af085d32fcd03132b71cad68b7c3f25235d8b8740e46a85f63623e000c28221e[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

af085d32fcd03132b71cad68b7c3f25235d8b8740e46a85f63623e000c28221e.zip
Size

6.4MB
MD5

e5fe6547379074f99de0ed9c379c12f1
SHA1

411ac5e4c75cbe668931526ff3c56dcec2f91967
SHA256

a3995c2893496fea18ece5e6c7263d9e56479f80ee7711c87bce861d79faa40f
SHA512

41eb0656c59c752732cfff9337a19e265f3f291dba2c44381db1eb2e86d256e2179bca9b9a895407363798dee59b58a5cf321fc696c4618b9c02083e09f81be0
SSDEEP

196608:m9cI+XVYelpt254506LQqGmpXwfnVm/T+mP83T:abA4450ogmkmqmIT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/af085d32fcd03132b71cad68b7c3f25235d8b8740e46a85f63623e000c28221e

Files

af085d32fcd03132b71cad68b7c3f25235d8b8740e46a85f63623e000c28221e.zip
.zip

Password: infected
af085d32fcd03132b71cad68b7c3f25235d8b8740e46a85f63623e000c28221e
.dll regsvr32 windows:5 windows x86 arch:x86

59dfb51e8ff8a618e14f9e6e82affff5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\p4builds\Products\GoToMeeting\v5.1_builds\output\G2M.pdb

Imports

rpcrt4

NdrDllGetClassObject
RpcStringFreeW
UuidToStringW
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrCStdStubBuffer_Release
UuidCreate

netapi32

Netbios

psapi

EnumProcesses
GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW
GetModuleInformation

shlwapi

PathRemoveExtensionW
PathStripPathW
StrFormatByteSizeW
StrChrW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msacm32

acmStreamOpen
acmStreamConvert
acmStreamUnprepareHeader
acmStreamPrepareHeader

powrprof

CallNtPowerInformation

wininet

InternetReadFileExA
HttpOpenRequestW
InternetSetStatusCallbackW
HttpQueryInfoW
InternetSetOptionW
InternetOpenW
HttpSendRequestExW
InternetQueryOptionW
InternetCloseHandle
InternetConnectW
InternetErrorDlg
HttpEndRequestW

kernel32

CopyFileW
GetFileAttributesW
GetDiskFreeSpaceExW
GetTempFileNameW
FindFirstFileW
MoveFileW
GetSystemWindowsDirectoryW
GetLocaleInfoW
GetSystemInfo
GlobalMemoryStatusEx
lstrlenA
LocalAlloc
lstrcmpiW
ReleaseMutex
CreateMutexW
ResumeThread
GetThreadContext
SuspendThread
InterlockedIncrement
SetThreadPriority
GetThreadPriority
TerminateThread
CreateProcessW
TerminateProcess
GetExitCodeProcess
GetShortPathNameW
CompareFileTime
CreateDirectoryW
RemoveDirectoryW
GetSystemDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetLocalTime
InitializeCriticalSection
DeleteCriticalSection
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
GetProcessTimes
GetTickCount
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
OpenEventW
CreateEventW
FindVolumeClose
FindNextVolumeW
QueryDosDeviceW
FindFirstVolumeW
FindNextFileW
DeleteFileW
GetUserDefaultLCID
GetUserDefaultUILanguage
EnumResourceLanguagesW
OpenThread
GetThreadTimes
DisableThreadLibraryCalls
InterlockedDecrement
lstrlenW
SizeofResource
LoadResource
FindResourceW
OpenMutexW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathA
CreateDirectoryA
SetLastError
SetWaitableTimer
CreateWaitableTimerW
WritePrivateProfileStringW
GetPrivateProfileStringW
VirtualFree
VirtualAlloc
GlobalLock
GlobalFree
GlobalUnlock
GlobalAlloc
FlushInstructionCache
lstrcmpW
MulDiv
LockResource
GetVersionExA
ExpandEnvironmentStringsW
GetFileTime
ExitProcess
Thread32Next
Thread32First
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
SetThreadExecutionState
FlushFileBuffers
SetEndOfFile
SetFilePointer
WriteFile
ReadFile
FindClose
OpenProcess
GetCurrentThread
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
TlsFree
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
GetCurrentThreadId
GetTempPathW
CreateFileW
GetCurrentProcessId
GetFileSize
CreateFileMappingW
MapViewOfFile
SetEvent
WaitForSingleObject
UnmapViewOfFile
CloseHandle
GetSystemTimeAsFileTime
CreateEventA
LoadLibraryExW
OutputDebugStringW
LocalFree
GetLastError
SetUnhandledExceptionFilter
GetVersionExW
LoadLibraryW
Sleep
GetCurrentProcess
GetModuleFileNameW
FormatMessageW
IsBadReadPtr
GetModuleHandleW
GetProcAddress
TlsAlloc
TlsSetValue
TlsGetValue
RaiseException
FreeLibrary
FileTimeToLocalFileTime
GetDriveTypeA
ReadConsoleInputA
SetConsoleMode
LCMapStringA
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
CompareStringW
GetDateFormatA
GetTimeFormatA
HeapReAlloc
GetFullPathNameA
PeekNamedPipe
GetCurrentDirectoryA
FoldStringW
GetConsoleMode
GetConsoleCP
HeapSize
GetModuleHandleA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
RtlUnwind
CreateThread
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
GetProcessHeap
CompareStringA
SetEnvironmentVariableA
InterlockedCompareExchange
IsProcessorFeaturePresent
GetCommandLineW
ReleaseSemaphore
CreateSemaphoreW
GetVolumeInformationW
DuplicateHandle
GetVersion
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
GetCommandLineA
GetPrivateProfileSectionNamesW
FindFirstFileA
GlobalMemoryStatus
LoadLibraryA
GetSystemDefaultLCID
GetPrivateProfileSectionW
CancelWaitableTimer
DeleteFileA
GetFileAttributesExA
SetThreadAffinityMask
GetProcessAffinityMask
CreateWaitableTimerA
OutputDebugStringA
AllocConsole
FreeConsole
FormatMessageA
CreateSemaphoreA
SetPriorityClass
CreateMutexA
GetFileInformationByHandle
FlushConsoleInputBuffer

