gsvc[.]exe_ | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gsvc.exe_
Size

428KB
MD5

593ece2df3b37238fe68c36d0b9ba074
SHA1

8145d9dbefcbf8ff5ceee91db140fb1705c122f2
SHA256

b8f5012bbc6e16628d3c62486b72ef5e54649ff093d4fa1b73df1961cd820746
SHA512

6a00066b5d9d87ce760d104bd1a17c0a72cb0c09f1e3e7e1f383de5e709474d3168cc6a1d65f7dc3c356c7cccac6442318f476ade5e0872ff81969599fd05de1
SSDEEP

6144:e4p9Ar0ZAum94z4+Q/ZX42iy9RKCnD5cRTv:e4IuEx+GeS9nd+j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gsvc.exe_

Files

gsvc.exe_
.exe windows:6 windows x64 arch:x64

61068420aa629913ba8931dfcf0b07c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\vagrant\Documents\test\target\debug\deps\gsvc.pdb

Imports

ntdll

NtAllocateVirtualMemory
RtlLookupFunctionEntry
NtWriteFile
RtlNtStatusToDosError
RtlVirtualUnwind
RtlCaptureContext
NtTestAlert
NtQueueApcThread
NtProtectVirtualMemory
NtWriteVirtualMemory

advapi32

SystemFunction036

kernel32

UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
SetUnhandledExceptionFilter
LoadLibraryA
WaitForSingleObjectEx
GetSystemTimeAsFileTime
GetCurrentThread
CreateMutexA
GetWindowsDirectoryW
CloseHandle
ReleaseSRWLockExclusive
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
WaitForSingleObject
QueryPerformanceCounter
AcquireSRWLockExclusive
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetCurrentProcess
SetFileInformationByHandle
DuplicateHandle
GetStdHandle
GetCurrentProcessId
WriteFileEx
SleepEx
TryAcquireSRWLockExclusive
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
GetModuleHandleA
GetProcAddress
CreateFileW
GetConsoleMode
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
GetFullPathNameW
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
IsProcessorFeaturePresent
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
CreateThread

bcrypt

BCryptGenRandom

vcruntime140

_CxxThrowException
__current_exception
__current_exception_context
memmove
memset
memcmp
__C_specific_handler
memcpy
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_crt_atexit
_configure_narrow_argv
_register_onexit_function
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_initialize_onexit_table
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_initialize_narrow_environment

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61068420aa629913ba8931dfcf0b07c9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

advapi32

kernel32

bcrypt

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 234KB - Virtual size: 234KB

.rdata Size: 179KB - Virtual size: 178KB

.data Size: 512B - Virtual size: 888B

.pdata Size: 11KB - Virtual size: 11KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 234KB - Virtual size: 234KB

.rdata
Size: 179KB - Virtual size: 178KB

.data
Size: 512B - Virtual size: 888B

.pdata
Size: 11KB - Virtual size: 11KB

.reloc
Size: 2KB - Virtual size: 1KB