers/injector/gxmain.dll
.dll windows:4 windows x64 arch:x64

Password: 2024

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GXImageLogger/bin/LCompilers/version.txt
GXImageLogger/image_input/50lb88.png
.png

Password: 2024
GXImageLogger/output/50lb88.png
.png

Password: 2024

Sharing

General

Malware Config

Signatures

Files

Password: 2024

Password: 2024

6f462fcc6b830b77fb3fef2add9dc570

Headers

File Characteristics

Imports

msvcrt

shell32

kernel32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 12.5MB - Virtual size: 12.5MB

.bss Size: - Virtual size: 4B

.rsrc Size: 403KB - Virtual size: 402KB

Password: 2024

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 9KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

Password: 2024

Password: 2024

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 12.5MB - Virtual size: 12.5MB

.bss
Size: - Virtual size: 4B

.rsrc
Size: 403KB - Virtual size: 402KB

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB