KBDGrMet[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

KBDGrMet.zip
Size

255KB
MD5

f5a68f33eecba1be2d91e25a7056d2a7
SHA1

01255d7443a8d3be7e5bb34f25a8e344c8ea4a8e
SHA256

78a97da7943b56d2b583d1a8446ce3c17576dc825eb7cb0e6d2edb30cab21dc0
SHA512

dbe52147a34b587537ec822f9a41adfd5e59389fe34a7ffb848dc1064e61a28af0a18614819451356105653db4ee5a90106b23d19abcb5c46d492e5e77a80c75
SSDEEP

6144:9izKjmOmWp9F2j/N/UAyofc2evC8c2oXP4bemCuQAjP:9GKSOmWpilMAyo0zvVc2of4beiP

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/kbdgrmet/amd64/KBDGrMet.dll
unpack001/kbdgrmet/i386/KBDGrMet.dll
unpack001/kbdgrmet/setup.exe
unpack001/kbdgrmet/wow64/KBDGrMet.dll

Files

KBDGrMet.zip
.zip
kbdgrmet/KBDGrMet_amd64.msi
.msi
kbdgrmet/KBDGrMet_i386.msi
.msi
kbdgrmet/KBDGrMet_ia64.msi
.msi
kbdgrmet/amd64/KBDGrMet.dll
.dll windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

KbdLayerDescriptor

Sections

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kbdgrmet/i386/KBDGrMet.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

KbdLayerDescriptor

Sections

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kbdgrmet/ia64/KBDGrMet.dll
kbdgrmet/setup.exe
.exe windows:6 windows x86 arch:x86

c5db37a68dfdea853b9c4464d70c411a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setup.pdb

Imports

advapi32

AllocateAndInitializeSid
FreeSid

kernel32

GetFullPathNameW
CompareStringW
GetProcAddress
GetModuleHandleW
lstrlenW
FreeLibrary
CloseHandle
GetLastError
GetModuleFileNameW
lstrcpyW
lstrcpynW
GetSystemDirectoryW
GetExitCodeProcess
CreateProcessW
CreateMutexW
GlobalFree
GlobalAlloc
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
GetCurrentProcess
GetEnvironmentVariableW
LocalFree
FormatMessageW
OutputDebugStringW
GetFileAttributesW
LoadResource
FindResourceW
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
LoadLibraryW
LockResource
UnhandledExceptionFilter

user32

LoadIconW
SetForegroundWindow
ShowWindow
SetFocus
MoveWindow
SetWindowTextW
CreateDialogParamW
MsgWaitForMultipleObjects
CharNextW
LoadStringW
GetSystemMetrics
SystemParametersInfoW
GetWindowRect
DestroyWindow
SetDlgItemTextW
DispatchMessageW
TranslateMessage
IsDialogMessageW
PeekMessageW
SendMessageW
GetDlgItem
SetCursor
ExitWindowsEx
LoadCursorW
CharPrevW
MessageBoxW

msvcrt

__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
memset
??3@YAXPAX@Z
??2@YAPAXI@Z
wcstol
_vsnwprintf

wininet

InternetCanonicalizeUrlW
DeleteUrlCacheEntryW

urlmon

URLDownloadToCacheFileW

comctl32

InitCommonControlsEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kbdgrmet/wow64/KBDGrMet.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

KbdLayerDescriptor

Sections

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 260B

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.data Size: 7KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 262B

c5db37a68dfdea853b9c4464d70c411a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

wininet

urlmon

comctl32

version

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 106KB - Virtual size: 106KB

.reloc Size: 2KB - Virtual size: 2KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 262B

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 260B

.data
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 262B

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 106KB - Virtual size: 106KB

.reloc
Size: 2KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 262B