GuavaClient[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

GuavaClient.exe
Size

920KB
MD5

7f48d2980f100e73d5837d72a05045aa
SHA1

a8601ce0036b82f4b31c22ff212eac9a5ed4cf31
SHA256

aed8b57b66ecdac1d6874dd0266e392574f67c670330fcb44a52c4a3242a503c
SHA512

20313673fcde3a7a7e06213327cdfd46f2cde5fe5f7009311bb833ea94727e697b5e94964a52bb6e344f1ca6cbbcd6d4cb2c0ff74452eebb5eb72c0c23e03d4f
SSDEEP

24576:jJbcwxaeHfmFcyRQ3o60OegX7AoaM8x/xF+nHxj:dbcGJ+o0Ervgyn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GuavaClient.exe

Files

GuavaClient.exe
.exe windows:6 windows x64 arch:x64

a07b7eda43e12d35949a417fd73575fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\source\external\x64\Release\external.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

user32

MessageBoxA
DispatchMessageA
GetWindowRect
GetWindowThreadProcessId
SetWindowPos
CreateWindowExW
UnregisterClassW
GetClassNameA
RegisterClassExW
ShowWindow
SetWindowDisplayAffinity
DefWindowProcA
SetLayeredWindowAttributes
TranslateMessage
PeekMessageA
GetWindowLongPtrA
PostQuitMessage
SetWindowLongPtrA
FindWindowA
UpdateWindow
GetAsyncKeyState
mouse_event
GetKeyState
GetMessageExtraInfo
LoadCursorA
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
ScreenToClient
SetCursorPos
ReleaseCapture
IsWindowUnicode
GetCapture
GetClientRect
ClientToScreen
SetCursor
SetCapture
GetForegroundWindow
TrackMouseEvent
GetKeyboardLayout
DestroyWindow

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
ReadProcessMemory
WriteProcessMemory
SetConsoleTitleA
GetVolumeInformationA
Sleep
GetSystemInfo
AllocConsole
GetComputerNameA
Process32First
Module32Next
Module32First
OpenProcess
CreateToolhelp32Snapshot
K32GetModuleFileNameExA
Process32Next
CloseHandle
SetUnhandledExceptionFilter

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?_Xout_of_range@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

d3dx9_43

D3DXMatrixTranspose
D3DXVec3Transform

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
memcpy
memcmp
__std_terminate
memchr
__std_exception_copy
strstr
_CxxThrowException
memset
__current_exception_context
__current_exception
__C_specific_handler
__std_exception_destroy

api-ms-win-crt-stdio-l1-1-0

ftell
__p__commode
freopen_s
__acrt_iob_func
fflush
fclose
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fseek
__stdio_common_vfprintf
_set_fmode

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-string-l1-1-0

strcpy_s
strcmp

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-runtime-l1-1-0

system
_register_thread_local_exe_atexit_callback
_c_exit
exit
_invalid_parameter_noinfo_noreturn
_exit
_initterm_e
_initterm
_set_app_type
_seh_filter_exe
terminate
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_get_narrow_winmain_command_line

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

api-ms-win-crt-math-l1-1-0

cosf
sinf
ceilf
fmodf
roundf
__setusermatherr
acosf
sqrtf
pow
asinf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 446KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 127KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a07b7eda43e12d35949a417fd73575fb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

user32

kernel32

imm32

d3dcompiler_43

dwmapi

msvcp140

wininet

d3dx9_43

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 331KB - Virtual size: 330KB

.rdata Size: 446KB - Virtual size: 446KB

.data Size: 127KB - Virtual size: 129KB

.pdata Size: 12KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1024B - Virtual size: 1000B

.text
Size: 331KB - Virtual size: 330KB

.rdata
Size: 446KB - Virtual size: 446KB

.data
Size: 127KB - Virtual size: 129KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 1000B