c4b9079356d7b80dbefcefff1cb4c5a1

Sharing

Copy URL Twitter E-mail

General

Target

c4b9079356d7b80dbefcefff1cb4c5a1
Size

422KB
MD5

c4b9079356d7b80dbefcefff1cb4c5a1
SHA1

a104ca2ae7854753cdf02aea75860f07f7a9212c
SHA256

694fa4003f05b47bb84a1ab76f4633b5a758cd2b33fc8a9bfcfb703bfe07ec00
SHA512

19b2ad65eb3a61c700e85068524baa3bb39858d0cf861a4cdcc65c8255c2b8be66fb622ac80769e28f017178295241c0af4c81928245bf8e553bf038ed87e45d
SSDEEP

12288:Lttg0mDMJRzXqaEtm7kMG1H+WmqV1vcaanJcY:Ltt46ZqaomUH+aep

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/gsm-library.dll
unpack001/gsm-loader.exe

Files

c4b9079356d7b80dbefcefff1cb4c5a1
.zip
gsm-library.dll
.dll windows:5 windows x86 arch:x86

8efef55da2fe6ab6464b13271511afcb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetModuleInformation
EnumProcessModules

kernel32

RtlUnwind
GetCurrentProcess
GetModuleHandleA
GetProcAddress
QueryPerformanceFrequency
ReadProcessMemory
QueryPerformanceCounter
VirtualProtect
CreateFileW
HeapSize
WriteConsoleW
WideCharToMultiByte
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
ReadFile
ReadConsoleW
SetFilePointerEx
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle

user32

MessageBoxA

Sections

.text
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 175KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gsm-loader.exe
.exe windows:5 windows x86 arch:x86

e6b0392261c6e7b0fdc9200fe2179e7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW
GetModuleInformation
EnumProcessModules

shlwapi

PathFileExistsW

kernel32

HeapSize
WriteConsoleW
GetProcessHeap
SetStdHandle
WriteProcessMemory
GetFullPathNameW
OpenProcess
Sleep
CloseHandle
VirtualAllocEx
GetModuleHandleW
CreateRemoteThread
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetProcAddress
SetEnvironmentVariableA
GetLastError
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
MultiByteToWideChar
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
CreateFileW
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
GetFileAttributesExW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
ReadConsoleW
SetFilePointerEx
HeapReAlloc
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8efef55da2fe6ab6464b13271511afcb

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

Sections

.text Size: 255KB - Virtual size: 254KB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 175KB - Virtual size: 182KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 19KB - Virtual size: 19KB

e6b0392261c6e7b0fdc9200fe2179e7c

Headers

DLL Characteristics

File Characteristics

Imports

psapi

shlwapi

kernel32

Sections

.text Size: 130KB - Virtual size: 129KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 255KB - Virtual size: 254KB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 175KB - Virtual size: 182KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 19KB - Virtual size: 19KB

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 8KB - Virtual size: 8KB