gdi32

CreateDCW
GetRegionData
ExtTextOutW
OffsetRgn
GetRgnBox
EqualRgn
CreateBitmap
SetROP2
FillRgn
CreateRectRgnIndirect
DPtoLP
Ellipse
RestoreDC
Polyline
SaveDC
CreatePen
SetPolyFillMode
GetSystemPaletteEntries
CreatePalette
GetPaletteEntries
GetDIBColorTable
SetDIBColorTable
CreateDIBSection
GetDCOrgEx
Polygon
FrameRgn
PaintRgn
CreatePolygonRgn
CreateRoundRectRgn
SetStretchBltMode
StretchBlt
GetDIBits
CreateDIBitmap
SetDIBits
SelectClipRgn
ExcludeClipRect
SetMapMode
SetWindowExtEx
SetViewportExtEx
SetWindowOrgEx
SetViewportOrgEx
LineTo
MoveToEx
GetClipBox
SetPixelV
GetTextMetricsW
GetTextExtentPoint32W
SetBkColor
CreateRectRgn
SetRectRgn
CombineRgn
GetBitmapBits
SetTextColor
TextOutW
GetBkMode
GetTextColor
CreateFontW
CreateFontIndirectW
GetStockObject
GetObjectW
GetDeviceCaps
BitBlt
CreateSolidBrush
GetPixel
SetBkMode
SetBrushOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreatePatternBrush
DeleteDC
DeleteObject
SetPixel

comdlg32

GetOpenFileNameW
CommDlgExtendedError
ChooseColorW
GetSaveFileNameW

ole32

CoGetCallContext
CoRevokeClassObject
CoRegisterClassObject
CoInitializeSecurity
CoGetObject
CoDisconnectObject
CoGetCurrentProcess
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemAlloc
CoFreeUnusedLibraries
StringFromGUID2
CoCreateInstance
CoCreateGuid
CLSIDFromProgID
OleLockRunning
CoGetClassObject
CLSIDFromString
CreateStreamOnHGlobal
CoInitialize
CoSetProxyBlanket
OleUninitialize
CoUninitialize
CoInitializeEx
CoTaskMemRealloc
OleInitialize
CoRegisterPSClsid
StringFromCLSID

