ggwp[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ggwp.exe
Size

949KB
MD5

090b8cd33d8b2f83e860abacbd1d1a90
SHA1

1e61374012fd6db1bbc53f2530796cd510ce3283
SHA256

0dd8f0685c554bb25cbc89f73246c4fc3e526ec17ffe84915d826dde4c3c1ecd
SHA512

46b523d3dcf96831799ae63523a2f44b0c3f08a0d7abfd655fbaaf5303c116344ea46b6271ccb15cbdda0519a78801de61bc6aeea061bc6e4bf35c9784cf6d82
SSDEEP

12288:/wITbhKx7WQeu3D9FPJXOmQ+qO39WoCuwTvk83uRCS26qH3OqtwIulkyF3Gd:IITMvRFhRRbNWoCfkYSEH3OqtwIuX6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ggwp.exe

Files

ggwp.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\692\Downloads\skidcatcher src\skidcatcher src\AnyWhere\obj\x64\Release\nword.pdb

Sections

.text
Size: 944KB - Virtual size: 944KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