c78a1516f031144d785823ab4247efb3

Sharing

Copy URL Twitter E-mail

General

Target

c78a1516f031144d785823ab4247efb3
Size

1.5MB
MD5

c78a1516f031144d785823ab4247efb3
SHA1

f4112a1f081392a47b22369371ea7e9324380935
SHA256

798cf31872557e663769d09821484f95b3ab567fad41a1b15f7e5876f46f3595
SHA512

2304e370f3402bb3fecaab71ab47397c9d3dd8deed43a27186c1285c033f2199ceb38cfda37ba050f8ae12b9003ad9f0106b9980766e232f294e21dee048ecc0
SSDEEP

24576:ZnbDVU7wG/6N2mr6OxfTri4khE6SBihjKzD79KnWv2TOT+Xf2E1aD1Q6PO3VmzWH:VnVgwfQmJxfTahE6nhcD7ug2T6WfZ18W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c78a1516f031144d785823ab4247efb3

Files

c78a1516f031144d785823ab4247efb3
.exe windows:5 windows x86 arch:x86

f107c75605fe952bc2c80a9e257ab24e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\p4builds\Products\GoToMyPC\main\_output\win32_x86\Release\gosetup.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
DeleteFileW
CloseHandle
WriteFile
CreateFileW
LockResource
LoadResource
SizeofResource
GetLastError
FindResourceW
lstrlenW
MoveFileExW
RemoveDirectoryW
WaitForSingleObject
GetTempFileNameW
CreateDirectoryW
GetTempPathW
GetModuleFileNameW
Sleep
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetCurrentProcessId
SetFilePointer
GetModuleHandleW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
LocalFree
LocalAlloc
FormatMessageW
FreeLibrary
RaiseException
TlsGetValue
TlsSetValue
TlsAlloc
GetProcAddress
IsBadReadPtr
GetCurrentProcess
LoadLibraryW
GetVersionExW
SetUnhandledExceptionFilter
LoadLibraryExW
OutputDebugStringW
SetEvent
OpenEventW
CreateEventA
GetCurrentThreadId
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
TlsFree
SystemTimeToFileTime
GetSystemTime
GetSystemWindowsDirectoryW
GetCurrentThread
FindClose
FlushFileBuffers
FindFirstFileW
InterlockedIncrement
GetSystemDirectoryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetTickCount
QueryPerformanceCounter
WriteConsoleA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
LCMapStringW
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
InterlockedExchange
LoadLibraryA
UnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetCommandLineA
GetStartupInfoA
ExitThread
CreateThread
RtlUnwind
GetStdHandle
GetModuleFileNameA
SetLastError
InterlockedDecrement
VirtualFree
VirtualAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetCPInfo

ole32

CoGetCurrentProcess

psapi

EnumProcessModules
GetModuleInformation
GetModuleFileNameExW

shlwapi

PathRemoveExtensionW
PathStripPathW

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f107c75605fe952bc2c80a9e257ab24e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

ole32

psapi

shlwapi

Sections

.text Size: 186KB - Virtual size: 186KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 9.2MB - Virtual size: 9.2MB

.text
Size: 186KB - Virtual size: 186KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 9.2MB - Virtual size: 9.2MB