gmpublisher[.]exe

Resubmissions

20/02/2024, 07:01

240220-htg38sda6y 6

Sharing

Copy URL Twitter E-mail

General

Target

gmpublisher.exe
Size

14.8MB
MD5

58007159db36d1b6de49160d39f95524
SHA1

69255ca6f54924a6d65ffd0359f689a304086b05
SHA256

0c33bc15c2f66ec1f3bd00f34a1679982f6edc66ca51f7d1b84243f839cb4c7f
SHA512

c0d0555cec68f175c51bbee19443947c8a34da29057bf7e489b75370bf93f114a59474c2e82d0200241870146680edf20d57c0a31b652d780427a70a189aa720
SSDEEP

98304:6HkAD1Ym366BvMlxG45lOW6EsyTdChk7fYQnBljPQJl+Scd7vWlfNztJRCK/zNwN:T8EsygBk+Q46R1X5VT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gmpublisher.exe

Files

gmpublisher.exe
.exe windows:6 windows x64 arch:x64

9c18d344954549f67d2318725c94b582

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

IsProcessorFeaturePresent
RtlUnwindEx
RtlPcToFileHeader
SwitchToThread
RaiseException
TryAcquireSRWLockExclusive
GetSystemInfo
lstrlenW
EncodePointer
QueryPerformanceCounter
WaitForSingleObject
GetModuleHandleW
SetWaitableTimer
CreateWaitableTimerExW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
MultiByteToWideChar
GlobalFree
DeleteCriticalSection
GlobalAlloc
RtlCaptureContext
GetCurrentThread
RtlLookupFunctionEntry
ReleaseMutex
GetCurrentProcess
WakeAllConditionVariable
WakeConditionVariable
SetFilePointerEx
QueryPerformanceFrequency
FlushFileBuffers
GetProcAddress
CloseHandle
CreateMutexA
InitializeSListHead
FindClose
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatusEx
GetCurrentProcessId
LoadLibraryA
WaitForSingleObjectEx
SetFileCompletionNotificationModes
AcquireSRWLockExclusive
LoadLibraryExW
ReleaseSRWLockExclusive
GetFileInformationByHandleEx
GetConsoleMode
GetStdHandle
GlobalUnlock
GetModuleHandleA
GlobalSize
GlobalLock
CreatePipe
SleepConditionVariableSRW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
Sleep
GetLastError
OutputDebugStringW
TlsSetValue
OutputDebugStringA
LCIDToLocaleName
GetUserDefaultUILanguage
FreeLibrary
LoadLibraryExA
HeapReAlloc
HeapAlloc
GetCurrentThreadId
LoadLibraryW
GetUserDefaultLocaleName
GetTempPathW
GetSystemTimeAsFileTime
CreateThread
GetProcessHeap
HeapFree
ReadConsoleW
GetProcessId
GetExitCodeProcess
WideCharToMultiByte
WriteConsoleW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
RtlVirtualUnwind
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetFileAttributesW
CreateProcessW
SetHandleInformation
TerminateProcess
GetWindowsDirectoryW
ReadFileEx
SleepEx
WriteFileEx
AcquireSRWLockShared
ReleaseSRWLockShared
FindNextFileW
CreateFileW
GetFileInformationByHandle
SetFileInformationByHandle
CreateDirectoryW
FindFirstFileW
DeleteFileW
MoveFileExW
RemoveDirectoryW
DuplicateHandle
GetFinalPathNameByHandleW
CopyFileExW
GetSystemDirectoryW
FreeEnvironmentStringsW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetEnvironmentStringsW
TlsFree

user32

OpenClipboard
CloseClipboard
SetWindowDisplayAffinity
IsClipboardFormatAvailable
GetClipboardData
SetClipboardData
EnumChildWindows
EmptyClipboard
DispatchMessageA
GetMessageA
ShowCursor
ClipCursor
GetClipCursor
SetWindowLongW
GetSystemMenu
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
EnumDisplayMonitors
ToUnicodeEx
GetKeyboardLayout
VkKeyScanW
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
GetKeyboardState
MsgWaitForMultipleObjectsEx
IsProcessDPIAware
GetDC
RegisterRawInputDevices
SystemParametersInfoA
AdjustWindowRectEx
PostQuitMessage
ShowWindow
CreateAcceleratorTableW
AppendMenuW
SetMenuItemInfoW
CreateMenu
CreateIcon
UnregisterHotKey
RegisterHotKey
RegisterClassExW
RegisterWindowMessageA
RegisterClipboardFormatW
RedrawWindow
GetClientRect
SetCursorPos
EnableMenuItem
CheckMenuItem
GetWindowLongPtrW
MonitorFromPoint
DestroyAcceleratorTable
DestroyIcon
GetForegroundWindow
MonitorFromWindow
IsWindowVisible
SendInput
SetForegroundWindow
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
FlashWindowEx
GetActiveWindow
GetMessageW
SendMessageW
InvalidateRgn
SetWindowPlacement
ChangeDisplaySettingsExW
MapVirtualKeyW
GetUpdateRect
ValidateRect
GetRawInputData
SetWindowPos
GetMonitorInfoW
GetCursorPos
IsIconic
SetCursor
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
ReleaseCapture
DestroyWindow
TrackMouseEvent
SetCapture
MonitorFromRect
LoadCursorW
GetWindowPlacement
GetWindowRect
ClientToScreen
GetWindowLongW
GetMenu
DefWindowProcW
SetWindowLongPtrW
PostThreadMessageW
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
SetMenu

bcrypt

BCryptGenRandom

shell32

ShellExecuteW
SHCreateItemFromParsingName
SHGetKnownFolderPath
SHAppBarMessage
DragFinish
DragQueryFileW

