902343213d2dc2bd037a3b15916434ec

Sharing

Copy URL Twitter E-mail

General

Target

902343213d2dc2bd037a3b15916434ec
Size

193KB
MD5

902343213d2dc2bd037a3b15916434ec
SHA1

fefb1db46716039f243c3c623df44bcc447895f6
SHA256

beba3e8368dfa20a79f0140da227e31ad3846cc5b0c968bf908d650e0374f4f1
SHA512

bf338cf242822435f51573f5e63b4ee6a69b9b92b825d85956804cc25cb8708d6b3d9c0deb5f4637d41746f132fe3fdd0977c83938901d7397c298cb24e33be0
SSDEEP

6144:Y93X2m+eDSxeV3gUN3BMf+ULpFt6bBQqMzz:YRuxedgU5ifdteuX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/TGB-Dual.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TGB-Dual.exe
unpack001/devices/tbr_dll.dll
unpack001/devices/tgbr_dll.dll
unpack001/devices/tppe_kai.dll

Files

902343213d2dc2bd037a3b15916434ec
.zip
GBCEmu.com.url
.url
Readme.txt
TGB-Dual.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 360KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
devices/tbr_dll.dll
.dll windows:4 windows x86 arch:x86

a764357f42bd6b688c824cfbf7e3309d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

kernel32

GetModuleHandleA
GetEnvironmentStringsW
FreeResource
GlobalUnlock
GlobalLock
LoadResource
FindResourceA
HeapDestroy
GetVersionExA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentVariableA
VirtualAlloc
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

user32

SendMessageA
DestroyWindow
GetWindowRect
GetSystemMetrics
SetWindowPos
GetDlgItemTextA
CreateDialogIndirectParamA
ShowWindow

Exports

Exports

GetDeviceName
GetInfraredLED
InitDevice
SerialTransfer
UninitDevice

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
devices/tgbr_dll.dll
.dll windows:4 windows x86 arch:x86

11c5fd5d064ba173cf128bdcb3861f0e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeEnvironmentStringsA
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Exports

Exports

get_interface

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
devices/tppe_kai.dll
.dll windows:4 windows x86 arch:x86

48e88879823d36848ff7089163f1cbf5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
RaiseException
ExitProcess
TerminateProcess
RtlUnwind
GetCommandLineA
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapSize
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
LockResource
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
GetLastError
TlsGetValue
HeapDestroy
lstrcpynA
GetModuleHandleA
GlobalDeleteAtom
SetErrorMode
HeapCreate
EnterCriticalSection
LocalReAlloc
GetProcAddress
TlsSetValue
TlsFree
GlobalReAlloc
LeaveCriticalSection
TlsAlloc
GlobalHandle
DeleteCriticalSection
LocalAlloc
InitializeCriticalSection
LocalFree
lstrcmpA
CloseHandle
GlobalAlloc
WideCharToMultiByte
GetCurrentThread
MultiByteToWideChar
InterlockedIncrement
lstrlenA
InterlockedDecrement
GlobalLock
GetModuleFileNameA
GlobalFree
SetLastError
GlobalUnlock
MulDiv
FindResourceA
LoadLibraryA
FreeLibrary
VirtualFree
LoadResource
VirtualAlloc
GetVersionExA
lstrcpyA

user32

IsDialogMessageA
SetWindowTextA
ShowWindow
IsWindowEnabled
GetNextDlgTabItem
EnableMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
ClientToScreen
GetDC
ReleaseDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
CreateDialogIndirectParamA
GetActiveWindow
EndDialog
DestroyMenu
PostQuitMessage
SetCursor
GetCursorPos
ValidateRect
TranslateMessage
GetMessageA
UnregisterClassA
GetClassNameA
PtInRect
LoadCursorA
GetSysColorBrush
LoadStringA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
IsWindow
GetClientRect
CopyRect
IsWindowVisible
GetTopWindow
MessageBoxA
GetParent
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
RedrawWindow
SendMessageA
GetWindowRect
LoadIconA
SetFocus
AdjustWindowRectEx
LoadMenuA
GetSystemMetrics
EnableWindow
PostMessageA
GetMenu
CheckMenuItem
GetDlgItem
RegisterClassA

gdi32

SetDIBitsToDevice
StartPage
StartDocA
EndPage
GetStockObject
CreateDCA
SetTextColor
SetBkColor
GetClipBox
CreateBitmap
DeleteDC
GetObjectA
RestoreDC
SelectObject
SaveDC
SetMapMode
OffsetViewportOrgEx
SetViewportExtEx
SetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
DeleteObject
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
EndDoc

comdlg32

PrintDlgA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

comctl32

ord17

Exports

Exports

GetDeviceName
GetInfraredLED
InitDevice
SerialTransfer
UninitDevice

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 360KB

UPX1 Size: 88KB - Virtual size: 88KB

.rsrc Size: 6KB - Virtual size: 8KB

a764357f42bd6b688c824cfbf7e3309d

Headers

File Characteristics

Imports

winmm

kernel32

user32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 248B

.reloc Size: 4KB - Virtual size: 3KB

11c5fd5d064ba173cf128bdcb3861f0e

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 49KB

.reloc Size: 8KB - Virtual size: 5KB

48e88879823d36848ff7089163f1cbf5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 16KB - Virtual size: 71KB

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 12KB - Virtual size: 11KB

UPX0
Size: - Virtual size: 360KB

UPX1
Size: 88KB - Virtual size: 88KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 248B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 49KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 16KB - Virtual size: 71KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 12KB - Virtual size: 11KB