oleaut32

SystemTimeToVariantTime
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
RegisterTypeLi
VarUI4FromStr
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal
OleCreateFontIndirect
LoadRegTypeLi
OleLoadPicture
LPSAFEARRAY_UserFree
SysStringByteLen
SysAllocStringLen
BSTR_UserUnmarshal
DispCallFunc
BSTR_UserFree
SafeArrayGetElement
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate
SysAllocStringByteLen
VariantCopy
BSTR_UserSize
OleCreatePropertyFrame
VariantInit
VarBstrCat
VarBstrCmp
OleLoadPicturePath
BSTR_UserMarshal
VariantClear
VariantChangeType

secur32

GetUserNameExW
InitSecurityInterfaceA

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

comctl32

InitCommonControlsEx

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winmm

mixerGetDevCapsA
mixerGetLineControlsA
mixerGetLineInfoA
waveInGetDevCapsA
waveOutGetDevCapsA
mixerGetControlDetailsA
timeSetEvent
timeGetTime
timeKillEvent
mmioOpenA
timeEndPeriod
timeBeginPeriod
waveInUnprepareHeader
waveInReset
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInStop
waveInGetErrorTextW
waveInGetPosition
mmioOpenW
mmioDescend
mmioAscend
waveOutUnprepareHeader
waveOutReset
waveOutPrepareHeader
mmioRead
waveOutPause
waveOutWrite
mmioClose
mixerGetNumDevs
mixerOpen
mixerSetControlDetails
mixerGetLineInfoW
mixerGetDevCapsW
waveInOpen
waveOutOpen
waveOutGetPosition
waveOutClose
mixerGetID
waveInGetID
waveOutGetID
mixerGetLineControlsW
mixerGetControlDetailsW
waveOutGetNumDevs
waveInGetNumDevs
waveInGetDevCapsW
waveOutGetDevCapsW
mixerClose
waveOutGetVolume
waveOutSetVolume
waveInClose

avifil32

AVIStreamWrite
AVIFileInit
AVIFileExit
AVIFileRelease
AVIFileCreateStreamA
AVIStreamRead
AVIStreamTimeToSample
AVIStreamSampleToTime
AVIStreamFindSample
AVIStreamLength
AVIStreamReadFormat
AVIStreamRelease
AVIStreamSetFormat
AVIFileOpenA
AVIFileGetStream
AVIFileInfoA

msvfw32

ICOpen
ICDecompress
ICSendMessage
ICClose

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

d3d9

Direct3DCreate9

wsock32

recvfrom
htonl
getsockname
gethostname
getsockopt
inet_ntoa
select
WSACleanup
closesocket
shutdown
WSAGetLastError
recv
WSASetLastError
send
inet_addr
ntohs
sendto
htons
ioctlsocket
WSAStartup
gethostbyname
ntohl
socket
setsockopt
accept
listen
bind
connect
getpeername
__WSAFDIsSet

ws2_32

WSAWaitForMultipleEvents
WSAResetEvent
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSASetEvent
WSAEventSelect
getnameinfo
WSAIoctl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
g2mchat_winmain
g2mcomm_winmain
g2mfeedback_winmain
g2mhost_winmain
g2minstaller_winmain
g2minsthigh_winmain
g2mlauncher_winmain
g2mmatchmaking_winmain
g2mmaterials_winmain
g2mpolling_winmain
g2mqanda_winmain
g2mrecorder_winmain
g2msessioncontrol_winmain
g2mstart_winmain
g2mtesting_winmain
g2mtranscoder_winmain
g2mui_winmain
g2muninstall_winmain
g2mvideoconference_winmain
g2mview_winmain

Sections

.text
Size: 11.9MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 187KB - Virtual size: 684KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 805KB - Virtual size: 804KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

59dfb51e8ff8a618e14f9e6e82affff5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

netapi32

psapi

shlwapi

version

msacm32

powrprof

wininet

kernel32

gdi32

comdlg32

ole32

oleaut32

secur32

wtsapi32

comctl32

userenv

winmm

avifil32

msvfw32

avicap32

d3d9

wsock32

ws2_32

Exports

Exports

Sections

.text Size: 11.9MB - Virtual size: 11.9MB

.orpc Size: 2KB - Virtual size: 4KB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 187KB - Virtual size: 684KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 805KB - Virtual size: 804KB

.text
Size: 11.9MB - Virtual size: 11.9MB

.orpc
Size: 2KB - Virtual size: 4KB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 187KB - Virtual size: 684KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 805KB - Virtual size: 804KB