ole32

OleInitialize
CoCreateInstance
CoUninitialize
RevokeDragDrop
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
RegisterDragDrop
CreateStreamOnHGlobal

advapi32

RegOpenKeyExW
EventWriteTransfer
RegGetValueW
EventUnregister
RegCloseKey
SystemFunction036
EventSetInformation
EventRegister
RegQueryValueExW

ws2_32

WSASend
send
closesocket
accept
WSARecv
freeaddrinfo
WSACleanup
WSASocketW
ioctlsocket
bind
WSAStartup
getpeername
listen
WSAGetLastError
recv
WSADuplicateSocketW
getaddrinfo
getsockname
connect
getsockopt
shutdown
WSAIoctl
setsockopt
select

comctl32

RemoveWindowSubclass
TaskDialogIndirect
SetWindowSubclass
DefSubclassProc

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

crypt32

CertAddCertificateContextToStore
CertOpenStore
CertFreeCertificateChain
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateStore
CertCloseStore
CertDuplicateCertificateContext
CertDuplicateCertificateChain

ntdll

NtCancelIoFileEx
NtCreateFile
NtDeviceIoControlFile
NtWriteFile
RtlNtStatusToDosError
NtReadFile
RtlGetNtVersionNumbers

secur32

ApplyControlToken
InitializeSecurityContextW
AcquireCredentialsHandleA
AcceptSecurityContext
EncryptMessage
FreeCredentialsHandle
FreeContextBuffer
DeleteSecurityContext
QueryContextAttributesW
DecryptMessage

uxtheme

SetWindowTheme

oleaut32

SysFreeString
GetErrorInfo
SetErrorInfo
SysStringLen

steam_api64

SteamAPI_ISteamUGC_SubmitItemUpdate
SteamAPI_ISteamUGC_StartItemUpdate
SteamAPI_ManualDispatch_RunFrame
SteamAPI_Shutdown
SteamAPI_ISteamNetworkingSockets_CloseConnection
SteamAPI_ISteamUGC_GetItemDownloadInfo
SteamAPI_ISteamUGC_DownloadItem
SteamAPI_ISteamFriends_RequestUserInformation
SteamAPI_ISteamUser_GetSteamID
SteamAPI_SteamFriends_v017
SteamAPI_SteamUser_v021
SteamAPI_SteamApps_v008
SteamAPI_ISteamApps_GetAppInstallDir
SteamAPI_ISteamUGC_GetItemState
SteamAPI_ManualDispatch_GetAPICallResult
SteamAPI_ISteamUGC_AddRequiredTag
SteamAPI_ISteamUGC_SetItemTitle
SteamAPI_ManualDispatch_FreeLastCallback
SteamAPI_ISteamUGC_SetReturnChildren
SteamAPI_ISteamUGC_CreateItem
SteamAPI_ISteamUGC_SetItemDescription
SteamAPI_ISteamUGC_SetItemTags
SteamAPI_ISteamUGC_GetQueryUGCPreviewURL
SteamAPI_ISteamUGC_SetItemPreview
SteamAPI_ISteamFriends_GetFriendPersonaName
SteamAPI_SteamUtils_v010
SteamAPI_ISteamFriends_GetMediumFriendAvatar
SteamAPI_ISteamUtils_GetImageSize
SteamAPI_ISteamUtils_GetImageRGBA
SteamAPI_ISteamUGC_SetItemContent
SteamAPI_ISteamUGC_GetItemInstallInfo
SteamAPI_ISteamUGC_DeleteItem
SteamAPI_ISteamUGC_GetQueryUGCResult
SteamAPI_ISteamUGC_SendQueryUGCRequest
SteamAPI_ISteamUGC_GetQueryUGCChildren
SteamAPI_ISteamUGC_GetItemUpdateProgress
SteamAPI_Init
SteamAPI_ManualDispatch_Init
SteamAPI_ISteamUGC_ReleaseQueryUGCRequest
SteamAPI_ISteamUGC_CreateQueryUGCDetailsRequest
SteamAPI_ISteamUGC_SetAllowCachedResponse
SteamAPI_ISteamUGC_GetQueryUGCStatistic
SteamAPI_ISteamUGC_CreateQueryUserUGCRequest
SteamAPI_ManualDispatch_GetNextCallback
SteamAPI_GetHSteamPipe
SteamAPI_SteamUGC_v016
SteamAPI_ISteamNetworkingSockets_CloseListenSocket

api-ms-win-crt-string-l1-1-0

_wcsicmp
strlen
wcslen
wcsncmp
strcpy_s

api-ms-win-crt-math-l1-1-0

round
floor
trunc
ceil
__setusermatherr
expf
pow
truncf
sinf
roundf
floorf
ceilf

api-ms-win-crt-heap-l1-1-0

calloc
_set_new_mode
free
_callnewh
malloc

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
__p___argv
terminate
__p___argc
_register_onexit_function
_initialize_onexit_table
_cexit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
abort
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_wassert
_c_exit

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 9.7MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

9c18d344954549f67d2318725c94b582

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

bcrypt

shell32

ole32

advapi32

ws2_32

comctl32

gdi32

dwmapi

crypt32

ntdll

secur32

uxtheme

oleaut32

steam_api64

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 9.7MB - Virtual size: 9.7MB

.rdata Size: 4.7MB - Virtual size: 4.7MB

.data Size: 14KB - Virtual size: 26KB

.pdata Size: 362KB - Virtual size: 362KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 39KB - Virtual size: 39KB

.reloc Size: 58KB - Virtual size: 57KB

.text
Size: 9.7MB - Virtual size: 9.7MB

.rdata
Size: 4.7MB - Virtual size: 4.7MB

.data
Size: 14KB - Virtual size: 26KB

.pdata
Size: 362KB - Virtual size: 362KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 58KB - Virtual size: 57KB