gimp_loader_1[.]exe

Resubmissions

16/03/2024, 11:24

240316-nhrfesaa2x 6

16/03/2024, 11:22

240316-ngnm5shh8v 6

Sharing

Copy URL

Twitter E-mail

General

Target

gimp_loader_1.exe
Size

5.0MB
MD5

5a437229607a02a242066127b3464837
SHA1

7660648010cf89c5da5638815dbfeb91f051efe7
SHA256

02bc611be5f584629ded926e837046314cd30a0ed6e2969a16b243c436c3083f
SHA512

94ca15c279f807b0c06c8f1cc1cfa2a35647565a68ff3a8954079a42c13fd9051efcbde8f1e53e272299692ab8aedcd295587fbdce9fd8ff528011436284fbbe
SSDEEP

49152:OvVwASOvGtlqvUIU6iQD+SRLdYfOOQHKkQDdHw12Tp9WHn1tkqZ+Q+pk4BWqY0vo:O7+Q9duVqn1nI+p+0Ra7GWJlEfUk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gimp_loader_1.exe

Files

gimp_loader_1.exe
.exe windows:6 windows x64 arch:x64

4ced1e538558e9b522d905c1645f3396

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Dev\Desktop\repos\loader\x64\Release\loader.pdb

Imports

kernel32

TerminateProcess
QueryPerformanceCounter
FreeLibrary
WriteConsoleW
HeapSize
DeleteFileW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
SetEndOfFile
SetStdHandle
HeapReAlloc
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
GetConsoleOutputCP
GetModuleFileNameW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SetConsoleCtrlHandler
ExitProcess
LoadLibraryExW
VerSetConditionMask
QueryPerformanceFrequency
GetModuleHandleA
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
IsDebuggerPresent
GetCurrentThread
OpenThread
SetThreadContext
VirtualFreeEx
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
K32GetModuleFileNameExA
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
SleepConditionVariableSRW
WakeAllConditionVariable
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
ReadProcessMemory
VirtualAllocEx
GetThreadContext
LoadLibraryA
GetTickCount64
Sleep
ResumeThread
SuspendThread
Thread32First
Thread32Next
GetProcessId
WriteProcessMemory
IsWow64Process
CloseHandle
Process32Next
GetLastError
CreateToolhelp32Snapshot
K32EnumProcessModules
GetStringTypeW
OpenProcess
GetCurrentProcess
GetProcAddress
Process32First
WideCharToMultiByte
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryW
LocalFree
GetFileSizeEx
CreateFileW
GetEnvironmentVariableW
RtlVirtualUnwind
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetFileType
WriteFile
GetModuleHandleExW
VirtualFree
GetACP
GetSystemDirectoryA
FormatMessageA
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemDirectoryW
MoveFileExW
WaitForSingleObjectEx
GetEnvironmentVariableA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerifyVersionInfoW
RtlUnwind

user32

GetForegroundWindow
ReleaseDC
GetSystemMetrics
GetDC
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetCursorPos
SetCursorPos
IsIconic
ReleaseCapture
GetClientRect
SetWindowLongW
SetCursor
SetCapture
LoadCursorW
BringWindowToTop
SetFocus
SetLayeredWindowAttributes
TrackMouseEvent
IsChild
ClientToScreen
GetMonitorInfoW
GetCapture
ShowWindow
WindowFromPoint
RegisterClassExW
SetWindowTextW
UnregisterClassW
ScreenToClient
CreateWindowExW
EnumDisplayMonitors
MonitorFromWindow
SetWindowPos
DestroyWindow
GetKeyState
AdjustWindowRectEx
DefWindowProcW
GetWindowLongW
MessageBoxA
UpdateWindow
PostQuitMessage
SetForegroundWindow
TranslateMessage
PeekMessageW
DispatchMessageW

gdi32

BitBlt
DeleteObject
DeleteDC
GetDIBits
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
GetDeviceCaps

advapi32

CryptGetUserKey
ReportEventW
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
RegisterEventSourceW
DeregisterEventSource
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptEncrypt
CryptImportKey
CryptHashData
CryptGetHashParam
CryptEnumProvidersW
CryptSignHashW
GetUserNameA
CryptAcquireContextW

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoUninitialize

oleaut32

VariantClear
SysStringLen
SysAllocString
SysFreeString

d3d11

D3D11CreateDeviceAndSwapChain

ws2_32

htons
recv
connect
socket
send
inet_addr
WSAStartup
closesocket
WSACleanup
htonl
ioctlsocket
getsockname
getsockopt
ntohs
select
gethostbyname
WSAGetLastError
inet_ntoa
gethostname
getservbyport
getservbyname
WSASetLastError
accept
bind
listen
setsockopt
shutdown
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
inet_ntop
WSAIoctl
inet_pton
__WSAFDIsSet
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
gethostbyaddr

crypt32

CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CryptStringToBinaryW
CertFreeCertificateChain
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFindCertificateInStore

iphlpapi

GetAdaptersInfo

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmAssociateContextEx

d3dcompiler_47

D3DCompile

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 944KB - Virtual size: 943KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 315KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

4ced1e538558e9b522d905c1645f3396

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

d3d11

ws2_32

crypt32

iphlpapi

imm32

d3dcompiler_47

bcrypt

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 944KB - Virtual size: 943KB

.data Size: 315KB - Virtual size: 332KB

.pdata Size: 141KB - Virtual size: 141KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 944KB - Virtual size: 943KB

.data
Size: 315KB - Virtual size: 332KB

.pdata
Size: 141KB - Virtual size: 141KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 39KB - Virtual size: 39KB