c16229650c0db4274e369fcf17dc34ae

Sharing

Copy URL Twitter E-mail

General

Target

c16229650c0db4274e369fcf17dc34ae
Size

89KB
MD5

c16229650c0db4274e369fcf17dc34ae
SHA1

177bae8e83be7a3f36a62c2b4b2f0ddeb40ab312
SHA256

ab3b43b2c333cacf4a039ead43544a2ed61364eff3380eef70a4c1b343773b09
SHA512

1681289e8f47c47ae303025f8a77e6438a768436844365dc4c449ed282a839691543f8ea9635acca634069ba2b89a10340b6fd7a13a9d45ac1696f59b0c8ce9a
SSDEEP

1536:v7TE/lLRbZvnHDYER7uAcvDIgvMqzmGDv8LveOh72bmldavu7i+v87xvimyiGW:TSLRbZPfduLUqbzg2alLJE7xvimyi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/killer_Gdwli32.exe

Files

c16229650c0db4274e369fcf17dc34ae
.rar
killer_Gdwli32.exe
.exe windows:4 windows x86 arch:x86

c3e26eba38a15f78fcbccb588316df06

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetSystemDirectoryA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrcpyA
FlushInstructionCache
GetCurrentProcess
lstrcmpiA
CompareStringA
InterlockedIncrement
ReadFile
CreateFileA
GetTempPathA
FreeResource
WriteFile
SizeofResource
LockResource
WritePrivateProfileStringA
GetTempFileNameA
Process32Next
GetFileAttributesExA
Process32First
LoadResource
FindResourceA
GetProcAddress
LoadLibraryW
GetLastError
LocalFree
LocalAlloc
CreateFileW
MultiByteToWideChar
SetFilePointer
ReadProcessMemory
FlushFileBuffers
SetStdHandle
FindFirstFileA
DeleteFileA
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
WideCharToMultiByte
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapReAlloc
UnhandledExceptionFilter
TerminateProcess
SetLastError
TlsAlloc
RaiseException
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
HeapAlloc
HeapFree
RtlUnwind
ExitThread
GetTickCount
FindNextFileA
FindClose
OpenProcess
CreateToolhelp32Snapshot
Module32First
Module32Next
LoadLibraryA
CloseHandle
MoveFileExA
EnterCriticalSection
LeaveCriticalSection
lstrlenA
TlsGetValue
TlsSetValue
CreateThread
ResumeThread
InterlockedDecrement
GetStringTypeW
GetCurrentThreadId

user32

DefWindowProcA
DialogBoxParamA
EnableWindow
EndDialog
GetDlgItem
IsWindowEnabled
GetActiveWindow
GetWindowRect
FindWindowA
GetWindowThreadProcessId
CallWindowProcA
GetSysColor
GetFocus
DrawFocusRect
FillRect
GetDlgCtrlID
CreateWindowExA
ReleaseDC
GetClassNameA
CreateCursor
GetWindowTextLengthA
GetWindowTextA
GetDC
OffsetRect
CharNextA
LoadStringA
BeginPaint
EndPaint
GetWindowLongA
GetParent
GetWindow
DrawTextA
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
DestroyWindow
InvalidateRect
PtInRect
SetCursor
UpdateWindow
SetFocus
SetCapture
GetCapture
ReleaseCapture
GetCursorPos
ScreenToClient
SetWindowLongA
IsWindow
DestroyCursor
SetRectEmpty
MessageBoxA
ShowWindow
SetWindowTextA
GetSystemMetrics
LoadImageA
SendMessageA

gdi32

SetTextColor
DeleteDC
GetStockObject
GetObjectA
CreateFontIndirectA
SelectObject
DeleteObject
SetBkMode

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA

ole32

CoInitialize
CoUninitialize

comctl32

_TrackMouseEvent
InitCommonControlsEx

wsock32

gethostbyaddr
WSAStartup
ioctlsocket
WSACleanup

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3e26eba38a15f78fcbccb588316df06

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

wsock32

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 148KB - Virtual size: 147KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 148KB - Virtual size: 147KB